./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1102184531 <...> Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. execve("./syz-executor1102184531", ["./syz-executor1102184531"], 0x7ffd9395aaf0 /* 10 vars */) = 0 brk(NULL) = 0x555556efe000 brk(0x555556efed40) = 0x555556efed40 arch_prctl(ARCH_SET_FS, 0x555556efe3c0) = 0 set_tid_address(0x555556efe690) = 5025 set_robust_list(0x555556efe6a0, 24) = 0 rseq(0x555556efece0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1102184531", 4096) = 28 getrandom("\x39\xd6\xa2\x98\x65\x64\xf2\x2f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556efed40 brk(0x555556f1fd40) = 0x555556f1fd40 brk(0x555556f20000) = 0x555556f20000 mprotect(0x7f9ca1145000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.B5syWn", 0700) = 0 chmod("./syzkaller.B5syWn", 0777) = 0 chdir("./syzkaller.B5syWn") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5026 attached , child_tidptr=0x555556efe690) = 5026 [pid 5026] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5026] chdir("./0") = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3) = 0 [pid 5026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5026] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5026] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5028 attached [pid 5028] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5026] <... clone3 resumed> => {parent_tid=[5028]}, 88) = 5028 [pid 5028] <... rseq resumed>) = 0 [pid 5026] rt_sigprocmask(SIG_SETMASK, [], [pid 5028] set_robust_list(0x7f9ca106d9a0, 24 [pid 5026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5028] <... set_robust_list resumed>) = 0 [pid 5026] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5028] memfd_create("syzkaller", 0) = 3 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 syzkaller login: [ 50.982486][ T5028] syz-executor110[5028]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5028] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5028] close(3) = 0 [pid 5028] mkdir("./bus", 0777) = 0 [ 51.140014][ T5028] loop0: detected capacity change from 0 to 32768 [ 51.149943][ T5028] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 51.158141][ T5028] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 51.167319][ T5028] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 51.175906][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 51.182674][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 51.211957][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 51.219536][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 51.224807][ T5028] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5028] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5028] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5028] chdir("./bus") = 0 [pid 5028] ioctl(4, LOOP_CLR_FD) = 0 [pid 5028] close(4) = 0 [pid 5028] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] mkdir("./file0", 000 [pid 5026] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5026] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5032 attached [pid 5032] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5032] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] <... clone3 resumed> => {parent_tid=[5032]}, 88) = 5032 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5026] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5032] creat("./file0/file1", 000 [pid 5026] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... creat resumed>) = 4 [pid 5032] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... futex resumed>) = 0 [pid 5028] <... mkdir resumed>) = 0 [pid 5028] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] exit_group(0 [pid 5032] <... futex resumed>) = ? [pid 5026] <... exit_group resumed>) = ? [pid 5032] +++ exited with 0 +++ [pid 5028] <... futex resumed>) = ? [pid 5028] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5034 ./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5034] chdir("./1") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5034] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5035 attached [pid 5035] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5034] <... clone3 resumed> => {parent_tid=[5035]}, 88) = 5035 [pid 5035] <... rseq resumed>) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] set_robust_list(0x7f9ca106d9a0, 24 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] <... set_robust_list resumed>) = 0 [pid 5034] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5035] memfd_create("syzkaller", 0 [pid 5034] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5035] <... memfd_create resumed>) = 3 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5035] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./bus", 0777) = 0 [ 51.583257][ T5035] loop0: detected capacity change from 0 to 32768 [ 51.594505][ T5035] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 51.603082][ T5035] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 51.612527][ T5035] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 51.621162][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 51.628253][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 51.657561][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 51.666363][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 51.671601][ T5035] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5035] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./bus") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5035] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5035] mkdir("./file0", 000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... mkdir resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5035] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5034] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... mprotect resumed>) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5039 attached [pid 5039] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5039] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... clone3 resumed> => {parent_tid=[5039]}, 88) = 5039 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5039] creat("./file0/file1", 000 [pid 5034] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... creat resumed>) = 4 [pid 5039] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] exit_group(0 [pid 5035] <... futex resumed>) = ? [pid 5034] <... exit_group resumed>) = ? [pid 5035] +++ exited with 0 +++ [pid 5039] <... futex resumed>) = ? [pid 5039] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5041 ./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5041] chdir("./2") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5041] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5042 attached [pid 5042] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5042] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... clone3 resumed> => {parent_tid=[5042]}, 88) = 5042 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5041] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5042] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./bus", 0777) = 0 [ 52.024614][ T5042] loop0: detected capacity change from 0 to 32768 [ 52.035835][ T5042] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 52.044275][ T5042] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 52.053388][ T5042] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 52.062035][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 52.068965][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 52.097297][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 52.104809][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 52.110073][ T5042] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5042] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./bus") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5042] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] <... futex resumed>) = 0 [pid 5042] mkdir("./file0", 000 [pid 5041] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5041] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] <... mkdir resumed>) = 0 [pid 5041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5046 attached => {parent_tid=[5046]}, 88) = 5046 [pid 5042] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5041] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5046] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] creat("./file0/file1", 000) = 4 [pid 5046] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5046] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] exit_group(0 [pid 5046] <... futex resumed>) = ? [pid 5042] <... futex resumed>) = ? [pid 5041] <... exit_group resumed>) = ? [pid 5042] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5047 ./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5047] chdir("./3") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5047] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5048]}, 88) = 5048 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5048] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] memfd_create("syzkaller", 0) = 3 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5048] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./bus", 0777) = 0 [ 52.457065][ T5048] loop0: detected capacity change from 0 to 32768 [ 52.466747][ T5048] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 52.475153][ T5048] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 52.483839][ T5048] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 52.492555][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 52.499824][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 52.529485][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 52.537030][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 52.542253][ T5048] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5048] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./bus") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] <... futex resumed>) = 0 [pid 5048] mkdir("./file0", 000 [pid 5047] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5047] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5048] <... mkdir resumed>) = 0 [pid 5048] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... mprotect resumed>) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5048] <... futex resumed>) = 0 [pid 5047] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5048] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5052]}, 88) = 5052 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5052 attached NULL, 8) = 0 [pid 5052] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5047] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... rseq resumed>) = 0 [pid 5047] <... futex resumed>) = 0 [pid 5052] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5047] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5052] creat("./file0/file1", 000) = 4 [pid 5052] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5052] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5048] <... futex resumed>) = ? [pid 5047] <... exit_group resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5053] chdir("./4") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5053] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5054 attached => {parent_tid=[5054]}, 88) = 5054 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5054] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5054] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] memfd_create("syzkaller", 0) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5054] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5054] close(3) = 0 [pid 5054] mkdir("./bus", 0777) = 0 [ 52.905487][ T5054] loop0: detected capacity change from 0 to 32768 [ 52.914942][ T5054] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 52.923123][ T5054] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 52.932265][ T5054] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 52.940786][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 52.947718][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 52.976412][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 52.984413][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 52.989687][ T5054] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5054] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5054] chdir("./bus") = 0 [pid 5054] ioctl(4, LOOP_CLR_FD) = 0 [pid 5054] close(4) = 0 [pid 5054] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] mkdir("./file0", 000 [pid 5053] <... futex resumed>) = 1 [pid 5053] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5053] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5058 attached => {parent_tid=[5058]}, 88) = 5058 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5053] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... set_robust_list resumed>) = 0 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] creat("./file0/file1", 000 [pid 5054] <... mkdir resumed>) = 0 [pid 5058] <... creat resumed>) = 4 [pid 5058] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5058] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] exit_group(0 [pid 5054] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5058] <... futex resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5059 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5059] chdir("./5") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5059] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5060 attached => {parent_tid=[5060]}, 88) = 5060 [pid 5060] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5060] set_robust_list(0x7f9ca106d9a0, 24 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] <... set_robust_list resumed>) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5060] memfd_create("syzkaller", 0 [pid 5059] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5060] <... memfd_create resumed>) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5060] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./bus", 0777) = 0 [ 53.348785][ T5060] loop0: detected capacity change from 0 to 32768 [ 53.358526][ T5060] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 53.366860][ T5060] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 53.375927][ T5060] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 53.384385][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 53.391283][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 53.419368][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 53.426857][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 53.432052][ T5060] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5060] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./bus") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5060] mkdir("./file0", 000 [pid 5059] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5060] <... mkdir resumed>) = 0 [pid 5060] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5059] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5064]}, 88) = 5064 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5064 attached [pid 5064] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5064] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] creat("./file0/file1", 000) = 4 [pid 5064] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] exit_group(0) = ? [pid 5060] <... futex resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5064] <... futex resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5065] chdir("./6") = 0 [pid 5025] <... clone resumed>, child_tidptr=0x555556efe690) = 5065 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5065] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5066]}, 88) = 5066 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5066 attached [pid 5066] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5066] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] memfd_create("syzkaller", 0) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5066] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./bus", 0777) = 0 [ 53.793506][ T5066] loop0: detected capacity change from 0 to 32768 [ 53.803879][ T5066] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 53.812130][ T5066] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 53.821059][ T5066] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 53.829625][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 53.836459][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 53.865005][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 53.873232][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 53.878660][ T5066] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5066] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./bus") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] <... futex resumed>) = 0 [pid 5066] mkdir("./file0", 000 [pid 5065] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... mkdir resumed>) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... futex resumed>) = 0 [pid 5065] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5066] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5070]}, 88) = 5070 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5070] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] creat("./file0/file1", 000) = 4 [pid 5070] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5070] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] exit_group(0 [pid 5070] <... futex resumed>) = ? [pid 5066] <... futex resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5072] chdir("./7") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5072] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5073]}, 88) = 5073 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5073] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5073] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./bus", 0777) = 0 [ 54.234364][ T5073] loop0: detected capacity change from 0 to 32768 [ 54.243654][ T5073] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 54.251858][ T5073] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 54.261271][ T5073] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 54.269867][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 54.276689][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 54.305027][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 54.313234][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 54.318533][ T5073] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5073] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./bus") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5073] mkdir("./file0", 000 [pid 5072] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5072] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] <... mkdir resumed>) = 0 [pid 5073] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5077 attached => {parent_tid=[5077]}, 88) = 5077 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5077] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] creat("./file0/file1", 000) = 4 [pid 5077] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5077] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] exit_group(0 [pid 5077] <... futex resumed>) = ? [pid 5072] <... exit_group resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5078] chdir("./8") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5025] <... clone resumed>, child_tidptr=0x555556efe690) = 5078 [pid 5078] <... prctl resumed>) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5078] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5079]}, 88) = 5079 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5079] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./bus", 0777) = 0 [ 54.683003][ T5079] loop0: detected capacity change from 0 to 32768 [ 54.693042][ T5079] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 54.701312][ T5079] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 54.710483][ T5079] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 54.719019][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 54.726225][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 54.754506][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 54.762071][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 54.767306][ T5079] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5079] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./bus") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5079] mkdir("./file0", 000 [pid 5078] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5079] <... mkdir resumed>) = 0 [pid 5078] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5079] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5079] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... mprotect resumed>) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5078] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5083] <... rseq resumed>) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5078] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... futex resumed>) = 0 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] creat("./file0/file1", 000) = 4 [pid 5083] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5078] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5078] <... exit_group resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5083] <... futex resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5084] chdir("./9") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5084] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5085 attached => {parent_tid=[5085]}, 88) = 5085 [pid 5085] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... rseq resumed>) = 0 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] set_robust_list(0x7f9ca106d9a0, 24 [pid 5084] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5085] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./bus", 0777) = 0 [ 55.112532][ T5085] loop0: detected capacity change from 0 to 32768 [ 55.121969][ T5085] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 55.130145][ T5085] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 55.139410][ T5085] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 55.148058][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 55.154818][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 55.182927][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 55.191365][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 55.196645][ T5085] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5085] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5085] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./bus") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5085] mkdir("./file0", 000 [pid 5084] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5084] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... mkdir resumed>) = 0 [pid 5084] <... mprotect resumed>) = 0 [pid 5085] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5089 attached => {parent_tid=[5089]}, 88) = 5089 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5089] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5084] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... rseq resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5089] creat("./file0/file1", 000) = 4 [pid 5089] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] exit_group(0) = ? [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5089] <... futex resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5090] chdir("./10") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5090] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5091]}, 88) = 5091 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5091] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5091] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./bus", 0777) = 0 [ 55.545829][ T5091] loop0: detected capacity change from 0 to 32768 [ 55.555611][ T5091] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 55.563917][ T5091] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 55.572773][ T5091] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 55.581439][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 55.588299][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 55.617674][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 55.625342][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 55.630586][ T5091] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5091] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5091] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./bus") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mkdir("./file0", 000 [pid 5090] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5090] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] <... mkdir resumed>) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5095 attached [pid 5091] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... clone3 resumed> => {parent_tid=[5095]}, 88) = 5095 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5095] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] creat("./file0/file1", 000) = 4 [pid 5095] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5095] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5091] <... futex resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5090] <... exit_group resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5096] chdir("./11") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5096] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5097]}, 88) = 5097 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5097] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./bus", 0777) = 0 [ 55.965328][ T5097] loop0: detected capacity change from 0 to 32768 [ 55.975841][ T5097] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 55.984108][ T5097] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 55.993517][ T5097] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 56.001930][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 56.008833][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 56.038391][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 56.046393][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 56.051612][ T5097] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5097] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5097] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./bus") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5097] mkdir("./file0", 000 [pid 5096] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5097] <... mkdir resumed>) = 0 [pid 5096] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5097] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... mprotect resumed>) = 0 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5101 attached [pid 5101] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5101] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5096] <... clone3 resumed> => {parent_tid=[5101]}, 88) = 5101 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] creat("./file0/file1", 000 [pid 5096] <... futex resumed>) = 1 [pid 5101] <... creat resumed>) = 4 [pid 5096] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] exit_group(0 [pid 5097] <... futex resumed>) = ? [pid 5096] <... exit_group resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached , child_tidptr=0x555556efe690) = 5102 [pid 5102] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5102] chdir("./12") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5102] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5103 attached [pid 5103] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5102] <... clone3 resumed> => {parent_tid=[5103]}, 88) = 5103 [pid 5103] set_robust_list(0x7f9ca106d9a0, 24 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] <... set_robust_list resumed>) = 0 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5103] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./bus", 0777) = 0 [ 56.411519][ T5103] loop0: detected capacity change from 0 to 32768 [ 56.421366][ T5103] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 56.429600][ T5103] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 56.438606][ T5103] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 56.447116][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 56.453874][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 56.483073][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 56.490587][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 56.495985][ T5103] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5103] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./bus") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5103] mkdir("./file0", 000 [pid 5102] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5102] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5107]}, 88) = 5107 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5107] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] creat("./file0/file1", 000 [pid 5103] <... mkdir resumed>) = 0 [pid 5103] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... creat resumed>) = 4 [pid 5107] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 1 [pid 5102] exit_group(0 [pid 5107] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5102] <... exit_group