./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2106300312 <...> Warning: Permanently added '10.128.1.85' (ED25519) to the list of known hosts. execve("./syz-executor2106300312", ["./syz-executor2106300312"], 0x7ffcccc4bd70 /* 10 vars */) = 0 brk(NULL) = 0x55558ae89000 brk(0x55558ae89e00) = 0x55558ae89e00 arch_prctl(ARCH_SET_FS, 0x55558ae89480) = 0 set_tid_address(0x55558ae89750) = 299 set_robust_list(0x55558ae89760, 24) = 0 rseq(0x55558ae89da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2106300312", 4096) = 28 getrandom("\x83\xf2\x11\x56\xc9\xf5\xef\x7d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558ae89e00 brk(0x55558aeaae00) = 0x55558aeaae00 brk(0x55558aeab000) = 0x55558aeab000 mprotect(0x7fa71885c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fa71879f990, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fa71879f990, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 mkdir("./syzkaller.NFw6FI", 0700) = 0 chmod("./syzkaller.NFw6FI", 0777) = 0 chdir("./syzkaller.NFw6FI") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55558ae89760, 24) = 0 [pid 302] chdir("./0") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] write(1, "executing program\n", 18executing program ) = 18 [pid 302] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 302] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[303]}, 88) = 303 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [ 26.549323][ T30] audit: type=1400 audit(1729970102.636:66): avc: denied { execmem } for pid=299 comm="syz-executor210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.574221][ T30] audit: type=1400 audit(1729970102.656:67): avc: denied { read write } for pid=299 comm="syz-executor210" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 303] munmap(0x7fa710375000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.598345][ T30] audit: type=1400 audit(1729970102.656:68): avc: denied { open } for pid=299 comm="syz-executor210" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.615142][ T303] loop0: detected capacity change from 0 to 1024 [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [ 26.622859][ T30] audit: type=1400 audit(1729970102.656:69): avc: denied { ioctl } for pid=299 comm="syz-executor210" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 303] close(4) = 0 [pid 303] mkdir("./file1", 0777) = 0 [ 26.698581][ T30] audit: type=1400 audit(1729970102.786:70): avc: denied { mounton } for pid=302 comm="syz-executor210" path="/root/syzkaller.NFw6FI/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 26.738214][ T303] EXT4-fs (loop0): Ignoring removed orlov option [pid 303] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("./file1") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [ 26.744395][ T303] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 26.758664][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [pid 303] close(4) = 0 [pid 303] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 0 [pid 303] chdir("./file0") = 0 [pid 303] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 303] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 0 [pid 303] creat("./bus", 000) = 4 [pid 303] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 303] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 303] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 303] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 303] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] exit_group(0) = ? [pid 303] <... futex resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/lost+found") = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file0") = 0 umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file1") = 0 umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 26.781943][ T30] audit: type=1400 audit(1729970102.866:71): avc: denied { mount } for pid=302 comm="syz-executor210" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 26.806092][ T30] audit: type=1400 audit(1729970102.886:72): avc: denied { write } for pid=302 comm="syz-executor210" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.828345][ T30] audit: type=1400 audit(1729970102.886:73): avc: denied { add_name } for pid=302 comm="syz-executor210" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/file0") = 0 umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file2") = 0 umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file3") = 0 umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = -1 EBUSY (Device or resource busy) [ 26.848983][ T30] audit: type=1400 audit(1729970102.886:74): avc: denied { create } for pid=302 comm="syz-executor210" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 26.869724][ T30] audit: type=1400 audit(1729970102.886:75): avc: denied { write open } for pid=302 comm="syz-executor210" path="/root/syzkaller.NFw6FI/0/file1/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 307 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x55558ae89760, 24) = 0 [pid 307] chdir("./1") = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 307] write(1, "executing program\n", 18) = 18 [pid 307] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 307] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[308]}, 88) = 308 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 308] munmap(0x7fa710375000, 138412032) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 308] close(3) = 0 [pid 308] close(4) = 0 [pid 308] mkdir("./file1", 0777) = 0 [ 26.958808][ T308] loop0: detected capacity change from 0 to 1024 [pid 308] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 308] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 308] chdir("./file1") = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_CLR_FD) = 0 [pid 308] close(4) = 0 [pid 308] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] chdir("./file0") = 0 [pid 308] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] creat("./bus", 000) = 4 [pid 308] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 308] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 307] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 308] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 308] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 308] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 307] exit_group(0) = ? [pid 308] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file1/lost+found") = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file0") = 0 umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file1") = 0 umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 27.047647][ T308] EXT4-fs (loop0): Ignoring removed orlov option [ 27.054123][ T308] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 27.068404][ T308] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. newfstatat(AT_FDCWD, "./1/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 [ 27.121081][ T299] ================================================================== [ 27.129529][ T299] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 27.137674][ T299] Read of size 4 at addr ffff88810cf41000 by task syz-executor210/299 [ 27.145660][ T299] [ 27.147827][ T299] CPU: 1 PID: 299 Comm: syz-executor210 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0 [ 27.158154][ T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 27.168138][ T299] Call Trace: [ 27.171268][ T299] [ 27.174038][ T299] dump_stack_lvl+0x151/0x1c0 [ 27.178558][ T299] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.184027][ T299] ? panic+0x760/0x760 [ 27.187931][ T299] print_address_description+0x87/0x3b0 [ 27.193311][ T299] kasan_report+0x179/0x1c0 [ 27.197654][ T299] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 27.203118][ T299] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 27.208587][ T299] __asan_report_load4_noabort+0x14/0x20 [ 27.214054][ T299] ext4_xattr_delete_inode+0xcd0/0xce0 [ 27.219350][ T299] ? sb_end_intwrite+0x120/0x120 [ 27.224130][ T299] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 27.230033][ T299] ? ext4_journal_check_start+0x16c/0x230 [ 27.235629][ T299] ? __kasan_check_read+0x11/0x20 [ 27.240620][ T299] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 27.246342][ T299] ? ext4_evict_inode+0xb8d/0x14e0 [ 27.251293][ T299] ext4_evict_inode+0xea1/0x14e0 [ 27.256065][ T299] ? _raw_spin_unlock+0x4d/0x70 [ 27.260752][ T299] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 27.266480][ T299] ? _raw_spin_unlock+0x4d/0x70 [ 27.271167][ T299] ? inode_io_list_del+0x18b/0x1a0 [ 27.276120][ T299] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 27.281932][ T299] evict+0x529/0x930 [ 27.285838][ T299] ? _raw_spin_unlock+0x4d/0x70 [ 27.290529][ T299] ? mode_strip_sgid+0x220/0x220 [ 27.295297][ T299] ? __kasan_check_write+0x14/0x20 [ 27.300249][ T299] ? __kasan_check_write+0x14/0x20 [ 27.305196][ T299] ? ext4_drop_inode+0x90/0x1a0 [ 27.309888][ T299] iput+0x63b/0x7e0 [ 27.313683][ T299] vfs_rmdir+0x359/0x470 [ 27.317763][ T299] do_rmdir+0x3ab/0x630 [ 27.321749][ T299] ? d_delete_notify+0x160/0x160 [ 27.326538][ T299] ? strncpy_from_user+0x18e/0x2d0 [ 27.331565][ T299] ? getname_flags+0x1fd/0x520 [ 27.336162][ T299] __x64_sys_rmdir+0x49/0x50 [ 27.340584][ T299] x64_sys_call+0x274/0x9a0 [ 27.344930][ T299] do_syscall_64+0x3b/0xb0 [ 27.349178][ T299] ? clear_bhb_loop+0x35/0x90 [ 27.353842][ T299] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 27.359617][ T299] RIP: 0033:0x7fa7187d91f7 [ 27.363847][ T299] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 27.383287][ T299] RSP: 002b:00007fff30b76f48 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 27.391532][ T299] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7187d91f7 [ 27.399345][ T299] RDX: 0000000000008790 RSI: 0000000000000000 RDI: 00007fff30b780f0 [ 27.407244][ T299] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000 [ 27.415055][ T299] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff30b780f0 [ 27.422872][ T299] R13: 000055558ae9a840 R14: 431bde82d7b634db R15: 00007fff30b7a244 [ 27.430696][ T299] [ 27.433548][ T299] [ 27.435717][ T299] Allocated by task 79: [ 27.439708][ T299] __kasan_slab_alloc+0xb1/0xe0 [ 27.444394][ T299] slab_post_alloc_hook+0x53/0x2c0 [ 27.449343][ T299] kmem_cache_alloc+0xf5/0x200 [ 27.453948][ T299] anon_vma_clone+0x9a/0x500 [ 27.458378][ T299] anon_vma_fork+0x91/0x4e0 [ 27.462719][ T299] copy_mm+0xa3a/0x13e0 [ 27.466704][ T299] copy_process+0x1149/0x3290 [ 27.471249][ T299] kernel_clone+0x21e/0x9e0 [ 27.475565][ T299] __x64_sys_clone+0x23f/0x290 [ 27.480156][ T299] x64_sys_call+0x1b0/0x9a0 [ 27.484496][ T299] do_syscall_64+0x3b/0xb0 [ 27.488749][ T299] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 27.494770][ T299] [ 27.496939][ T299] The buggy address belongs to the object at ffff88810cf41000 [ 27.496939][ T299] which belongs to the cache anon_vma_chain of size 64 [ 27.511103][ T299] The buggy address is located 0 bytes inside of [ 27.511103][ T299] 64-byte region [ffff88810cf41000, ffff88810cf41040) [ 27.523947][ T299] The buggy address belongs to the page: [ 27.529432][ T299] page:ffffea000433d040 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810cf41cc0 pfn:0x10cf41 [ 27.541055][ T299] flags: 0x4000000000000200(slab|zone=1) [ 27.546522][ T299] raw: 4000000000000200 ffffea000434c700 0000000600000006 ffff88810018e900 [ 27.555111][ T299] raw: ffff88810cf41cc0 00000000802a0001 00000001ffffffff 0000000000000000 [ 27.563535][ T299] page dumped because: kasan: bad access detected [ 27.569783][ T299] page_owner tracks the page as allocated [ 27.575422][ T299] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY), pid 79, ts 3243840380, free_ts 3242976723 [ 27.591033][ T299] post_alloc_hook+0x1a3/0x1b0 [ 27.595554][ T299] prep_new_page+0x1b/0x110 [ 27.600363][ T299] get_page_from_freelist+0x3550/0x35d0 [ 27.605738][ T299] __alloc_pages+0x27e/0x8f0 [ 27.610251][ T299] new_slab+0x9a/0x4e0 [ 27.614158][ T299] ___slab_alloc+0x39e/0x830 [ 27.618584][ T299] __slab_alloc+0x4a/0x90 [ 27.622752][ T299] kmem_cache_alloc+0x134/0x200 [ 27.627436][ T299] anon_vma_clone+0x9a/0x500 [ 27.631875][ T299] anon_vma_fork+0x91/0x4e0 [ 27.636203][ T299] copy_mm+0xa3a/0x13e0 [ 27.640201][ T299] copy_process+0x1149/0x3290 [ 27.644713][ T299] kernel_clone+0x21e/0x9e0 [ 27.649105][ T299] __x64_sys_clone+0x23f/0x290 [ 27.653674][ T299] x64_sys_call+0x1b0/0x9a0 [ 27.658010][ T299] do_syscall_64+0x3b/0xb0 [ 27.662245][ T299] page last free stack trace: [ 27.666890][ T299] free_unref_page_prepare+0x7c8/0x7d0 [ 27.672196][ T299] free_unref_page_list+0x14b/0xa60 [ 27.677207][ T299] release_pages+0x1310/0x1370 [ 27.681901][ T299] free_pages_and_swap_cache+0x8a/0xa0 [ 27.687195][ T299] tlb_finish_mmu+0x177/0x320 [ 27.691706][ T299] exit_mmap+0x40d/0x940 [ 27.695784][ T299] __mmput+0x95/0x310 [ 27.699603][ T299] mmput+0x5b/0x170 [ 27.703247][ T299] do_exit+0xb9c/0x2ca0 [ 27.707240][ T299] do_group_exit+0x141/0x310 [ 27.711761][ T299] __x64_sys_exit_group+0x3f/0x40 [ 27.716618][ T299] x64_sys_call+0x610/0x9a0 [ 27.720957][ T299] do_syscall_64+0x3b/0xb0 [ 27.725212][ T299] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 27.730945][ T299] [ 27.733107][ T299] Memory state around the buggy address: [ 27.738595][ T299] ffff88810cf40f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.746495][ T299] ffff88810cf40f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.754396][ T299] >ffff88810cf41000: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 27.762276][ T299] ^ rmdir("./1/file1/file0") = 0 umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file1") = 0 umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file2") = 0 umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file3") = 0 umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = -1 EBUSY (Device or resource busy) [ 27.766182][ T299] ffff88810cf41080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb [ 27.774164][ T299] ffff88810cf41100: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc [ 27.782061][ T299] ================================================================== [ 27.789958][ T299] Disabling lock debugging due to kernel taint umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 312 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x55558ae89760, 24) = 0 [pid 312] chdir("./2") = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 312] write(1, "executing program\n", 18executing program ) = 18 [pid 312] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 312] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 313 attached => {parent_tid=[313]}, 88) = 313 [pid 313] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 312] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 313] <... futex resumed>) = 0 [pid 313] memfd_create("syzkaller", 0 [pid 312] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 313] <... memfd_create resumed>) = 3 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 313] munmap(0x7fa710375000, 138412032) = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 313] close(3) = 0 [pid 313] close(4) = 0 [pid 313] mkdir("./file1", 0777) = 0 [ 27.884712][ T313] loop0: detected capacity change from 0 to 1024 [ 27.894629][ T313] EXT4-fs (loop0): Ignoring removed orlov option [ 27.901178][ T313] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 313] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 313] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 313] chdir("./file1") = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_CLR_FD) = 0 [pid 313] close(4) = 0 [pid 313] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 313] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 0 [pid 313] chdir("./file0") = 0 [pid 313] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 1 [pid 313] creat("./bus", 000) = 4 [pid 313] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 313] <... futex resumed>) = 1 [pid 312] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 313] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 313] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 313] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 313] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] exit_group(0) = ? [pid 313] +++ exited with 0 +++ [pid 312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/file1/lost+found") = 0 umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/file0") = 0 umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/file1") = 0 umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/file1/file0") = 0 umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file1") = 0 umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file2") = 0 umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file3") = 0 umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = -1 EBUSY (Device or resource busy) [ 27.918331][ T313] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 316 ./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x55558ae89760, 24) = 0 [pid 316] chdir("./3") = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [pid 316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 316] write(1, "executing program\n", 18) = 18 [pid 316] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 316] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[317]}, 88) = 317 