resumed>) = ? [pid 5103] <... futex resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5108] chdir("./13") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5108] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5109]}, 88) = 5109 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5108] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5109 attached [pid 5109] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5108] <... futex resumed>) = 0 [pid 5109] <... rseq resumed>) = 0 [pid 5109] set_robust_list(0x7f9ca106d9a0, 24 [pid 5108] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] <... set_robust_list resumed>) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5109] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./bus", 0777) = 0 [ 56.845812][ T5109] loop0: detected capacity change from 0 to 32768 [ 56.855905][ T5109] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 56.864074][ T5109] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 56.873332][ T5109] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 56.881824][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 56.888651][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 56.917067][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 56.925594][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 56.930838][ T5109] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5109] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5109] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./bus") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] mkdir("./file0", 000 [pid 5108] <... futex resumed>) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5108] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5109] <... mkdir resumed>) = 0 [pid 5109] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... mprotect resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5109] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5113 attached => {parent_tid=[5113]}, 88) = 5113 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5108] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5108] <... futex resumed>) = 0 [pid 5113] <... rseq resumed>) = 0 [pid 5108] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] creat("./file0/file1", 000) = 4 [pid 5113] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5108] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] <... exit_group resumed>) = ? [pid 5113] <... futex resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5114 ./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5114] chdir("./14") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5114] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5115]}, 88) = 5115 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5114] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5115 attached [pid 5115] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5115] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5115] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./bus", 0777) = 0 [ 57.291846][ T5115] loop0: detected capacity change from 0 to 32768 [ 57.302308][ T5115] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 57.310544][ T5115] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 57.319745][ T5115] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 57.328211][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 57.335010][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 57.362941][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms [ 57.370483][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 57.375761][ T5115] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5115] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./bus") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5115] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] mkdir("./file0", 000 [pid 5114] <... futex resumed>) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5114] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5119 attached [pid 5119] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5119] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5114] <... clone3 resumed> => {parent_tid=[5119]}, 88) = 5119 [pid 5119] <... set_robust_list resumed>) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] <... mkdir resumed>) = 0 [pid 5119] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5114] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] creat("./file0/file1", 000 [pid 5115] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... creat resumed>) = 4 [pid 5119] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] exit_group(0) = ? [pid 5115] <... futex resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached , child_tidptr=0x555556efe690) = 5120 [pid 5120] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5120] chdir("./15") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5120] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5121]}, 88) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5121] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5121] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./bus", 0777) = 0 [ 57.725130][ T5121] loop0: detected capacity change from 0 to 32768 [ 57.735306][ T5121] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 57.743460][ T5121] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 57.752773][ T5121] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 57.761335][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 57.768146][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 57.796658][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 57.804425][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 57.809870][ T5121] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5121] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5121] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./bus") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] mkdir("./file0", 000 [pid 5120] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5120] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5125]}, 88) = 5125 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... mkdir resumed>) = 0 [pid 5121] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5125 attached [pid 5125] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5125] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] creat("./file0/file1", 000) = 4 [pid 5125] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5125] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] exit_group(0 [pid 5125] <... futex resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] <... exit_group resumed>) = ? [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5126 ./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5126] chdir("./16") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5126] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5127 attached => {parent_tid=[5127]}, 88) = 5127 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5126] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5127] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5127] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5127] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] mkdir("./bus", 0777) = 0 [ 58.161209][ T5127] loop0: detected capacity change from 0 to 32768 [ 58.170267][ T5127] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 58.178525][ T5127] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 58.187518][ T5127] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 58.195956][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 58.202713][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 58.231274][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 58.238814][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 58.244040][ T5127] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5127] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5127] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./bus") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] mkdir("./file0", 000 [pid 5126] <... futex resumed>) = 1 [pid 5126] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5126] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] <... mkdir resumed>) = 0 [pid 5126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5131 attached => {parent_tid=[5131]}, 88) = 5131 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5127] <... futex resumed>) = 0 [pid 5126] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5131] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] creat("./file0/file1", 000) = 4 [pid 5131] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] exit_group(0 [pid 5131] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... exit_group resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5131] +++ exited with 0 +++ [pid 5127] <... futex resumed>) = ? [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5132] chdir("./17") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5132] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5133 attached [pid 5133] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5132] <... clone3 resumed> => {parent_tid=[5133]}, 88) = 5133 [pid 5133] <... rseq resumed>) = 0 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] set_robust_list(0x7f9ca106d9a0, 24 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] <... set_robust_list resumed>) = 0 [pid 5132] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5132] <... futex resumed>) = 0 [pid 5133] memfd_create("syzkaller", 0 [pid 5132] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5133] <... memfd_create resumed>) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5133] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./bus", 0777) = 0 [ 58.594548][ T5133] loop0: detected capacity change from 0 to 32768 [ 58.604573][ T5133] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 58.612834][ T5133] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 58.622042][ T5133] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 58.630455][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 58.637274][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 58.664629][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms [ 58.672986][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 58.678487][ T5133] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5133] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5133] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./bus") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] <... futex resumed>) = 0 [pid 5133] mkdir("./file0", 000 [pid 5132] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5132] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5133] <... mkdir resumed>) = 0 [pid 5132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5133] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... clone3 resumed> => {parent_tid=[5137]}, 88) = 5137 ./strace-static-x86_64: Process 5137 attached [pid 5137] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] <... rseq resumed>) = 0 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5132] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... set_robust_list resumed>) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5132] <... futex resumed>) = 0 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] creat("./file0/file1", 000 [pid 5132] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... creat resumed>) = 4 [pid 5137] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] exit_group(0 [pid 5137] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5133] <... futex resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ [pid 5132] <... exit_group resumed>) = ? [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5138 ./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5138] chdir("./18") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5138] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5139 attached => {parent_tid=[5139]}, 88) = 5139 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] <... rseq resumed>) = 0 [pid 5139] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5139] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./bus", 0777) = 0 [ 59.016684][ T5139] loop0: detected capacity change from 0 to 32768 [ 59.027071][ T5139] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 59.035319][ T5139] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 59.044135][ T5139] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 59.052994][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 59.059915][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 59.088881][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 59.096448][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 59.101677][ T5139] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5139] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./bus") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] mkdir("./file0", 000 [pid 5138] <... futex resumed>) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5138] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5139] <... mkdir resumed>) = 0 [pid 5138] <... clone3 resumed> => {parent_tid=[5143]}, 88) = 5143 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5143 attached [pid 5143] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5143] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] creat("./file0/file1", 000) = 4 [pid 5143] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5143] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5139] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5144] chdir("./19") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5144] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5145 attached => {parent_tid=[5145]}, 88) = 5145 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5145] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5145] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./bus", 0777) = 0 [ 59.455175][ T5145] loop0: detected capacity change from 0 to 32768 [ 59.464495][ T5145] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 59.472709][ T5145] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 59.481435][ T5145] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 59.489712][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 59.496511][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 59.525226][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 59.533525][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 59.538799][ T5145] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5145] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./bus") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] mkdir("./file0", 000 [pid 5144] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5144] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5149]}, 88) = 5149 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5149 attached [pid 5149] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5149] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5149] creat("./file0/file1", 000 [pid 5145] <... mkdir resumed>) = 0 [pid 5145] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... creat resumed>) = 4 [pid 5149] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] exit_group(0 [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] <... exit_group resumed>) = ? [pid 5149] <... futex resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5150] chdir("./20") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5150] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5151 attached [pid 5151] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5151] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5151] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5150] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5150] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5151] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./bus", 0777) = 0 [ 59.889516][ T5151] loop0: detected capacity change from 0 to 32768 [ 59.899077][ T5151] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 59.907553][ T5151] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 59.917499][ T5151] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 59.925846][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 59.932634][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 59.961487][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 59.969113][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 59.974329][ T5151] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5151] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5151] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./bus") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5151] mkdir("./file0", 000 [pid 5150] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... mkdir resumed>) = 0 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5151] <... futex resumed>) = 0 [pid 5150] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5151] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5155]}, 88) = 5155 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5150] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5155] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5155] creat("./file0/file1", 000) = 4 [pid 5155] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5155] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] exit_group(0 [pid 5151] <... futex resumed>) = ? [pid 5150] <... exit_group resumed>) = ? [pid 5155] <... futex resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5156] chdir("./21") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5025] <... clone resumed>, child_tidptr=0x555556efe690) = 5156 [pid 5156] <... prctl resumed>) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5156] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5157]}, 88) = 5157 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5156] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5157 attached [pid 5157] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5157] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5157] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./bus", 0777) = 0 [ 60.329165][ T5157] loop0: detected capacity change from 0 to 32768 [ 60.339308][ T5157] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 60.347509][ T5157] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 60.356593][ T5157] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 60.365135][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 60.371923][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 60.399955][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 60.408616][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 60.413820][ T5157] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5157] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5157] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./bus") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5156] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5161]}, 88) = 5161 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5156] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5161 attached [pid 5157] mkdir("./file0", 000 [pid 5161] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5161] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] creat("./file0/file1", 000) = -1 ENOENT (No such file or directory) [pid 5161] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5161] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... mkdir resumed>) = 0 [pid 5157] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] exit_group(0 [pid 5161] <... futex resumed>) = ? [pid 5157] <... futex resumed>) = ? [pid 5156] <... exit_group resumed>) = ? [pid 5161] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x555556efe690) = 5162 [pid 5162] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5162] chdir("./22") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5162] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5163]}, 88) = 5163 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5163 attached [pid 5163] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5163] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5163] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] mkdir("./bus", 0777) = 0 [ 60.763334][ T5163] loop0: detected capacity change from 0 to 32768 [ 60.772762][ T5163] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 60.781045][ T5163] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 60.789760][ T5163] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 60.798239][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 60.805083][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 60.833698][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 60.841472][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 60.846950][ T5163] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5163] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5163] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] chdir("./bus") = 0 [pid 5163] ioctl(4, LOOP_CLR_FD) = 0 [pid 5163] close(4) = 0 [pid 5163] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5163] mkdir("./file0", 000 [pid 5162] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] <... mkdir resumed>) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5163] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5163] <... futex resumed>) = 0 [pid 5162] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5163] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... mprotect resumed>) = 0 [pid 5162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5167]}, 88) = 5167 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5167 attached [pid 5167] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5162] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] <... set_robust_list resumed>) = 0 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], [pid 5162] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] creat("./file0/file1", 000) = 4 [pid 5167] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5167] <... futex resumed>) = 1 [pid 5162] exit_group(0 [pid 5167] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5162] <... exit_group resumed>) = ? [pid 5167] <... futex resumed>) = ? [pid 5167] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached , child_tidptr=0x555556efe690) = 5168 [pid 5168] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5168] chdir("./23") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5168] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5169]}, 88) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5169] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5168] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... rseq resumed>) = 0 [pid 5168] <... futex resumed>) = 0 [pid 5169] set_robust_list(0x7f9ca106d9a0, 24 [pid 5168] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5169] <... set_robust_list resumed>) = 0 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5169] memfd_create("syzkaller", 0) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5169] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] mkdir("./bus", 0777) = 0 [ 61.221843][ T5169] loop0: detected capacity change from 0 to 32768 [ 61.231523][ T5169] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 61.239783][ T5169] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 61.248889][ T5169] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 61.257278][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 61.264030][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 61.292051][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 61.299567][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 61.304761][ T5169] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5169] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5169] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] chdir("./bus") = 0 [pid 5169] ioctl(4, LOOP_CLR_FD) = 0 [pid 5169] close(4) = 0 [pid 5169] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5169] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5169] mkdir("./file0", 000 [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5169] <... mkdir resumed>) = 0 [pid 5168] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5169] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5169] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... mprotect resumed>) = 0 [pid 5168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5173]}, 88) = 5173 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5168] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5173 attached [pid 5173] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5173] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5173] creat("./file0/file1", 000) = 4 [pid 5173] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5168] exit_group(0 [pid 5173] ???( [pid 5169] <... futex resumed>) = ? [pid 5173] <... ??? resumed>) = ? [pid 5168] <... exit_group resumed>) = ? [pid 5169] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5174 ./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5174] chdir("./24") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5174] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5175 attached [pid 5175] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5174] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5175] <... rseq resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] set_robust_list(0x7f9ca106d9a0, 24 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] <... set_robust_list resumed>) = 0 [pid 5174] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] <... futex resumed>) = 0 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5175] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [ 61.646914][ T5175] loop0: detected capacity change from 0 to 32768 [ 61.657144][ T5175] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 61.665356][ T5175] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 61.674565][ T5175] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 61.683325][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 61.690446][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 61.718361][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms [ 61.725846][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 61.731044][ T5175] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5175] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./bus") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5175] <... futex resumed>) = 1 [pid 5174] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5175] mkdir("./file0", 000 [pid 5174] <... mprotect resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5175] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5179 attached [pid 5179] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5179] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5179] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... clone3 resumed> => {parent_tid=[5179]}, 88) = 5179 [pid 5175] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] <... futex resumed>) = 0 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5179] creat("./file0/file1", 000 [pid 5174] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... creat resumed>) = 4 [pid 5179] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5179] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] exit_group(0) = ? [pid 5179] <... futex resumed>) = ? [pid 5175] <... futex resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5180 attached , child_tidptr=0x555556efe690) = 5180 [pid 5180] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5180] chdir("./25") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5180] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5181 attached => {parent_tid=[5181]}, 88) = 5181 [pid 5181] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] set_robust_list(0x7f9ca106d9a0, 24 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5180] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] <... futex resumed>) = 0 [pid 5181] memfd_create("syzkaller", 0 [pid 5180] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] <... memfd_create resumed>) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5181] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./bus", 0777) = 0 [ 62.092955][ T5181] loop0: detected capacity change from 0 to 32768 [ 62.103113][ T5181] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 62.111408][ T5181] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 62.120275][ T5181] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 62.128725][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 62.135668][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 62.164519][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 62.172918][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 62.178349][ T5181] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5181] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5181] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./bus") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] mkdir("./file0", 000 [pid 5180] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] <... mkdir resumed>) = 0 [pid 5181] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5180] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5185]}, 88) = 5185 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5185 attached [pid 5185] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5180] <... futex resumed>) = 0 [pid 5185] <... rseq resumed>) = 0 [pid 5185] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] creat("./file0/file1", 000) = 4 [pid 5185] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] exit_group(0 [pid 5185] <... futex resumed>) = 1 [pid 5180] <... exit_group resumed>) = ? [pid 5181] <... futex resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached , child_tidptr=0x555556efe690) = 5186 [pid 5186] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5186] chdir("./26") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5186] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5187]}, 88) = 5187 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5186] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5187] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5187] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./bus", 0777) = 0 [ 62.528555][ T5187] loop0: detected capacity change from 0 to 32768 [ 62.538105][ T5187] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 62.546344][ T5187] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 62.555525][ T5187] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 62.563912][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 62.570837][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 62.598955][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 62.606478][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 62.611673][ T5187] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5187] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./bus") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] mkdir("./file0", 000 [pid 5186] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5187] <... mkdir resumed>) = 0 [pid 5187] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5186] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5191]}, 88) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5186] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5186] <... futex resumed>) = 0 [pid 5191] <... rseq resumed>) = 0 [pid 5186] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5191] creat("./file0/file1", 000) = 4 [pid 5191] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] exit_group(0 [pid 5187] <... futex resumed>) = ? [pid 5191] <... futex resumed>) = ? [pid 5186] <... exit_group resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5192 ./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5192] chdir("./27") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5192] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5193]}, 88) = 5193 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5193] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5193] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [ 62.972183][ T5193] loop0: detected capacity change from 0 to 32768 [ 62.981713][ T5193] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 62.989911][ T5193] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 62.999055][ T5193] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 63.007691][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 63.014453][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 63.043487][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 63.051156][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 63.056726][ T5193] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5193] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./bus") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5193] mkdir("./file0", 000 [pid 5192] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5192] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5197]}, 88) = 5197 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5197 attached [pid 5193] <... mkdir resumed>) = 0 [pid 5193] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5197] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] creat("./file0/file1", 000) = 4 [pid 5197] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] exit_group(0 [pid 5193] <... futex resumed>) = ? [pid 5192] <... exit_group resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5197] <... futex resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5198 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5198] chdir("./28") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5198] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5199 attached => {parent_tid=[5199]}, 88) = 5199 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5198] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] <... rseq resumed>) = 0 [pid 5199] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5199] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./bus", 0777) = 0 [ 63.413240][ T5199] loop0: detected capacity change from 0 to 32768 [ 63.422954][ T5199] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 63.431580][ T5199] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 63.440806][ T5199] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 63.449639][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 63.456571][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 63.482152][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms [ 63.489756][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 63.495244][ T5199] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5199] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5199] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./bus") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5199] <... futex resumed>) = 0 [pid 5199] mkdir("./file0", 000 [pid 5198] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5203 attached [pid 5199] <... mkdir resumed>) = 0 [pid 5203] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5198] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5203] <... rseq resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] <... set_robust_list resumed>) = 0 [pid 5198] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] <... futex resumed>) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] creat("./file0/file1", 000 [pid 5199] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... creat resumed>) = 4 [pid 5203] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5203] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] exit_group(0 [pid 5199] <... futex resumed>) = ? [pid 5198] <... exit_group resumed>) = ? [pid 5203] <... futex resumed>) = ? [pid 5203] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5025] <... clone resumed>, child_tidptr=0x555556efe690) = 5204 [pid 5204] chdir("./29") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5204] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5205 attached [pid 5205] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5204] <... clone3 resumed> => {parent_tid=[5205]}, 88) = 5205 [pid 5205] <... rseq resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] set_robust_list(0x7f9ca106d9a0, 24 [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5205] <... set_robust_list resumed>) = 0 [pid 5204] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] <... futex resumed>) = 0 [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5205] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./bus", 0777) = 0 [ 63.870487][ T5205] loop0: detected capacity change from 0 to 32768 [ 63.880416][ T5205] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 63.888706][ T5205] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 63.897474][ T5205] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 63.906119][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 63.912882][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 63.942101][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 63.950467][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 63.955800][ T5205] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5205] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./bus") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] mkdir("./file0", 000 [pid 5204] <... futex resumed>) = 1 [pid 5205] <... mkdir resumed>) = 0 [pid 5205] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] creat("./file0/file1", 000) = 4 [pid 5204] <... futex resumed>) = 1 [pid 5204] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5204] exit_group(0 [pid 5205] <... futex resumed>) = 1 [pid 5205] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... exit_group resumed>) = ? [pid 5205] <... futex resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5209] chdir("./30") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5209] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5210 attached => {parent_tid=[5210]}, 88) = 5210 [pid 5210] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] <... rseq resumed>) = 0 [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] set_robust_list(0x7f9ca106d9a0, 24 [pid 5209] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5209] <... futex resumed>) = 0 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5210] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./bus", 0777) = 0 [ 64.299983][ T5210] loop0: detected capacity change from 0 to 32768 [ 64.309458][ T5210] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 64.318020][ T5210] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 64.327265][ T5210] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 64.336010][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 64.342790][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 64.371840][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 64.379568][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 64.384811][ T5210] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5210] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5210] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./bus") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] mkdir("./file0", 000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5209] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5214]}, 88) = 5214 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5209] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5214 attached [pid 5214] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5214] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5210] <... mkdir resumed>) = 0 [pid 5214] creat("./file0/file1", 000) = 4 [pid 5210] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5214] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] exit_group(0 [pid 5210] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5214] <... futex resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5215] chdir("./31") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5215] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5215] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5216]}, 88) = 5216 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5216 attached [pid 5216] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5216] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5216] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./bus", 0777) = 0 [ 64.741018][ T5216] loop0: detected capacity change from 0 to 32768 [ 64.751063][ T5216] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 64.759277][ T5216] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 64.768470][ T5216] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 64.776942][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 64.783702][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 64.813041][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 64.821392][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 64.826675][ T5216] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5216] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5216] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./bus") = 0 [pid 5216] ioctl(4, LOOP_CLR_FD) = 0 [pid 5216] close(4) = 0 [pid 5216] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5216] mkdir("./file0", 000 [pid 5215] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] <... mkdir resumed>) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5216] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5216] <... futex resumed>) = 0 [pid 5215] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5216] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... mprotect resumed>) = 0 [pid 5215] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5215] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5220 attached [pid 5220] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5215] <... clone3 resumed> => {parent_tid=[5220]}, 88) = 5220 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] <... futex resumed>) = 0 [pid 5220] creat("./file0/file1", 000) = 4 [pid 5215] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] exit_group(0 [pid 5216] <... futex resumed>) = ? [pid 5215] <... exit_group resumed>) = ? [pid 5216] +++ exited with 0 +++ [pid 5220] <... futex resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5221] chdir("./32") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5221] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5222]}, 88) = 5222 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5221] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5222 attached [pid 5222] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5222] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5222] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./bus", 0777) = 0 [ 65.179680][ T5222] loop0: detected capacity change from 0 to 32768 [ 65.188991][ T5222] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 65.197285][ T5222] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 65.206000][ T5222] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 65.214407][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 65.221282][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 65.247232][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms [ 65.255684][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 65.261016][ T5222] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5222] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5222] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./bus") = 0 [pid 5222] ioctl(4, LOOP_CLR_FD) = 0 [pid 