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 317] memfd_create("syzkaller", 0) = 3 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 317] munmap(0x7fa710375000, 138412032) = 0 [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 317] close(3) = 0 [pid 317] close(4) = 0 [pid 317] mkdir("./file1", 0777) = 0 [ 28.009092][ T317] loop0: detected capacity change from 0 to 1024 [pid 317] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 317] chdir("./file1") = 0 [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 317] ioctl(4, LOOP_CLR_FD) = 0 [pid 317] close(4) = 0 [pid 317] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] chdir("./file0") = 0 [pid 317] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] creat("./bus", 000) = 4 [pid 317] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 317] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 317] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 317] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 317] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] exit_group(0) = ? [pid 317] <... futex resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/file1/lost+found") = 0 umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/file0") = 0 umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/file1") = 0 umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/file1/file0") = 0 umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file1") = 0 umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file2") = 0 umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file3") = 0 umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = -1 EBUSY (Device or resource busy) [ 28.087619][ T317] EXT4-fs (loop0): Ignoring removed orlov option [ 28.093838][ T317] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 28.108408][ T317] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x55558ae89760, 24) = 0 [pid 320] chdir("./4") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] write(1, "executing program\n", 18) = 18 [pid 320] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 320] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[321]}, 88) = 321 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] memfd_create("syzkaller", 0) = 3 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 321] munmap(0x7fa710375000, 138412032) = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 321] close(3) = 0 [pid 321] close(4) = 0 [pid 321] mkdir("./file1", 0777) = 0 [ 28.249651][ T321] loop0: detected capacity change from 0 to 1024 [pid 321] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 321] chdir("./file1") = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 321] ioctl(4, LOOP_CLR_FD) = 0 [pid 321] close(4) = 0 [pid 321] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] chdir("./file0") = 0 [pid 321] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] creat("./bus", 000) = 4 [pid 321] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 321] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 321] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 321] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 321] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] exit_group(0) = ? [pid 321] <... futex resumed>) = ? [pid 321] +++ exited with 0 +++ [pid 320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file1/lost+found") = 0 umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/file0") = 0 umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/file1") = 0 umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file1/file0") = 0 umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file1") = 0 umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file2") = 0 umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file3") = 0 umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = -1 EBUSY (Device or resource busy) [ 28.327801][ T321] EXT4-fs (loop0): Ignoring removed orlov option [ 28.333984][ T321] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 28.348705][ T321] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x55558ae89760, 24) = 0 [pid 325] chdir("./5") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] write(1, "executing program\n", 18) = 18 [pid 325] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 325] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[326]}, 88) = 326 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 326] memfd_create("syzkaller", 0) = 3 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 326] munmap(0x7fa710375000, 138412032) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 326] close(3) = 0 [pid 326] close(4) = 0 [pid 326] mkdir("./file1", 0777) = 0 [ 28.528774][ T326] loop0: detected capacity change from 0 to 1024 [pid 326] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 326] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 326] chdir("./file1") = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_CLR_FD) = 0 [pid 326] close(4) = 0 [pid 326] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] chdir("./file0") = 0 [pid 326] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] creat("./bus", 000) = 4 [pid 326] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 326] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 326] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 326] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 326] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] exit_group(0) = ? [pid 326] +++ exited with 0 +++ [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file1/lost+found") = 0 umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/file0") = 0 umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/file1") = 0 umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file1/file0") = 0 umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file1") = 0 umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file2") = 0 umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file3") = 0 umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = -1 EBUSY (Device or resource busy) [ 28.597699][ T326] EXT4-fs (loop0): Ignoring removed orlov option [ 28.603919][ T326] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 28.618543][ T326] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x55558ae89760, 24) = 0 [pid 329] chdir("./6") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 329] write(1, "executing program\n", 18executing program ) = 18 [pid 329] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 329] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[330]}, 88) = 330 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 330] memfd_create("syzkaller", 0) = 3 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 330] munmap(0x7fa710375000, 138412032) = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 330] close(3) = 0 [pid 330] close(4) = 0 [pid 330] mkdir("./file1", 0777) = 0 [ 28.724331][ T330] loop0: detected capacity change from 0 to 1024 [ 28.749895][ T330] EXT4-fs (loop0): Ignoring removed orlov option [ 28.756192][ T330] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 330] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 330] chdir("./file1") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 330] ioctl(4, LOOP_CLR_FD) = 0 [pid 330] close(4) = 0 [pid 330] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] chdir("./file0") = 0 [pid 330] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] creat("./bus", 000) = 4 [pid 330] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 330] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 330] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 330] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 330] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] exit_group(0) = ? [pid 330] <... futex resumed>) = ? [pid 330] +++ exited with 0 +++ [pid 329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file1/lost+found") = 0 umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/file0") = 0 umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/file1") = 0 umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file1/file0") = 0 umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file1") = 0 umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file2") = 0 umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file3") = 0 umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = -1 EBUSY (Device or resource busy) [ 28.768528][ T330] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x55558ae89760, 24) = 0 [pid 334] chdir("./7") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 334] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[335]}, 88) = 335 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 335] munmap(0x7fa710375000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 335] close(3) = 0 [pid 335] close(4) = 0 [pid 335] mkdir("./file1", 0777) = 0 [ 28.849048][ T335] loop0: detected capacity change from 0 to 1024 [ 28.857127][ T335] EXT4-fs (loop0): Ignoring removed orlov option [ 28.863340][ T335] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 335] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 335] chdir("./file1") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_CLR_FD) = 0 [pid 335] close(4) = 0 [pid 335] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 0 [pid 335] chdir("./file0") = 0 [pid 335] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 1 [pid 335] creat("./bus", 000) = 4 [pid 335] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 335] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 334] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... mount resumed>) = 0 [pid 335] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 335] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 335] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 335] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 334] exit_group(0) = ? [pid 335] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file1/lost+found") = 0 umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/file0") = 0 umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/file1") = 0 umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file1/file0") = 0 umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file1") = 0 umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file2") = 0 umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file3") = 0 umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = -1 EBUSY (Device or resource busy) [ 28.888857][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x55558ae89760, 24) = 0 [pid 338] chdir("./8") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 338] write(1, "executing program\n", 18) = 18 [pid 338] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 338] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[339]}, 88) = 339 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 339] munmap(0x7fa710375000, 138412032) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 339] close(3) = 0 [pid 339] close(4) = 0 [pid 339] mkdir("./file1", 0777) = 0 [ 29.055609][ T339] loop0: detected capacity change from 0 to 1024 [pid 339] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 339] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 339] chdir("./file1") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_CLR_FD) = 0 [pid 339] close(4) = 0 [pid 339] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 0 [pid 339] chdir("./file0") = 0 [pid 339] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] creat("./bus", 000) = 4 [pid 339] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 339] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 339] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 339] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 339] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] exit_group(0) = ? [pid 339] +++ exited with 0 +++ [pid 338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file1/lost+found") = 0 umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/file0") = 0 umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/file1") = 0 umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file1/file0") = 0 umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file1") = 0 umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file2") = 0 umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file3") = 0 umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = -1 EBUSY (Device or resource busy) [ 29.117709][ T339] EXT4-fs (loop0): Ignoring removed orlov option [ 29.123965][ T339] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 29.138427][ T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x55558ae89760, 24) = 0 [pid 342] chdir("./9") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 342] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[343]}, 88) = 343 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] memfd_create("syzkaller", 0) = 3 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 343] munmap(0x7fa710375000, 138412032) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 343] close(3) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file1", 0777) = 0 [ 29.289228][ T343] loop0: detected capacity change from 0 to 1024 [pid 343] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 343] chdir("./file1") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_CLR_FD) = 0 [pid 343] close(4) = 0 [pid 343] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 1 [pid 343] chdir("./file0") = 0 [pid 343] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 1 [pid 343] creat("./bus", 000) = 4 [pid 343] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 1 [pid 343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 343] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 1 [pid 343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 343] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 1 [pid 343] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 343] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 1 [pid 343] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 343] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] exit_group(0) = ? [pid 343] <... futex resumed>) = ? [pid 343] +++ exited with 0 +++ [pid 342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file1/lost+found") = 0 umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/file0") = 0 umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/file1") = 0 umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file1/file0") = 0 umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file1") = 0 umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file2") = 0 umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file3") = 0 umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = -1 EBUSY (Device or resource busy) [ 29.385093][ T343] EXT4-fs (loop0): Ignoring removed orlov option [ 29.391390][ T343] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 29.408363][ T343] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 346 ./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x55558ae89760, 24) = 0 [pid 346] chdir("./10") = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 346] write(1, "executing program\n", 18executing program ) = 18 [pid 346] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 346] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 347 attached => {parent_tid=[347]}, 88) = 347 [pid 347] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 347] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 346] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] <... futex resumed>) = 0 [pid 347] memfd_create("syzkaller", 0 [pid 346] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 347] <... memfd_create resumed>) = 3 [pid 347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 347] munmap(0x7fa710375000, 138412032) = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 347] close(3) = 0 [pid 347] close(4) = 0 [pid 347] mkdir("./file1", 0777) = 0 [ 29.538540][ T347] loop0: detected capacity change from 0 to 1024 [ 29.548522][ T347] EXT4-fs (loop0): Ignoring removed orlov option [ 29.554842][ T347] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 347] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 347] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 347] chdir("./file1") = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 347] ioctl(4, LOOP_CLR_FD) = 0 [pid 347] close(4) = 0 [pid 347] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 1 [pid 347] chdir("./file0") = 0 [pid 347] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 1 [pid 347] creat("./bus", 000) = 4 [pid 347] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 1 [pid 347] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 347] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 1 [pid 347] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 347] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... mmap resumed>) = 0x20000000 [pid 347] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 347] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] <... futex resumed>) = 0 [pid 346] exit_group(0) = ? [pid 347] +++ exited with 0 +++ [pid 346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file1/lost+found") = 