5222] close(4) = 0 [pid 5222] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5222] mkdir("./file0", 000 [pid 5221] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5221] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5222] <... mkdir resumed>) = 0 [pid 5221] <... mprotect resumed>) = 0 [pid 5221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5222] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5226 attached ) = 0 [pid 5226] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5221] <... clone3 resumed> => {parent_tid=[5226]}, 88) = 5226 [pid 5226] <... rseq resumed>) = 0 [pid 5222] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] rt_sigprocmask(SIG_SETMASK, [], [pid 5226] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] <... set_robust_list resumed>) = 0 [pid 5221] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5221] <... futex resumed>) = 0 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] creat("./file0/file1", 000) = 4 [pid 5226] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5221] exit_group(0) = ? [pid 5226] <... futex resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5222] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x555556efe690) = 5227 [pid 5227] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5227] chdir("./33") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5227] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5228]}, 88) = 5228 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5228 attached [pid 5228] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5228] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5228] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./bus", 0777) = 0 [ 65.615089][ T5228] loop0: detected capacity change from 0 to 32768 [ 65.625289][ T5228] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 65.633541][ T5228] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 65.642769][ T5228] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 65.651272][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 65.658072][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 65.686678][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 65.695162][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 65.700389][ T5228] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5228] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5228] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./bus") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [pid 5228] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5228] mkdir("./file0", 000 [pid 5227] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5228] <... mkdir resumed>) = 0 [pid 5227] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5232 attached [pid 5232] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5227] <... clone3 resumed> => {parent_tid=[5232]}, 88) = 5232 [pid 5232] <... rseq resumed>) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] <... set_robust_list resumed>) = 0 [pid 5228] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] <... futex resumed>) = 0 [pid 5232] creat("./file0/file1", 000 [pid 5227] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... creat resumed>) = 4 [pid 5228] <... futex resumed>) = 0 [pid 5232] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] exit_group(0) = ? [pid 5232] <... futex resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5233 ./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5233] chdir("./34") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5233] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5234]}, 88) = 5234 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5234 attached [pid 5234] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5234] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5234] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./bus", 0777) = 0 [ 66.060929][ T5234] loop0: detected capacity change from 0 to 32768 [ 66.071729][ T5234] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 66.080576][ T5234] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 66.089877][ T5234] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 66.098496][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 66.105418][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 66.133278][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms [ 66.140783][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 66.146116][ T5234] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5234] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./bus") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5233] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5238 attached [pid 5238] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5233] <... clone3 resumed> => {parent_tid=[5238]}, 88) = 5238 [pid 5238] <... rseq resumed>) = 0 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5233] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5238] creat("./file0/file1", 000 [pid 5233] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... creat resumed>) = -1 ENOENT (No such file or directory) [pid 5238] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5238] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] <... futex resumed>) = 0 [pid 5234] mkdir("./file0", 000) = 0 [pid 5234] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5234] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5239] chdir("./35") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5025] <... clone resumed>, child_tidptr=0x555556efe690) = 5239 [pid 5239] <... prctl resumed>) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5239] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5240]}, 88) = 5240 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5239] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5240 attached [pid 5239] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5240] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5240] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5240] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./bus", 0777) = 0 [ 66.492751][ T5240] loop0: detected capacity change from 0 to 32768 [ 66.502614][ T5240] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 66.510835][ T5240] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 66.520252][ T5240] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 66.528899][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 66.535883][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 66.563865][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms [ 66.571381][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 66.576618][ T5240] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5240] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5240] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./bus") = 0 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] mkdir("./file0", 000 [pid 5239] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5239] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] <... mkdir resumed>) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5240] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5240] <... futex resumed>) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5240] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5244 attached [pid 5239] <... clone3 resumed> => {parent_tid=[5244]}, 88) = 5244 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5239] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... rseq resumed>) = 0 [pid 5244] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5244] creat("./file0/file1", 000) = 4 [pid 5244] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] exit_group(0 [pid 5244] <... futex resumed>) = 1 [pid 5240] <... futex resumed>) = ? [pid 5239] <... exit_group resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5245 ./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5245] chdir("./36") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5245] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5246 attached => {parent_tid=[5246]}, 88) = 5246 [pid 5246] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] <... rseq resumed>) = 0 [pid 5246] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5246] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./bus", 0777) = 0 [ 66.928206][ T5246] loop0: detected capacity change from 0 to 32768 [ 66.937468][ T5246] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 66.945675][ T5246] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 66.955099][ T5246] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 66.963594][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 66.970540][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 66.998713][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 67.006867][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 67.012079][ T5246] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5246] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5246] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./bus") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] mkdir("./file0", 000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5245] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5250]}, 88) = 5250 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5250 attached [pid 5245] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5246] <... mkdir resumed>) = 0 [pid 5250] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5250] creat("./file0/file1", 000 [pid 5246] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] <... creat resumed>) = 4 [pid 5246] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5245] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5251 attached , child_tidptr=0x555556efe690) = 5251 [pid 5251] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5251] chdir("./37") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5251] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5251] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5252 attached => {parent_tid=[5252]}, 88) = 5252 [pid 5252] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5252] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5251] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5251] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5252] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./bus", 0777) = 0 [ 67.359537][ T5252] loop0: detected capacity change from 0 to 32768 [ 67.369225][ T5252] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 67.377441][ T5252] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 67.386018][ T5252] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 67.394442][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 67.401254][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 67.429273][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 67.436756][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 67.441971][ T5252] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5252] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./bus") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5251] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5256 attached => {parent_tid=[5256]}, 88) = 5256 [pid 5256] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] <... rseq resumed>) = 0 [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5251] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... set_robust_list resumed>) = 0 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] <... futex resumed>) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] creat("./file0/file1", 000) = -1 ENOENT (No such file or directory) [pid 5256] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5256] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] mkdir("./file0", 000) = 0 [pid 5252] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0 [pid 5256] <... futex resumed>) = ? [pid 5252] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5257] chdir("./38") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5257] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5257] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5258 attached => {parent_tid=[5258]}, 88) = 5258 [pid 5258] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] <... rseq resumed>) = 0 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] set_robust_list(0x7f9ca106d9a0, 24 [pid 5257] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... set_robust_list resumed>) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... futex resumed>) = 0 [pid 5258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5258] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] mkdir("./bus", 0777) = 0 [ 67.816928][ T5258] loop0: detected capacity change from 0 to 32768 [ 67.826707][ T5258] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 67.834949][ T5258] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 67.843960][ T5258] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 67.852653][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 67.859471][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 67.888068][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 67.896359][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 67.901600][ T5258] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5258] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5258] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./bus") = 0 [pid 5258] ioctl(4, LOOP_CLR_FD) = 0 [pid 5258] close(4) = 0 [pid 5258] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5258] mkdir("./file0", 000 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5258] <... mkdir resumed>) = 0 [pid 5257] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5258] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5262 attached [pid 5257] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5262] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] <... rseq resumed>) = 0 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5257] <... futex resumed>) = 0 [pid 5262] <... set_robust_list resumed>) = 0 [pid 5257] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5262] creat("./file0/file1", 000) = 4 [pid 5262] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] exit_group(0) = ? [pid 5258] <... futex resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5263] chdir("./39") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5263] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5264]}, 88) = 5264 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5264] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5264] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./bus", 0777) = 0 [ 68.255568][ T5264] loop0: detected capacity change from 0 to 32768 [ 68.265981][ T5264] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 68.275003][ T5264] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 68.284224][ T5264] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 68.292881][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 68.299688][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 68.328381][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 68.336007][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 68.341227][ T5264] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5264] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5264] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./bus") = 0 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [pid 5264] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5264] mkdir("./file0", 000 [pid 5263] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5263] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] <... mkdir resumed>) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5264] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5268 attached [pid 5268] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5268] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] creat("./file0/file1", 000) = 4 [pid 5268] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5268] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] exit_group(0 [pid 5268] <... futex resumed>) = ? [pid 5264] <... futex resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5264] +++ exited with 0 +++ [pid 5263] <... exit_group resumed>) = ? [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached , child_tidptr=0x555556efe690) = 5269 [pid 5269] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5269] chdir("./40") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5269] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5270 attached => {parent_tid=[5270]}, 88) = 5270 [pid 5270] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5270] <... rseq resumed>) = 0 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5270] set_robust_list(0x7f9ca106d9a0, 24 [pid 5269] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... set_robust_list resumed>) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] <... futex resumed>) = 0 [pid 5270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5270] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./bus", 0777) = 0 [ 68.673777][ T5270] loop0: detected capacity change from 0 to 32768 [ 68.683412][ T5270] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 68.691649][ T5270] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 68.700166][ T5270] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 68.708642][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 68.715427][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 68.743961][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 68.751507][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 68.756766][ T5270] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5270] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5270] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./bus") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5269] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] mkdir("./file0", 000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5270] <... mkdir resumed>) = 0 [pid 5269] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5270] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5270] <... futex resumed>) = 0 [pid 5269] <... mprotect resumed>) = 0 [pid 5270] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5274 attached => {parent_tid=[5274]}, 88) = 5274 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5274] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = 1 [pid 5274] creat("./file0/file1", 000 [pid 5269] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... creat resumed>) = 4 [pid 5274] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] exit_group(0 [pid 5270] <... futex resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5274] <... futex resumed>) = ? [pid 5269] <... exit_group resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5275] chdir("./41") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5025] <... clone resumed>, child_tidptr=0x555556efe690) = 5275 [pid 5275] <... prctl resumed>) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5275] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5276 attached [pid 5276] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5275] <... clone3 resumed> => {parent_tid=[5276]}, 88) = 5276 [pid 5276] <... rseq resumed>) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] set_robust_list(0x7f9ca106d9a0, 24 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5275] <... futex resumed>) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5276] memfd_create("syzkaller", 0 [pid 5275] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] <... memfd_create resumed>) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5276] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./bus", 0777) = 0 [ 69.115699][ T5276] loop0: detected capacity change from 0 to 32768 [ 69.125829][ T5276] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 69.134001][ T5276] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 69.143252][ T5276] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 69.151808][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 69.158660][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 69.186753][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 69.195864][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 69.201083][ T5276] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5276] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5276] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./bus") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [pid 5276] mkdir("./file0", 000 [pid 5275] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5275] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5280 attached [pid 5280] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5275] <... clone3 resumed> => {parent_tid=[5280]}, 88) = 5280 [pid 5280] <... rseq resumed>) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5280] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5275] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... set_robust_list resumed>) = 0 [pid 5276] <... mkdir resumed>) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] <... futex resumed>) = 0 [pid 5280] creat("./file0/file1", 000 [pid 5275] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... creat resumed>) = 4 [pid 5280] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] exit_group(0) = ? [pid 5276] <... futex resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5281] chdir("./42") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5281] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5282]}, 88) = 5282 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5282] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5282] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./bus", 0777) = 0 [ 69.560132][ T5282] loop0: detected capacity change from 0 to 32768 [ 69.570100][ T5282] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 69.578306][ T5282] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 69.587041][ T5282] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 69.595495][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 69.602253][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 69.630641][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 69.638156][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 69.643354][ T5282] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5282] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5282] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./bus") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5282] mkdir("./file0", 000 [pid 5281] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} [pid 5282] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5286 attached [pid 5282] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5282] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... clone3 resumed> => {parent_tid=[5286]}, 88) = 5286 [pid 5286] <... rseq resumed>) = 0 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5286] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5286] <... set_robust_list resumed>) = 0 [pid 5281] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], [pid 5281] <... futex resumed>) = 0 [pid 5286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5281] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] creat("./file0/file1", 000) = 4 [pid 5286] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... futex resumed>) = 0 [pid 5281] exit_group(0 [pid 5286] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5281] <... exit_group resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached , child_tidptr=0x555556efe690) = 5287 [pid 5287] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5287] chdir("./43") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5287] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5288 attached => {parent_tid=[5288]}, 88) = 5288 [pid 5288] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] set_robust_list(0x7f9ca106d9a0, 24 [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] <... set_robust_list resumed>) = 0 [pid 5287] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5287] <... futex resumed>) = 0 [pid 5288] memfd_create("syzkaller", 0 [pid 5287] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5288] <... memfd_create resumed>) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5288] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] mkdir("./bus", 0777) = 0 [ 70.008622][ T5288] loop0: detected capacity change from 0 to 32768 [ 70.018803][ T5288] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 70.027193][ T5288] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 70.036293][ T5288] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 70.044938][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 70.051719][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 70.080452][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 70.088687][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 70.093926][ T5288] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5288] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5288] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./bus") = 0 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] mkdir("./file0", 000 [pid 5287] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5287] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5292 attached [pid 5292] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5292] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] <... clone3 resumed> => {parent_tid=[5292]}, 88) = 5292 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] creat("./file0/file1", 000 [pid 5287] <... futex resumed>) = 1 [pid 5287] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... mkdir resumed>) = 0 [pid 5288] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... creat resumed>) = 4 [pid 5292] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = 0 [pid 5287] exit_group(0 [pid 5292] <... futex resumed>) = ? [pid 5288] <... futex resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5288] +++ exited with 0 +++ [pid 5287] <... exit_group resumed>) = ? [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached , child_tidptr=0x555556efe690) = 5293 [pid 5293] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5293] chdir("./44") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5293] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5294 attached [pid 5294] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053 [pid 5293] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5294] <... rseq resumed>) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] set_robust_list(0x7f9ca106d9a0, 24 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] <... futex resumed>) = 0 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5294] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./bus", 0777) = 0 [ 70.453218][ T5294] loop0: detected capacity change from 0 to 32768 [ 70.463048][ T5294] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 70.471300][ T5294] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 70.480388][ T5294] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 70.488889][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 70.495691][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 70.523883][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 28ms [ 70.532081][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 70.537471][ T5294] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5294] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5294] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./bus") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5294] mkdir("./file0", 000 [pid 5293] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... mkdir resumed>) = 0 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5294] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5293] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5298]}, 88) = 5298 ./strace-static-x86_64: Process 5298 attached [pid 5293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5293] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5298] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5298] creat("./file0/file1", 000) = 4 [pid 5298] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] exit_group(0 [pid 5294] <... futex resumed>) = ? [pid 5298] <... futex resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5298] +++ exited with 0 +++ [pid 5293] <... exit_group resumed>) = ? [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5299 ./strace-static-x86_64: Process 5299 attached [pid 5299] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5299] chdir("./45") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5299] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5300 attached => {parent_tid=[5300]}, 88) = 5300 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5299] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5300] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5300] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5300] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] mkdir("./bus", 