0 umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/file0") = 0 umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/file1") = 0 umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file1/file0") = 0 umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file1") = 0 umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file2") = 0 umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file3") = 0 umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = -1 EBUSY (Device or resource busy) [ 29.568276][ T347] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x55558ae89760, 24) = 0 [pid 350] chdir("./11") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 350] write(1, "executing program\n", 18) = 18 [pid 350] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 350] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 351 attached => {parent_tid=[351]}, 88) = 351 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 351] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 351] memfd_create("syzkaller", 0) = 3 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 351] munmap(0x7fa710375000, 138412032) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 351] close(3) = 0 [pid 351] close(4) = 0 [pid 351] mkdir("./file1", 0777) = 0 [ 29.685010][ T351] loop0: detected capacity change from 0 to 1024 [ 29.694403][ T351] EXT4-fs (loop0): Ignoring removed orlov option [ 29.700746][ T351] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 351] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 351] chdir("./file1") = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_CLR_FD) = 0 [pid 351] close(4) = 0 [pid 351] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] chdir("./file0") = 0 [pid 351] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] creat("./bus", 000) = 4 [pid 351] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 351] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 351] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 351] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 351] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] exit_group(0) = ? [pid 351] <... futex resumed>) = ? [pid 351] +++ exited with 0 +++ [pid 350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file1/lost+found") = 0 umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/file0") = 0 umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/file1") = 0 umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file1/file0") = 0 umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file1") = 0 umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file2") = 0 umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file3") = 0 umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = -1 EBUSY (Device or resource busy) [ 29.718610][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x55558ae89760, 24) = 0 [pid 355] chdir("./12") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18) = 18 [pid 355] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 355] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[356]}, 88) = 356 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] memfd_create("syzkaller", 0) = 3 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 356] munmap(0x7fa710375000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 356] close(3) = 0 [pid 356] close(4) = 0 [pid 356] mkdir("./file1", 0777) = 0 [ 29.818651][ T356] loop0: detected capacity change from 0 to 1024 [pid 356] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 356] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 356] chdir("./file1") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 356] ioctl(4, LOOP_CLR_FD) = 0 [pid 356] close(4) = 0 [pid 356] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 0 [pid 356] chdir("./file0") = 0 [pid 356] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] creat("./bus", 000) = 4 [pid 356] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 356] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 356] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 356] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 356] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] exit_group(0) = ? [pid 356] +++ exited with 0 +++ [pid 355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file1/lost+found") = 0 umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/file0") = 0 umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/file1") = 0 umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file1/file0") = 0 umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file1") = 0 umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file2") = 0 umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file3") = 0 umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = -1 EBUSY (Device or resource busy) [ 29.897775][ T356] EXT4-fs (loop0): Ignoring removed orlov option [ 29.903959][ T356] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 29.918415][ T356] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x55558ae89760, 24) = 0 [pid 359] chdir("./13"executing program ) = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] write(1, "executing program\n", 18) = 18 [pid 359] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 359] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[360]}, 88) = 360 [pid 359] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 360 attached NULL, 8) = 0 [pid 359] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 360] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 360] munmap(0x7fa710375000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("./file1", 0777) = 0 [ 30.050914][ T360] loop0: detected capacity change from 0 to 1024 [pid 360] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./file1") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] chdir("./file0") = 0 [pid 360] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] creat("./bus", 000) = 4 [pid 360] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 360] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 360] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 360] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 360] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] exit_group(0) = ? [pid 360] <... futex resumed>) = ? [pid 360] +++ exited with 0 +++ [pid 359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file1/lost+found") = 0 umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/file0") = 0 umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/file1") = 0 umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file1/file0") = 0 umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file1") = 0 umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file2") = 0 umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file3") = 0 umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = -1 EBUSY (Device or resource busy) [ 30.117598][ T360] EXT4-fs (loop0): Ignoring removed orlov option [ 30.123792][ T360] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.138339][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x55558ae89760, 24) = 0 [pid 363] chdir("./14") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 363] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7fa7187959a0, 24 [pid 363] <... clone3 resumed> => {parent_tid=[364]}, 88) = 364 [pid 364] <... set_robust_list resumed>) = 0 [pid 363] rt_sigprocmask(SIG_SETMASK, [], [pid 364] rt_sigprocmask(SIG_SETMASK, [], [pid 363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 363] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 364] munmap(0x7fa710375000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 364] close(3) = 0 [pid 364] close(4) = 0 [pid 364] mkdir("./file1", 0777) = 0 [pid 364] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 364] chdir("./file1") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_CLR_FD) = 0 [pid 364] close(4) = 0 [pid 364] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 0 [pid 364] chdir("./file0") = 0 [pid 364] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] creat("./bus", 000) = 4 [pid 364] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 364] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 364] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 364] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 364] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] exit_group(0) = ? [pid 364] +++ exited with 0 +++ [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file1/lost+found") = 0 umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/file0") = 0 umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/file1") = 0 umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file1/file0") = 0 umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file1") = 0 umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file2") = 0 umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 30.292130][ T364] loop0: detected capacity change from 0 to 1024 [ 30.303122][ T364] EXT4-fs (loop0): Ignoring removed orlov option [ 30.309835][ T364] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.318350][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. unlink("./14/file1/file3") = 0 umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = -1 EBUSY (Device or resource busy) umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x55558ae89760, 24) = 0 [pid 367] chdir("./15") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18) = 18 [pid 367] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 367] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 368] munmap(0x7fa710375000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file1", 0777) = 0 [ 30.398917][ T368] loop0: detected capacity change from 0 to 1024 [pid 368] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 368] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file1") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [pid 368] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] chdir("./file0") = 0 [pid 368] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] creat("./bus", 000) = 4 [pid 368] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 368] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 368] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 368] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 368] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] exit_group(0) = ? [pid 368] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/file1/lost+found") = 0 umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/file0") = 0 umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/file1") = 0 umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/file1/file0") = 0 umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file1") = 0 umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file2") = 0 umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file3") = 0 umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = -1 EBUSY (Device or resource busy) [ 30.497801][ T368] EXT4-fs (loop0): Ignoring removed orlov option [ 30.504059][ T368] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.518616][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x55558ae89760, 24) = 0 [pid 372] chdir("./16") = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 372] write(1, "executing program\n", 18) = 18 [pid 372] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 372] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[373]}, 88) = 373 [pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] memfd_create("syzkaller", 0) = 3 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 373] munmap(0x7fa710375000, 138412032) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 373] close(3) = 0 [pid 373] close(4) = 0 [pid 373] mkdir("./file1", 0777) = 0 [ 30.647829][ T373] loop0: detected capacity change from 0 to 1024 [pid 373] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 373] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 373] chdir("./file1") = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_CLR_FD) = 0 [pid 373] close(4) = 0 [pid 373] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] chdir("./file0") = 0 [pid 373] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] creat("./bus", 000) = 4 [pid 373] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 373] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 373] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 373] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 373] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] exit_group(0) = ? [pid 373] +++ exited with 0 +++ [pid 372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file1/lost+found") = 0 umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/file0") = 0 umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/file1") = 0 umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file1/file0") = 0 umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file1") = 0 umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file2") = 0 umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file3") = 0 umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 30.717631][ T373] EXT4-fs (loop0): Ignoring removed orlov option [ 30.723855][ T373] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.738633][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. rmdir("./16/file1") = -1 EBUSY (Device or resource busy) umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x55558ae89760, 24) = 0 [pid 377] chdir("./17") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 377] write(1, "executing program\n", 18executing program ) = 18 [pid 377] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 377] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 378 attached => {parent_tid=[378]}, 88) = 378 [pid 378] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] <... futex resumed>) = 0 [pid 378] memfd_create("syzkaller", 0 [pid 377] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 378] <... memfd_create resumed>) = 3 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 378] munmap(0x7fa710375000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 378] close(3) = 0 [pid 378] close(4) = 0 [pid 378] mkdir("./file1", 0777) = 0 [ 30.856164][ T378] loop0: detected capacity change from 0 to 1024 [ 30.887894][ T378] EXT4-fs (loop0): Ignoring removed orlov option [ 30.894207][ T378] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 378] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 378] chdir("./file1") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_CLR_FD) = 0 [pid 378] close(4) = 0 [pid 378] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] chdir("./file0") = 0 [pid 378] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] creat("./bus", 000) = 4 [pid 378] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 378] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 378] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 378] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 378] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 377] exit_group(0) = ? [pid 378] +++ exited with 0 +++ [pid 377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file1/lost+found") = 0 umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/file0") = 0 umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/file1") = 0 umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file1/file0") = 0 umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file1") = 0 umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file2") = 0 umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file3") = 0 umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = -1 EBUSY (Device or resource busy) [ 30.908781][ T378] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 381 ./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x55558ae89760, 24) = 0 [pid 381] chdir("./18") = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] write(1, "executing program\n", 18) = 18 [pid 381] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 381] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[382]}, 88) = 382 [pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 381] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] memfd_create("syzkaller", 0) = 3 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 382] munmap(0x7fa710375000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 382] close(3) = 0 [pid 382] close(4) = 0 [pid 382] mkdir("./file1", 0777) = 0 [ 31.019802][ T382] loop0: detected capacity change from 0 to 1024 [pid 382] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 382] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 382] chdir("./file1") = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_CLR_FD) = 0 [pid 382] close(4) = 0 [pid 382] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] chdir("./file0") = 0 [pid 382] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] creat("./bus", 000) = 4 [pid 382] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 382] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 382] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 382] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 382] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] exit_group(0) = ? [pid 382] +++ exited with 0 +++ [pid 381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file1/lost+found") = 0 umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/file0") = 0 umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/file1") = 0 umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file1/file0") = 0 umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file1") = 0 umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file2") = 0 umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file3") = 0 umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = -1 EBUSY (Device or resource busy) [ 31.097767][ T382] EXT4-fs (loop0): Ignoring removed orlov option [ 31.103947][ T382] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 31.118407][ T382] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x55558ae89760, 24) = 0 [pid 385] chdir("./19") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18executing program ) = 18 [pid 385] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 385] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 386 attached => {parent_tid=[386]}, 88) = 386 [pid 386] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 386] <... futex resumed>) = 0 [pid 386] memfd_create("syzkaller", 0) = 3 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 385] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 386] munmap(0x7fa710375000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 386] close(3) = 0 [pid 386] close(4) = 0 [pid 386] mkdir("./file1", 0777) = 0 [ 31.227769][ T386] loop0: detected capacity change from 0 to 1024 [ 31.239400][ T386] EXT4-fs (loop0): Ignoring removed orlov option [ 31.245709][ T386] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 386] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 386] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 386] chdir("./file1") = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 386] ioctl(4, LOOP_CLR_FD) = 0 [pid 386] close(4) = 0 [pid 386] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] chdir("./file0") = 0 [pid 386] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] creat("./bus", 000) = 4 [pid 386] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 386] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 386] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 386] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 386] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] exit_group(0) = ? [pid 386] +++ exited with 0 +++ [pid 385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file1/lost+found") = 0 umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/file0") = 0 umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/file1") = 0 umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file1/file0") = 0 umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file1") = 0 umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file2") = 0 umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file3") = 0 umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = -1 EBUSY (Device or resource busy) [ 31.258971][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 389 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x55558ae89760, 24) = 0 [pid 389] chdir("./20") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] write(1, "executing program\n", 18) = 18 [pid 389] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 389] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[390]}, 88) = 390 [pid 389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 389] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 390] memfd_create("syzkaller", 0) = 3 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 390] munmap(0x7fa710375000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 390] close(3) = 0 [pid 390] close(4) = 0 [pid 390] mkdir("./file1", 0777) = 0 [ 31.380719][ T390] loop0: detected capacity change from 0 to 1024 [ 31.392087][ T390] EXT4-fs (loop0): Ignoring removed orlov option [ 31.398371][ T390] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 390] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 390] chdir("./file1") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 390] ioctl(4, LOOP_CLR_FD) = 0 [pid 390] close(4) = 0 [pid 390] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] chdir("./file0") = 0 [pid 390] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] creat("./bus", 000) = 4 [pid 390] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 390] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 390] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 390] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 390] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] exit_group(0) = ? [pid 390] +++ exited with 0 +++ [pid 389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=389, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file1/lost+found") = 0 umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./20/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/file0") = 0 umount2("./20/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/file1") = 0 umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file1/file0") = 0 umount2("./20/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file1") = 0 umount2("./20/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file2") = 0 umount2("./20/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file3") = 0 umount2("./20/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = -1 EBUSY (Device or resource busy) [ 31.408548][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 393 ./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x55558ae89760, 24) = 0 [pid 393] chdir("./21") = 0 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] write(1, "executing program\n", 18executing program ) = 18 [pid 393] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 393] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 394 attached => {parent_tid=[394]}, 88) = 394 [pid 394] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 394] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 394] memfd_create("syzkaller", 0) = 3 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 393] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 394] munmap(0x7fa710375000, 138412032) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 394] close(3) = 0 [pid 394] close(4) = 0 [pid 394] mkdir("./file1", 0777) = 0 [ 31.576945][ T394] loop0: detected capacity change from 0 to 1024 [ 31.587002][ T394] EXT4-fs (loop0): Ignoring removed orlov option [ 31.593581][ T394] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 394] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 394] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 394] chdir("./file1") = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 394] ioctl(4, LOOP_CLR_FD) = 0 [pid 394] close(4) = 0 [pid 394] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] chdir("./file0") = 0 [pid 394] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] creat("./bus", 000) = 4 [pid 394] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 394] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 394] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 394] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 394] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] <... futex resumed>) = 0 [pid 393] exit_group(0) = ? [pid 394] +++ exited with 0 +++ [pid 393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file1/lost+found") = 0 umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./21/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/file0") = 0 umount2("./21/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/file1") = 0 umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file1/file0") = 0 umount2("./21/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file1") = 0 umount2("./21/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file2") = 0 umount2("./21/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file3") = 0 umount2("./21/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = -1 EBUSY (Device or resource busy) [ 31.608555][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 397 ./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x55558ae89760, 24) = 0 [pid 397] chdir("./22") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] write(1, "executing program\n", 18executing program ) = 18 [pid 397] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 397] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[398]}, 88) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] <... futex resumed>) = 0 [pid 397] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 398] memfd_create("syzkaller", 0) = 3 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 398] munmap(0x7fa710375000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 398] close(3) = 0 [pid 398] close(4) = 0 [pid 398] mkdir("./file1", 0777) = 0 [ 31.775753][ T398] loop0: detected capacity change from 0 to 1024 [pid 398] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 398] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 398] chdir("./file1") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_CLR_FD) = 0 [pid 398] close(4) = 0 [pid 398] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] chdir("./file0") = 0 [pid 398] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] creat("./bus", 000) = 4 [pid 398] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 398] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 398] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 0 [pid 398] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 398] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 398] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] exit_group(0) = ? [pid 398] <... futex resumed>) = ? [pid 398] +++ exited with 0 +++ [pid 397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 [ 31.837621][ T398] EXT4-fs (loop0): Ignoring removed orlov option [ 31.843828][ T398] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 31.858869][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. rmdir("./22/file1/lost+found") = 0 umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./22/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/file0") = 0 umount2("./22/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/file1") = 0 umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/file1/file0") = 0 umount2("./22/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file1") = 0 umount2("./22/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file2") = 0 umount2("./22/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file3") = 0 umount2("./22/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = -1 EBUSY (Device or resource busy) umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 402 ./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x55558ae89760, 24) = 0 [pid 402] chdir("./23") = 0 [pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 402] setpgid(0, 0) = 0 [pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 402] write(3, "1000", 4) = 4 [pid 402] close(3) = 0 [pid 402] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 402] write(1, "executing program\n", 18) = 18 [pid 402] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 402] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[403]}, 88) = 403 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] memfd_create("syzkaller", 0) = 3 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 403] munmap(0x7fa710375000, 138412032) = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 403] close(3) = 0 [pid 403] close(4) = 0 [pid 403] mkdir("./file1", 0777) = 0 [ 31.991511][ T403] loop0: detected capacity change from 0 to 1024 [pid 403] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 403] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 403] chdir("./file1") = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 403] ioctl(4, LOOP_CLR_FD) = 0 [pid 403] close(4) = 0 [pid 403] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 0 [pid 403] chdir("./file0") = 0 [pid 403] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] creat("./bus", 000) = 4 [pid 403] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 403] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 403] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 403] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 403] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 402] exit_group(0) = ? [pid 403] +++ exited with 0 +++ [pid 402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file1/lost+found") = 0 umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./23/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/file0") = 0 umount2("./23/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/file1") = 0 umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file1/file0") = 0 umount2("./23/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file1") = 0 umount2("./23/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file2") = 0 umount2("./23/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file3") = 0 umount2("./23/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = -1 EBUSY (Device or resource busy) [ 32.077591][ T403] EXT4-fs (loop0): Ignoring removed orlov option [ 32.083908][ T403] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 32.098543][ T403] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 406 ./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x55558ae89760, 24) = 0 [pid 406] chdir("./24") = 0 [pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 406] setpgid(0, 0) = 0 [pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 406] write(3, "1000", 4) = 4 [pid 406] close(3) = 0 [pid 406] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 406] write(1, "executing program\n", 18) = 18 [pid 406] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 406] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 407 attached => {parent_tid=[407]}, 88) = 407 [pid 406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 406] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 407] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] memfd_create("syzkaller", 0) = 3 [pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 407] munmap(0x7fa710375000, 138412032) = 0 [pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 407] close(3) = 0 [pid 407] close(4) = 0 [pid 407] mkdir("./file1", 0777) = 0 [ 32.239327][ T407] loop0: detected capacity change from 0 to 1024 [pid 407] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 407] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 407] chdir("./file1") = 0 [pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 407] ioctl(4, LOOP_CLR_FD) = 0 [pid 407] close(4) = 0 [pid 407] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... futex resumed>) = 0 [pid 407] chdir("./file0") = 0 [pid 407] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... futex resumed>) = 1 [pid 407] creat("./bus", 000) = 4 [pid 407] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... futex resumed>) = 1 [pid 407] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 407] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 407] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 406] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... futex resumed>) = 0 [pid 407] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 407] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 0 [pid 407] <... futex resumed>) = 1 [pid 406] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... mmap resumed>) = 0x20000000 [pid 407] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 407] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 406] exit_group(0) = ? [pid 407] +++ exited with 0 +++ [pid 406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file1/lost+found") = 0 umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./24/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/file0") = 0 umount2("./24/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/file1") = 0 umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file1/file0") = 0 umount2("./24/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file1") = 0 umount2("./24/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file2") = 0 umount2("./24/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file3") = 0 umount2("./24/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = -1 EBUSY (Device or resource busy) [ 32.317646][ T407] EXT4-fs (loop0): Ignoring removed orlov option [ 32.323840][ T407] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 32.338321][ T407] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x55558ae89760, 24) = 0 [pid 410] chdir("./25") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 410] write(1, "executing program\n", 18) = 18 [pid 410] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 410] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] <... clone3 resumed> => {parent_tid=[411]}, 88) = 411 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 410] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 411] memfd_create("syzkaller", 0) = 3 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 411] munmap(0x7fa710375000, 138412032) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 411] close(3) = 0 [pid 411] close(4) = 0 [pid 411] mkdir("./file1", 0777) = 0 [ 32.417081][ T411] loop0: detected capacity change from 0 to 1024 [ 32.428133][ T411] EXT4-fs (loop0): Ignoring removed orlov option [ 32.434420][ T411] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 411] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 411] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 411] chdir("./file1") = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 411] ioctl(4, LOOP_CLR_FD) = 0 [pid 411] close(4) = 0 [pid 411] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] chdir("./file0") = 0 [pid 411] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] creat("./bus", 000) = 4 [pid 411] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 411] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 411] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 411] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 411] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] exit_group(0) = ? [pid 411] <... futex resumed>) = ? [pid 411] +++ exited with 0 +++ [pid 410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file1/lost+found") = 0 umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./25/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/file0") = 0 umount2("./25/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/file1") = 0 umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file1/file0") = 0 umount2("./25/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file1") = 0 umount2("./25/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file2") = 0 umount2("./25/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file3") = 0 umount2("./25/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = -1 EBUSY (Device or resource busy) [ 32.448286][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x55558ae89760, 24) = 0 [pid 414] chdir("./26") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18executing program ) = 18 [pid 414] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 414] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... clone3 resumed> => {parent_tid=[415]}, 88) = 415 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 414] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 415] memfd_create("syzkaller", 0) = 3 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 415] munmap(0x7fa710375000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 415] close(3) = 0 [pid 415] close(4) = 0 [pid 415] mkdir("./file1", 0777) = 0 [ 32.572550][ T415] loop0: detected capacity change from 0 to 1024 [ 32.582803][ T415] EXT4-fs (loop0): Ignoring removed orlov option [ 32.589801][ T415] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 415] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 415] chdir("./file1") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_CLR_FD) = 0 [pid 415] close(4) = 0 [pid 415] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] chdir("./file0") = 0 [pid 415] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] creat("./bus", 000) = 4 [pid 415] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 415] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 415] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 415] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 415] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] exit_group(0) = ? [pid 415] +++ exited with 0 +++ [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file1/lost+found") = 0 umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./26/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/file0") = 0 umount2("./26/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/file1") = 0 umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file1/file0") = 0 umount2("./26/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file1") = 0 umount2("./26/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file2") = 0 umount2("./26/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file3") = 0 umount2("./26/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = -1 EBUSY (Device or resource busy) [ 32.608680][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 418 ./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x55558ae89760, 24) = 0 [pid 418] chdir("./27") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3) = 0 [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] write(1, "executing program\n", 18) = 18 [pid 418] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 418] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[419]}, 88) = 419 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] memfd_create("syzkaller", 0) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 419] munmap(0x7fa710375000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 419] close(3) = 0 [pid 419] close(4) = 0 [pid 419] mkdir("./file1", 0777) = 0 [ 32.709592][ T419] loop0: detected capacity change from 0 to 1024 [pid 419] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 419] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 419] chdir("./file1") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_CLR_FD) = 0 [pid 419] close(4) = 0 [pid 419] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 0 [pid 419] chdir("./file0") = 0 [pid 419] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 [pid 419] creat("./bus", 000) = 4 [pid 419] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 [pid 419] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 419] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... open resumed>) = 5 [pid 419] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 419] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 419] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] exit_group(0) = ? [pid 419] +++ exited with 0 +++ [pid 418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file1/lost+found") = 0 umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./27/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/file0") = 0 umount2("./27/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/file1") = 0 umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file1/file0") = 0 umount2("./27/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file1") = 0 umount2("./27/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file2") = 0 umount2("./27/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file3") = 0 umount2("./27/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = -1 EBUSY (Device or resource busy) [ 32.777786][ T419] EXT4-fs (loop0): Ignoring removed orlov option [ 32.783972][ T419] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 32.798493][ T419] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 423 ./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x55558ae89760, 24) = 0 [pid 423] chdir("./28") = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 423] write(3, "1000", 4) = 4 [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 423] write(1, "executing program\n", 18executing program ) = 18 [pid 423] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 423] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[424]}, 88) = 424 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 424] munmap(0x7fa710375000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 424] close(3) = 0 [pid 424] close(4) = 0 [pid 424] mkdir("./file1", 0777) = 0 [ 32.889464][ T424] loop0: detected capacity change from 0 to 1024 [ 32.904231][ T424] EXT4-fs (loop0): Ignoring removed orlov option [ 32.910493][ T424] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 424] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 424] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./file1") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] chdir("./file0") = 0 [pid 424] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] creat("./bus", 000) = 4 [pid 424] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 424] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 424] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 424] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 424] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] exit_group(0) = ? [pid 424] +++ exited with 0 +++ [pid 423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file1/lost+found") = 0 umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./28/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/file0") = 0 umount2("./28/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/file1") = 0 umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file1/file0") = 0 umount2("./28/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file1") = 0 umount2("./28/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file2") = 0 umount2("./28/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file3") = 0 umount2("./28/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = -1 EBUSY (Device or resource busy) [ 32.928403][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 428 ./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x55558ae89760, 24) = 0 [pid 428] chdir("./29") = 0 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 428] setpgid(0, 0) = 0 [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 428] write(3, "1000", 4) = 4 [pid 428] close(3) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 428] write(1, "executing program\n", 18) = 18 [pid 428] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 428] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[429]}, 88) = 429 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 429] memfd_create("syzkaller", 0) = 3 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 429] munmap(0x7fa710375000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 429] close(3) = 0 [pid 429] close(4) = 0 [pid 429] mkdir("./file1", 0777) = 0 [ 33.088766][ T429] loop0: detected capacity change from 0 to 1024 [pid 429] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 429] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 429] chdir("./file1") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 429] ioctl(4, LOOP_CLR_FD) = 0 [pid 429] close(4) = 0 [pid 429] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... futex resumed>) = 1 [pid 429] chdir("./file0") = 0 [pid 429] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... futex resumed>) = 1 [pid 429] creat("./bus", 000) = 4 [pid 429] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 429] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 429] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 429] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 429] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] exit_group(0) = ? [pid 429] +++ exited with 0 +++ [pid 428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file1/lost+found") = 0 umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./29/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/file0") = 0 umount2("./29/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/file1") = 0 umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file1/file0") = 0 umount2("./29/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file1") = 0 umount2("./29/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file2") = 0 umount2("./29/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file3") = 0 umount2("./29/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = -1 EBUSY (Device or resource busy) [ 33.167886][ T429] EXT4-fs (loop0): Ignoring removed orlov option [ 33.174061][ T429] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 33.188581][ T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 432 ./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x55558ae89760, 24) = 0 [pid 432] chdir("./30") = 0 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 432] setpgid(0, 0) = 0 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 432] write(3, "1000", 4) = 4 [pid 432] close(3) = 0 [pid 432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 432] write(1, "executing program\n", 18) = 18 [pid 432] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 432] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[433]}, 88) = 433 [pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] memfd_create("syzkaller", 0) = 3 [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 433] munmap(0x7fa710375000, 138412032) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 433] close(3) = 0 [pid 433] close(4) = 0 [pid 433] mkdir("./file1", 0777) = 0 [ 33.288362][ T433] loop0: detected capacity change from 0 to 1024 [pid 433] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 433] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 433] chdir("./file1") = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_CLR_FD) = 0 [pid 433] close(4) = 0 [pid 433] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] chdir("./file0") = 0 [pid 433] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] creat("./bus", 000) = 4 [pid 433] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 433] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 433] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 433] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 433] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] exit_group(0) = ? [pid 433] <... futex resumed>) = ? [pid 433] +++ exited with 0 +++ [pid 432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=432, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file1/lost+found") = 0 umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./30/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/file0") = 0 umount2("./30/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/file1") = 0 umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file1/file0") = 0 umount2("./30/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file1") = 0 umount2("./30/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file2") = 0 umount2("./30/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file3") = 0 umount2("./30/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = -1 EBUSY (Device or resource busy) [ 33.367633][ T433] EXT4-fs (loop0): Ignoring removed orlov option [ 33.373914][ T433] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 33.388497][ T433] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 436 ./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x55558ae89760, 24) = 0 [pid 436] chdir("./31") = 0 [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 436] setpgid(0, 0) = 0 [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 436] write(3, "1000", 4) = 4 [pid 436] close(3) = 0 [pid 436] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 436] write(1, "executing program\n", 18) = 18 [pid 436] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 436] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 437 attached => {parent_tid=[437]}, 88) = 437 [pid 437] set_robust_list(0x7fa7187959a0, 24 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 436] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 437] <... set_robust_list resumed>) = 0 [pid 437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 437] memfd_create("syzkaller", 0) = 3 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 437] munmap(0x7fa710375000, 138412032) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 437] close(3) = 0 [pid 437] close(4) = 0 [pid 437] mkdir("./file1", 0777) = 0 [ 33.495274][ T437] loop0: detected capacity change from 0 to 1024 [ 33.505230][ T437] EXT4-fs (loop0): Ignoring removed orlov option [ 33.511546][ T437] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 437] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 437] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 437] chdir("./file1") = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 437] ioctl(4, LOOP_CLR_FD) = 0 [pid 437] close(4) = 0 [pid 437] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... futex resumed>) = 1 [pid 437] chdir("./file0") = 0 [pid 437] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... futex resumed>) = 1 [pid 437] creat("./bus", 000) = 4 [pid 437] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... futex resumed>) = 1 [pid 437] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 437] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... futex resumed>) = 0 [pid 437] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 437] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... futex resumed>) = 1 [pid 437] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 437] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 437] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] <... futex resumed>) = 0 [pid 436] exit_group(0) = ? [pid 437] +++ exited with 0 +++ [pid 436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file1/lost+found") = 0 umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./31/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/file0") = 0 umount2("./31/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/file1") = 0 umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file1/file0") = 0 umount2("./31/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file1") = 0 umount2("./31/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file2") = 0 umount2("./31/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file3") = 0 umount2("./31/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = -1 EBUSY (Device or resource busy) umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x55558ae89760, 24) = 0 [pid 440] chdir("./32") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] write(1, "executing program\n", 18) = 18 [pid 440] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 440] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[441]}, 88) = 441 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [ 33.528437][ T437] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 441] munmap(0x7fa710375000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 441] close(3) = 0 [pid 441] close(4) = 0 [pid 441] mkdir("./file1", 0777) = 0 [ 33.599488][ T441] loop0: detected capacity change from 0 to 1024 [pid 441] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 441] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 441] chdir("./file1") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_CLR_FD) = 0 [pid 441] close(4) = 0 [pid 441] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] chdir("./file0") = 0 [pid 441] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] creat("./bus", 000) = 4 [pid 441] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 441] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 441] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 441] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 441] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] exit_group(0) = ? [pid 441] +++ exited with 0 +++ [pid 440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file1/lost+found") = 0 umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./32/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/file0") = 0 umount2("./32/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/file1") = 0 umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file1/file0") = 0 umount2("./32/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file1") = 0 umount2("./32/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file2") = 0 umount2("./32/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file3") = 0 umount2("./32/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = -1 EBUSY (Device or resource busy) [ 33.687625][ T441] EXT4-fs (loop0): Ignoring removed orlov option [ 33.693848][ T441] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 33.708465][ T441] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x55558ae89760, 24) = 0 [pid 445] chdir("./33") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 executing program [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18) = 18 [pid 445] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 445] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 446 attached => {parent_tid=[446]}, 88) = 446 [pid 446] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] memfd_create("syzkaller", 0 [pid 445] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 446] <... memfd_create resumed>) = 3 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 446] munmap(0x7fa710375000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 446] close(3) = 0 [pid 446] close(4) = 0 [pid 446] mkdir("./file1", 0777) = 0 [ 33.823560][ T446] loop0: detected capacity change from 0 to 1024 [ 33.833830][ T446] EXT4-fs (loop0): Ignoring removed orlov option [ 33.840456][ T446] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 446] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 446] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 446] chdir("./file1") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_CLR_FD) = 0 [pid 446] close(4) = 0 [pid 446] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] chdir("./file0") = 0 [pid 446] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] creat("./bus", 000) = 4 [pid 446] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 446] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 446] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 446] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 446] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 446] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] exit_group(0) = ? [pid 446] <... futex resumed>) = ? [pid 446] +++ exited with 0 +++ [pid 445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file1/lost+found") = 0 umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./33/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/file0") = 0 umount2("./33/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/file1") = 0 umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file1/file0") = 0 umount2("./33/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file1") = 0 umount2("./33/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file2") = 0 umount2("./33/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file3") = 0 umount2("./33/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = -1 EBUSY (Device or resource busy) [ 33.858393][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x55558ae89760, 24) = 0 [pid 449] chdir("./34") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] write(1, "executing program\n", 18) = 18 [pid 449] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 449] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[450]}, 88) = 450 [pid 449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 449] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 450] memfd_create("syzkaller", 0) = 3 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 450] munmap(0x7fa710375000, 138412032) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 450] close(3) = 0 [pid 450] close(4) = 0 [pid 450] mkdir("./file1", 0777) = 0 [ 33.979172][ T450] loop0: detected capacity change from 0 to 1024 [pid 450] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 450] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 450] chdir("./file1") = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 450] ioctl(4, LOOP_CLR_FD) = 0 [pid 450] close(4) = 0 [pid 450] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 450] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 0 [pid 450] chdir("./file0") = 0 [pid 450] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 1 [pid 450] creat("./bus", 000) = 4 [pid 450] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 1 [pid 450] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 450] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 450] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 450] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 450] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] <... futex resumed>) = 0 [pid 449] exit_group(0) = ? [pid 450] +++ exited with 0 +++ [pid 449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file1/lost+found") = 0 umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./34/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/file0") = 0 umount2("./34/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/file1") = 0 umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file1/file0") = 0 umount2("./34/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file1") = 0 umount2("./34/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file2") = 0 umount2("./34/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file3") = 0 umount2("./34/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = -1 EBUSY (Device or resource busy) [ 34.057831][ T450] EXT4-fs (loop0): Ignoring removed orlov option [ 34.064029][ T450] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 34.078638][ T450] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 453 ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x55558ae89760, 24) = 0 [pid 453] chdir("./35") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 453] write(1, "executing program\n", 18) = 18 [pid 453] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 453] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[454]}, 88) = 454 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 454 attached [pid 454] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 454] memfd_create("syzkaller", 0) = 3 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 454] munmap(0x7fa710375000, 138412032) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 454] close(3) = 0 [pid 454] close(4) = 0 [pid 454] mkdir("./file1", 0777) = 0 [ 34.168180][ T454] loop0: detected capacity change from 0 to 1024 [pid 454] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 454] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 454] chdir("./file1") = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 454] ioctl(4, LOOP_CLR_FD) = 0 [pid 454] close(4) = 0 [pid 454] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] chdir("./file0") = 0 [pid 454] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] creat("./bus", 000) = 4 [pid 454] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 454] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 454] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 454] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] readv(-1, [pid 453] <... futex resumed>) = 0 [pid 454] <... readv resumed>0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 453] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 454] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] exit_group(0) = ? [pid 454] <... futex resumed>) = ? [pid 454] +++ exited with 0 +++ [pid 453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file1/lost+found") = 0 umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./35/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/file0") = 0 umount2("./35/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/file1") = 0 umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file1/file0") = 0 umount2("./35/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file1") = 0 umount2("./35/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file2") = 0 umount2("./35/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file3") = 0 umount2("./35/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = -1 EBUSY (Device or resource busy) [ 34.257605][ T454] EXT4-fs (loop0): Ignoring removed orlov option [ 34.263912][ T454] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 34.278529][ T454] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 457 ./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x55558ae89760, 24) = 0 [pid 457] chdir("./36") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 457] write(1, "executing program\n", 18) = 18 [pid 457] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 457] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[458]}, 88) = 458 [pid 457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 457] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] memfd_create("syzkaller", 0) = 3 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 458] munmap(0x7fa710375000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 458] close(3) = 0 [pid 458] close(4) = 0 [pid 458] mkdir("./file1", 0777) = 0 [ 34.409505][ T458] loop0: detected capacity change from 0 to 1024 [ 34.418642][ T458] EXT4-fs (loop0): Ignoring removed orlov option [ 34.424811][ T458] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 458] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 458] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 458] chdir("./file1") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 458] ioctl(4, LOOP_CLR_FD) = 0 [pid 458] close(4) = 0 [pid 458] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] chdir("./file0") = 0 [pid 458] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] creat("./bus", 000) = 4 [pid 458] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 458] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 458] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 458] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 458] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] exit_group(0) = ? [pid 458] <... futex resumed>) = ? [pid 458] +++ exited with 0 +++ [pid 457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=457, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file1/lost+found") = 0 umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./36/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/file0") = 0 umount2("./36/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/file1") = 0 umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file1/file0") = 0 umount2("./36/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file1") = 0 umount2("./36/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file2") = 0 umount2("./36/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file3") = 0 umount2("./36/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = -1 EBUSY (Device or resource busy) [ 34.438510][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 461 ./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x55558ae89760, 24) = 0 [pid 461] chdir("./37") = 0 [pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 461] setpgid(0, 0) = 0 [pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 461] write(3, "1000", 4) = 4 [pid 461] close(3) = 0 [pid 461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 461] write(1, "executing program\n", 18executing program ) = 18 [pid 461] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 461] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 461] <... clone3 resumed> => {parent_tid=[462]}, 88) = 462 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 462] <... futex resumed>) = 0 [pid 462] memfd_create("syzkaller", 0) = 3 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 461] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 462] munmap(0x7fa710375000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 462] close(3) = 0 [pid 462] close(4) = 0 [pid 462] mkdir("./file1", 0777) = 0 [ 34.582119][ T462] loop0: detected capacity change from 0 to 1024 [pid 462] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 462] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 462] chdir("./file1") = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_CLR_FD) = 0 [pid 462] close(4) = 0 [pid 462] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] chdir("./file0") = 0 [pid 462] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] creat("./bus", 000) = 4 [pid 462] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 462] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 462] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 462] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 462] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] exit_group(0) = ? [pid 462] <... futex resumed>) = ? [pid 462] +++ exited with 0 +++ [pid 461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file1/lost+found") = 0 umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./37/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/file0") = 0 umount2("./37/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/file1") = 0 umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file1/file0") = 0 umount2("./37/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file1") = 0 umount2("./37/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file2") = 0 umount2("./37/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file3") = 0 umount2("./37/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = -1 EBUSY (Device or resource busy) [ 34.657619][ T462] EXT4-fs (loop0): Ignoring removed orlov option [ 34.663922][ T462] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 34.678535][ T462] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 466 ./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x55558ae89760, 24) = 0 [pid 466] chdir("./38") = 0 [pid 466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 466] setpgid(0, 0) = 0 [pid 466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 466] write(3, "1000", 4) = 4 [pid 466] close(3) = 0 [pid 466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 466] write(1, "executing program\n", 18executing program ) = 18 [pid 466] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 466] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 467 attached => {parent_tid=[467]}, 88) = 467 [pid 467] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 467] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 466] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 467] <... futex resumed>) = 0 [pid 467] memfd_create("syzkaller", 0) = 3 [pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 466] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 467] <... mmap resumed>) = 0x7fa710375000 [pid 467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 467] munmap(0x7fa710375000, 138412032) = 0 [pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 467] close(3) = 0 [pid 467] close(4) = 0 [pid 467] mkdir("./file1", 0777) = 0 [ 34.835053][ T467] loop0: detected capacity change from 0 to 1024 [pid 467] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 467] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 467] chdir("./file1") = 0 [pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 467] ioctl(4, LOOP_CLR_FD) = 0 [pid 467] close(4) = 0 [pid 467] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 467] chdir("./file0") = 0 [pid 467] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 467] creat("./bus", 000) = 4 [pid 467] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 467] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 467] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 467] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 467] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 467] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 467] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 466] <... futex resumed>) = 0 [pid 466] exit_group(0) = ? [pid 467] +++ exited with 0 +++ [pid 466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=466, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file1/lost+found") = 0 umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./38/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/file0") = 0 umount2("./38/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/file1") = 0 umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file1/file0") = 0 umount2("./38/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file1") = 0 umount2("./38/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file2") = 0 umount2("./38/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file3") = 0 umount2("./38/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = -1 EBUSY (Device or resource busy) [ 34.907617][ T467] EXT4-fs (loop0): Ignoring removed orlov option [ 34.913901][ T467] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 34.928264][ T467] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x55558ae89760, 24) = 0 [pid 470] chdir("./39") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 executing program [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] write(1, "executing program\n", 18) = 18 [pid 470] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 470] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... clone3 resumed> => {parent_tid=[471]}, 88) = 471 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] memfd_create("syzkaller", 0) = 3 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 470] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 471] munmap(0x7fa710375000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 471] close(3) = 0 [pid 471] close(4) = 0 [pid 471] mkdir("./file1", 0777) = 0 [ 35.009306][ T471] loop0: detected capacity change from 0 to 1024 [ 35.019174][ T471] EXT4-fs (loop0): Ignoring removed orlov option [ 35.025588][ T471] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 471] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 471] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 471] chdir("./file1") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 471] ioctl(4, LOOP_CLR_FD) = 0 [pid 471] close(4) = 0 [pid 471] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] chdir("./file0") = 0 [pid 471] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] creat("./bus", 000) = 4 [pid 471] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 471] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 471] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 471] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 471] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] exit_group(0) = ? [pid 471] +++ exited with 0 +++ [pid 470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file1/lost+found") = 0 umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./39/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/file0") = 0 umount2("./39/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/file1") = 0 umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file1/file0") = 0 umount2("./39/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file1") = 0 umount2("./39/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file2") = 0 umount2("./39/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file3") = 0 umount2("./39/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = -1 EBUSY (Device or resource busy) [ 35.039136][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 474 ./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x55558ae89760, 24) = 0 [pid 474] chdir("./40") = 0 [pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 474] setpgid(0, 0) = 0 [pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 474] write(3, "1000", 4) = 4 [pid 474] close(3) = 0 [pid 474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 474] write(1, "executing program\n", 18) = 18 [pid 474] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 474] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[475]}, 88) = 475 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 475] memfd_create("syzkaller", 0) = 3 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 475] munmap(0x7fa710375000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 475] close(3) = 0 [pid 475] close(4) = 0 [pid 475] mkdir("./file1", 0777) = 0 [ 35.168950][ T475] loop0: detected capacity change from 0 to 1024 [pid 475] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 475] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 475] chdir("./file1") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 475] ioctl(4, LOOP_CLR_FD) = 0 [pid 475] close(4) = 0 [pid 475] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] <... futex resumed>) = 0 [pid 475] chdir("./file0") = 0 [pid 475] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] <... futex resumed>) = 1 [pid 475] creat("./bus", 000) = 4 [pid 475] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] <... futex resumed>) = 0 [pid 475] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 474] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] <... mount resumed>) = 0 [pid 475] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 475] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = 1 [pid 474] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 475] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 475] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] <... futex resumed>) = 0 [pid 474] exit_group(0) = ? [pid 475] +++ exited with 0 +++ [pid 474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file1/lost+found") = 0 umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./40/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/file0") = 0 umount2("./40/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/file1") = 0 umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file1/file0") = 0 umount2("./40/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file1") = 0 umount2("./40/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file2") = 0 umount2("./40/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file3") = 0 umount2("./40/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = -1 EBUSY (Device or resource busy) [ 35.247769][ T475] EXT4-fs (loop0): Ignoring removed orlov option [ 35.253966][ T475] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 35.268593][ T475] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 478 ./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x55558ae89760, 24) = 0 [pid 478] chdir("./41") = 0 [pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 478] setpgid(0, 0) = 0 [pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 478] write(3, "1000", 4) = 4 [pid 478] close(3) = 0 [pid 478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 478] write(1, "executing program\n", 18executing program ) = 18 [pid 478] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 478] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 478] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 478] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 478] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[479]}, 88) = 479 [pid 478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 478] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] memfd_create("syzkaller", 0) = 3 [pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 479] munmap(0x7fa710375000, 138412032) = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 479] close(3) = 0 [pid 479] close(4) = 0 [pid 479] mkdir("./file1", 0777) = 0 [ 35.410184][ T479] loop0: detected capacity change from 0 to 1024 [pid 479] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 479] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 479] chdir("./file1") = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 479] ioctl(4, LOOP_CLR_FD) = 0 [pid 479] close(4) = 0 [pid 479] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] <... futex resumed>) = 0 [pid 479] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 478] <... futex resumed>) = 0 [pid 479] chdir("./file0" [pid 478] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... chdir resumed>) = 0 [pid 479] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] creat("./bus", 000) = 4 [pid 479] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 479] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 479] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 479] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] <... futex resumed>) = 0 [pid 478] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 479] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] <... futex resumed>) = 0 [pid 478] exit_group(0) = ? [pid 479] +++ exited with 0 +++ [pid 478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=478, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file1/lost+found") = 0 umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./41/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/file0") = 0 umount2("./41/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/file1") = 0 umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file1/file0") = 0 umount2("./41/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file1") = 0 umount2("./41/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file2") = 0 umount2("./41/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file3") = 0 umount2("./41/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = -1 EBUSY (Device or resource busy) [ 35.487709][ T479] EXT4-fs (loop0): Ignoring removed orlov option [ 35.493963][ T479] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 35.508617][ T479] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x55558ae89760, 24) = 0 [pid 483] chdir("./42") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] write(1, "executing program\n", 18executing program ) = 18 [pid 483] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 483] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 484] rt_sigprocmask(SIG_SETMASK, [], [pid 483] <... clone3 resumed> => {parent_tid=[484]}, 88) = 484 [pid 484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 484] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] <... futex resumed>) = 0 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 483] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 484] munmap(0x7fa710375000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 484] close(3) = 0 [pid 484] close(4) = 0 [pid 484] mkdir("./file1", 0777) = 0 [ 35.610475][ T484] loop0: detected capacity change from 0 to 1024 [pid 484] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 484] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 484] chdir("./file1") = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_CLR_FD) = 0 [pid 484] close(4) = 0 [pid 484] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 484] chdir("./file0") = 0 [pid 484] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] creat("./bus", 000) = 4 [pid 484] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 483] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... mount resumed>) = 0 [pid 483] <... futex resumed>) = 0 [pid 484] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 484] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 484] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 484] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 484] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] exit_group(0) = ? [pid 484] +++ exited with 0 +++ [pid 483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=483, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file1/lost+found") = 0 umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./42/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/file0") = 0 umount2("./42/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/file1") = 0 umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file1/file0") = 0 umount2("./42/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file1") = 0 umount2("./42/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file2") = 0 umount2("./42/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file3") = 0 umount2("./42/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = -1 EBUSY (Device or resource busy) [ 35.667636][ T484] EXT4-fs (loop0): Ignoring removed orlov option [ 35.673971][ T484] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 35.688563][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 487 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x55558ae89760, 24) = 0 [pid 487] chdir("./43") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] write(1, "executing program\n", 18) = 18 [pid 487] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 487] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[488]}, 88) = 488 [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] memfd_create("syzkaller", 0) = 3 [pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 488] munmap(0x7fa710375000, 138412032) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 488] close(3) = 0 [pid 488] close(4) = 0 [pid 488] mkdir("./file1", 0777) = 0 [ 35.779263][ T488] loop0: detected capacity change from 0 to 1024 [ 35.787153][ T488] EXT4-fs (loop0): Ignoring removed orlov option [ 35.793411][ T488] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 488] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 488] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 488] chdir("./file1") = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 488] ioctl(4, LOOP_CLR_FD) = 0 [pid 488] close(4) = 0 [pid 488] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] chdir("./file0") = 0 [pid 488] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] creat("./bus", 000) = 4 [pid 488] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 488] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 488] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 488] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 488] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] exit_group(0) = ? [pid 488] <... futex resumed>) = ? [pid 488] +++ exited with 0 +++ [pid 487] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=487, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file1/lost+found") = 0 umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./43/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/file0") = 0 umount2("./43/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/file1") = 0 umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file1/file0") = 0 umount2("./43/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file1") = 0 umount2("./43/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file2") = 0 umount2("./43/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file3") = 0 umount2("./43/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = -1 EBUSY (Device or resource busy) [ 35.808730][ T488] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 492 ./strace-static-x86_64: Process 492 attached [pid 492] set_robust_list(0x55558ae89760, 24) = 0 [pid 492] chdir("./44") = 0 [pid 492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 492] setpgid(0, 0) = 0 [pid 492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 492] write(3, "1000", 4) = 4 [pid 492] close(3) = 0 [pid 492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 492] write(1, "executing program\n", 18executing program ) = 18 [pid 492] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 492] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 493 attached => {parent_tid=[493]}, 88) = 493 [pid 493] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 493] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 492] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] memfd_create("syzkaller", 0) = 3 [pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 492] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 493] munmap(0x7fa710375000, 138412032) = 0 [pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 493] close(3) = 0 [pid 493] close(4) = 0 [pid 493] mkdir("./file1", 0777) = 0 [ 35.931706][ T493] loop0: detected capacity change from 0 to 1024 [pid 493] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 493] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 493] chdir("./file1") = 0 [pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 493] ioctl(4, LOOP_CLR_FD) = 0 [pid 493] close(4) = 0 [pid 493] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 492] <... futex resumed>) = 0 [pid 492] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 492] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 0 [pid 493] chdir("./file0") = 0 [pid 493] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... futex resumed>) = 0 [pid 492] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 1 [pid 493] creat("./bus", 000) = 4 [pid 493] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 492] <... futex resumed>) = 0 [pid 492] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 493] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... futex resumed>) = 0 [pid 492] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 1 [pid 493] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 493] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... futex resumed>) = 0 [pid 492] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 1 [pid 493] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 493] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 492] <... futex resumed>) = 0 [pid 492] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 493] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 492] <... futex resumed>) = 0 [pid 492] exit_group(0) = ? [pid 493] +++ exited with 0 +++ [pid 492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=492, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file1/lost+found") = 0 umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./44/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/file0") = 0 umount2("./44/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/file1") = 0 umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file1/file0") = 0 umount2("./44/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file1") = 0 umount2("./44/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file2") = 0 umount2("./44/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file3") = 0 umount2("./44/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = -1 EBUSY (Device or resource busy) [ 36.007639][ T493] EXT4-fs (loop0): Ignoring removed orlov option [ 36.013940][ T493] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 36.028278][ T493] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 496 ./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x55558ae89760, 24) = 0 [pid 496] chdir("./45") = 0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 496] setpgid(0, 0) = 0 executing program [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 496] write(3, "1000", 4) = 4 [pid 496] close(3) = 0 [pid 496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 496] write(1, "executing program\n", 18) = 18 [pid 496] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 496] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0} => {parent_tid=[497]}, 88) = 497 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 497] memfd_create("syzkaller", 0) = 3 [pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 497] munmap(0x7fa710375000, 138412032) = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 497] close(3) = 0 [pid 497] close(4) = 0 [pid 497] mkdir("./file1", 0777) = 0 [ 36.167900][ T497] loop0: detected capacity change from 0 to 1024 [pid 497] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 497] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 497] chdir("./file1") = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 497] ioctl(4, LOOP_CLR_FD) = 0 [pid 497] close(4) = 0 [pid 497] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 497] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 0 [pid 497] chdir("./file0") = 0 [pid 497] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] creat("./bus", 000) = 4 [pid 497] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 497] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 496] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 0 [pid 497] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 497] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 497] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 497] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 497] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 496] exit_group(0) = ? [pid 497] +++ exited with 0 +++ [pid 496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file1/lost+found") = 0 umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./45/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/file0") = 0 umount2("./45/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/file1") = 0 umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file1/file0") = 0 umount2("./45/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file1") = 0 umount2("./45/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file2") = 0 umount2("./45/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file3") = 0 umount2("./45/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = -1 EBUSY (Device or resource busy) [ 36.247677][ T497] EXT4-fs (loop0): Ignoring removed orlov option [ 36.253893][ T497] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 36.268586][ T497] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 500 ./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x55558ae89760, 24) = 0 [pid 500] chdir("./46") = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 500] write(1, "executing program\n", 18executing program ) = 18 [pid 500] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 500] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x7fa7187959a0, 24 [pid 500] <... clone3 resumed> => {parent_tid=[501]}, 88) = 501 [pid 500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 500] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 501] <... set_robust_list resumed>) = 0 [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 501] memfd_create("syzkaller", 0) = 3 [pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 501] munmap(0x7fa710375000, 138412032) = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 501] close(3) = 0 [pid 501] close(4) = 0 [pid 501] mkdir("./file1", 0777) = 0 [ 36.385581][ T501] loop0: detected capacity change from 0 to 1024 [pid 501] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 501] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 501] chdir("./file1") = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 501] ioctl(4, LOOP_CLR_FD) = 0 [pid 501] close(4) = 0 [pid 501] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 0 [pid 501] chdir("./file0") = 0 [pid 501] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] creat("./bus", 000) = 4 [pid 501] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 501] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 501] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 501] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 501] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] exit_group(0) = ? [pid 501] <... futex resumed>) = ? [pid 501] +++ exited with 0 +++ [pid 500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=500, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file1/lost+found") = 0 umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./46/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/file0") = 0 umount2("./46/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/file1") = 0 umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file1/file0") = 0 umount2("./46/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file1") = 0 umount2("./46/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file2") = 0 umount2("./46/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file3") = 0 umount2("./46/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = -1 EBUSY (Device or resource busy) [ 36.467849][ T501] EXT4-fs (loop0): Ignoring removed orlov option [ 36.474228][ T501] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 36.488334][ T501] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x55558ae89760, 24) = 0 [pid 504] chdir("./47") = 0 [pid 504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 504] setpgid(0, 0) = 0 [pid 299] <... clone resumed>, child_tidptr=0x55558ae89750) = 504 [pid 504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 504] write(3, "1000", 4) = 4 [pid 504] close(3) = 0 [pid 504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 504] write(1, "executing program\n", 18executing program ) = 18 [pid 504] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 504] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 505 attached => {parent_tid=[505]}, 88) = 505 [pid 505] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 504] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] memfd_create("syzkaller", 0) = 3 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 504] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 505] munmap(0x7fa710375000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 505] close(3) = 0 [pid 505] close(4) = 0 [pid 505] mkdir("./file1", 0777) = 0 [ 36.668385][ T505] loop0: detected capacity change from 0 to 1024 [ 36.679648][ T505] EXT4-fs (loop0): Ignoring removed orlov option [ 36.685940][ T505] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 505] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 505] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 505] chdir("./file1") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_CLR_FD) = 0 [pid 505] close(4) = 0 [pid 505] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 0 [pid 505] chdir("./file0") = 0 [pid 505] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] creat("./bus", 000) = 4 [pid 505] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 505] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 505] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 505] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 505] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] <... futex resumed>) = 0 [pid 504] exit_group(0) = ? [pid 505] +++ exited with 0 +++ [pid 504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=504, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file1/lost+found") = 0 umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./47/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/file0") = 0 umount2("./47/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/file1") = 0 umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file1/file0") = 0 umount2("./47/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file1") = 0 umount2("./47/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file2") = 0 umount2("./47/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file3") = 0 umount2("./47/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = -1 EBUSY (Device or resource busy) [ 36.698442][ T505] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 508 ./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x55558ae89760, 24) = 0 [pid 508] chdir("./48") = 0 [pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 508] setpgid(0, 0) = 0 [pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 508] write(3, "1000", 4) = 4 [pid 508] close(3) = 0 [pid 508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 508] write(1, "executing program\n", 18executing program ) = 18 [pid 508] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 508] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 509 attached => {parent_tid=[509]}, 88) = 509 [pid 509] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 509] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 509] <... futex resumed>) = 0 [pid 509] memfd_create("syzkaller", 0 [pid 508] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 509] <... memfd_create resumed>) = 3 [pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 509] munmap(0x7fa710375000, 138412032) = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 509] close(3) = 0 [pid 509] close(4) = 0 [pid 509] mkdir("./file1", 0777) = 0 [ 36.806696][ T509] loop0: detected capacity change from 0 to 1024 [pid 509] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 509] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 509] chdir("./file1") = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 509] ioctl(4, LOOP_CLR_FD) = 0 [pid 509] close(4) = 0 [pid 509] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 509] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 508] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 0 [pid 509] chdir("./file0") = 0 [pid 509] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 1 [pid 509] creat("./bus", 000) = 4 [pid 509] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 1 [pid 509] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 509] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 1 [pid 509] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 509] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 1 [pid 509] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 509] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 509] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 508] <... futex resumed>) = 0 [pid 508] exit_group(0 [pid 509] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 508] <... exit_group resumed>) = ? [pid 509] <... futex resumed>) = ? [pid 509] +++ exited with 0 +++ [pid 508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558ae8a7f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558ae92830 /* 8 entries */, 32768) = 240 umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 2 entries */, 32768) = 48 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/file1/lost+found") = 0 umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55558ae9a870 /* 5 entries */, 32768) = 136 umount2("./48/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file0/file0") = 0 umount2("./48/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file0/file1") = 0 umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file0/bus") = 0 getdents64(5, 0x55558ae9a870 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/file1/file0") = 0 umount2("./48/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file1") = 0 umount2("./48/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file2") = 0 umount2("./48/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file3") = 0 umount2("./48/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file.cold") = 0 getdents64(4, 0x55558ae92830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = -1 EBUSY (Device or resource busy) [ 36.887614][ T509] EXT4-fs (loop0): Ignoring removed orlov option [ 36.893800][ T509] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 36.908330][ T509] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x55558ae8a7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558ae89750) = 513 ./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x55558ae89760, 24) = 0 [pid 513] chdir("./49") = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0executing program ) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 513] write(3, "1000", 4) = 4 [pid 513] close(3) = 0 [pid 513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 513] write(1, "executing program\n", 18) = 18 [pid 513] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7187ff9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7187a8eb0}, NULL, 8) = 0 [pid 513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa718775000 [pid 513] mprotect(0x7fa718776000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa718795990, parent_tid=0x7fa718795990, exit_signal=0, stack=0x7fa718775000, stack_size=0x20240, tls=0x7fa7187956c0}./strace-static-x86_64: Process 514 attached => {parent_tid=[514]}, 88) = 514 [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 514] set_robust_list(0x7fa7187959a0, 24) = 0 [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] memfd_create("syzkaller", 0) = 3 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa710375000 [pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 514] munmap(0x7fa710375000, 138412032) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 514] close(3) = 0 [pid 514] close(4) = 0 [pid 514] mkdir("./file1", 0777) = 0 [ 37.053153][ T514] loop0: detected capacity change from 0 to 1024 [pid 514] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 514] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 514] chdir("./file1") = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 514] ioctl(4, LOOP_CLR_FD) = 0 [pid 514] close(4) = 0 [pid 514] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] chdir("./file0") = 0 [pid 514] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] creat("./bus", 000) = 4 [pid 514] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 514] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 514] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 514] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] futex(0x7fa7188626c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fa7188626c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] futex(0x7fa7188626cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 0 [pid 514] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 514] futex(0x7fa7188626cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] exit_group(0) = ? [pid 514] <... futex resumed>) = ? [pid 514] +++ exited with 0 +++ [pid 513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=513, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---