0777) = 0 [ 70.887370][ T5300] loop0: detected capacity change from 0 to 32768 [ 70.897295][ T5300] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 70.905534][ T5300] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 70.914710][ T5300] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 70.923298][ T781] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 70.930087][ T781] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 70.961806][ T781] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 31ms [ 70.969321][ T781] gfs2: fsid=syz:syz.0: jid=0: Done [ 70.974517][ T5300] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5300] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5300] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./bus") = 0 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5300] mkdir("./file0", 000 [pid 5299] <... futex resumed>) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5299] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5304 attached => {parent_tid=[5304]}, 88) = 5304 [pid 5304] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5304] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... set_robust_list resumed>) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] <... mkdir resumed>) = 0 [pid 5299] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] creat("./file0/file1", 000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... creat resumed>) = 4 [pid 5304] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5304] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] exit_group(0) = ? [pid 5304] <... futex resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5300] <... futex resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached , child_tidptr=0x555556efe690) = 5305 [pid 5305] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5305] chdir("./46") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5305] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5306]}, 88) = 5306 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5305] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5306 attached [pid 5306] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5306] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5306] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] mkdir("./bus", 0777) = 0 [ 71.319216][ T5306] loop0: detected capacity change from 0 to 32768 [ 71.329029][ T5306] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 71.337250][ T5306] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 71.346590][ T5306] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 71.355150][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 71.361915][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 71.391016][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 71.398500][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 71.403697][ T5306] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5306] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./bus") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = 0 [pid 5306] mkdir("./file0", 000 [pid 5305] <... futex resumed>) = 1 [pid 5305] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5306] <... mkdir resumed>) = 0 [pid 5305] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0} => {parent_tid=[5310]}, 88) = 5310 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5305] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5310 attached [pid 5306] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053) = 0 [pid 5310] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5310] creat("./file0/file1", 000) = 4 [pid 5310] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5310] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] exit_group(0 [pid 5310] <... futex resumed>) = ? [pid 5306] <... futex resumed>) = ? [pid 5305] <... exit_group resumed>) = ? [pid 5310] +++ exited with 0 +++ [pid 5306] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5311] chdir("./47") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5025] <... clone resumed>, child_tidptr=0x555556efe690) = 5311 [pid 5311] <... prctl resumed>) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5311] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5312]}, 88) = 5312 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5312 attached [pid 5312] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5312] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5312] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] mkdir("./bus", 0777) = 0 [ 71.745815][ T5312] loop0: detected capacity change from 0 to 32768 [ 71.755941][ T5312] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 71.764117][ T5312] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 71.773596][ T5312] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 71.782257][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 71.789135][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 71.819195][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 30ms [ 71.826700][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 71.831931][ T5312] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5312] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5312] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./bus") = 0 [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] mkdir("./file0", 000 [pid 5311] <... futex resumed>) = 1 [pid 5311] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5311] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE [pid 5312] <... mkdir resumed>) = 0 [pid 5311] <... mprotect resumed>) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5316 attached [pid 5316] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5312] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... clone3 resumed> => {parent_tid=[5316]}, 88) = 5316 [pid 5316] <... rseq resumed>) = 0 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] <... futex resumed>) = 0 [pid 5316] creat("./file0/file1", 000 [pid 5311] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... creat resumed>) = 4 [pid 5316] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5316] <... futex resumed>) = 1 [pid 5316] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] exit_group(0 [pid 5316] <... futex resumed>) = ? [pid 5312] <... futex resumed>) = ? [pid 5311] <... exit_group resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5317] chdir("./48") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5317] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0}./strace-static-x86_64: Process 5318 attached => {parent_tid=[5318]}, 88) = 5318 [pid 5318] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5318] set_robust_list(0x7f9ca106d9a0, 24 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] <... set_robust_list resumed>) = 0 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5318] memfd_create("syzkaller", 0 [pid 5317] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5318] <... memfd_create resumed>) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5318] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./bus", 0777) = 0 [ 72.194484][ T5318] loop0: detected capacity change from 0 to 32768 [ 72.204727][ T5318] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 72.212938][ T5318] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 72.222011][ T5318] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 72.230415][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 72.237214][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 72.266358][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 72.274678][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 72.279995][ T5318] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5318] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5318] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./bus") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5318] mkdir("./file0", 000 [pid 5317] <... mmap resumed>) = 0x7f9c99c2c000 [pid 5317] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5322 attached [pid 5322] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5318] <... mkdir resumed>) = 0 [pid 5317] <... clone3 resumed> => {parent_tid=[5322]}, 88) = 5322 [pid 5322] <... rseq resumed>) = 0 [pid 5322] set_robust_list(0x7f9c99c4c9a0, 24) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5322] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] <... futex resumed>) = 0 [pid 5317] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5322] creat("./file0/file1", 000) = 4 [pid 5317] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7f9ca114b6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... futex resumed>) = 0 [pid 5317] exit_group(0 [pid 5318] <... futex resumed>) = ? [pid 5317] <... exit_group resumed>) = ? [pid 5322] <... futex resumed>) = ? [pid 5322] +++ exited with 0 +++ [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556eff730 /* 4 entries */, 32768) = 104 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556f07770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556f07770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x555556eff730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efe690) = 5323 ./strace-static-x86_64: Process 5323 attached [pid 5323] set_robust_list(0x555556efe6a0, 24) = 0 [pid 5323] chdir("./49") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ca10d6e70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ca10c8020}, NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ca104d000 [pid 5323] mprotect(0x7f9ca104e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ca106d990, parent_tid=0x7f9ca106d990, exit_signal=0, stack=0x7f9ca104d000, stack_size=0x20300, tls=0x7f9ca106d6c0} => {parent_tid=[5324]}, 88) = 5324 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9ca114b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5324 attached [pid 5324] rseq(0x7f9ca106dfe0, 0x20, 0, 0x53053053) = 0 [pid 5324] set_robust_list(0x7f9ca106d9a0, 24) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9c98c4d000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5324] munmap(0x7f9c98c4d000, 16777216) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./bus", 0777) = 0 [ 72.629541][ T5324] loop0: detected capacity change from 0 to 32768 [ 72.639763][ T5324] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 72.647983][ T5324] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 72.657407][ T5324] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 72.666189][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 72.674643][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 72.703804][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms [ 72.711437][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 72.716832][ T5324] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5324] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5324] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./bus") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [pid 5324] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f9ca114b6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5323] futex(0x7f9ca114b6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] mkdir("./file0", 000 [pid 5323] <... futex resumed>) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9c99c2c000 [pid 5323] mprotect(0x7f9c99c2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9c99c4c990, parent_tid=0x7f9c99c4c990, exit_signal=0, stack=0x7f9c99c2c000, stack_size=0x20300, tls=0x7f9c99c4c6c0}./strace-static-x86_64: Process 5328 attached [pid 5328] rseq(0x7f9c99c4cfe0, 0x20, 0, 0x53053053 [pid 5323] <... clone3 resumed> => {parent_tid=[5328]}, 88) = 5328 [pid 5328] <... rseq resumed>) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] set_robust_list(0x7f9c99c4c9a0, 24 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] <... set_robust_list resumed>) = 0 [pid 5323] futex(0x7f9ca114b6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] <... futex resumed>) = 0 [pid 5328] creat("./file0/file1", 000 [pid 5323] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... mkdir resumed>) = 0 [pid 5324] futex(0x7f9ca114b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] futex(0x7f9ca114b6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5323] futex(0x7f9ca114b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 72.825414][ T5328] ------------[ cut here ]------------ [ 72.830896][ T5328] DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff8880785fbd58, owner = 0x0, curr 0xffff88807dc60000, list empty [ 72.849964][ T5328] WARNING: CPU: 1 PID: 5328 at kernel/locking/rwsem.c:1370 up_write+0x4f4/0x580 [ 72.859041][ T5328] Modules linked in: [ 72.862940][ T5328] CPU: 1 PID: 5328 Comm: syz-executor110 Not tainted 6.5.0-syzkaller-11938-g65d6e954e378 #0 [ 72.873385][ T5328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 72.883693][ T5328] RIP: 0010:up_write+0x4f4/0x580 [ 72.888656][ T5328] Code: 48 c7 c7 a0 9a 0a 8b 48 c7 c6 e0 9c 0a 8b 48 8b 54 24 28 48 8b 4c 24 18 4d 89 e0 4c 8b 4c 24 30 53 e8 b0 12 e8 ff 48 83 c4 08 <0f> 0b e9 75 fd ff ff 48 c7 c1 08 65 9a 8e 80 e1 07 80 c1 03 38 c1 [ 72.908298][ T5328] RSP: 0018:ffffc90004baf880 EFLAGS: 00010292 [ 72.914372][ T5328] RAX: 7c0ffd1807d4b400 RBX: ffffffff8b0a9b80 RCX: ffff88807dc60000 [ 72.922398][ T5328] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 72.930482][ T5328] RBP: ffffc90004baf950 R08: ffffffff81541672 R09: 1ffff92000975e7c [ 72.938477][ T5328] R10: dffffc0000000000 R11: fffff52000975e7d R12: 0000000000000000 [ 72.946461][ T5328] R13: ffff8880785fbd58 R14: 1ffff92000975f18 R15: dffffc0000000000 [ 72.954416][ T5328] FS: 00007f9c99c4c6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 72.963355][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5323] exit_group(0) = ? [pid 5324] <... futex resumed>) = ? [pid 5324] +++ exited with 0 +++ [ 72.969968][ T5328] CR2: 00007f9ca106e000 CR3: 0000000020f30000 CR4: 00000000003506e0 [ 72.977988][ T5328] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.985977][ T5328] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.994824][ T5328] Call Trace: [ 72.998128][ T5328] [ 73.001062][ T5328] ? __warn+0x162/0x4a0 [ 73.005248][ T5328] ? up_write+0x4f4/0x580 [ 73.009581][ T5328] ? report_bug+0x2b3/0x500 [ 73.014484][ T5328] ? up_write+0x4f4/0x580 [ 73.018858][ T5328] ? handle_bug+0x3d/0x70 [ 73.023194][ T5328] ? exc_invalid_op+0x1a/0x50 [ 73.027901][ T5328] ? asm_exc_invalid_op+0x1a/0x20 [ 73.032924][ T5328] ? __warn_printk+0x292/0x360 [ 73.037708][ T5328] ? up_write+0x4f4/0x580 [ 73.042039][ T5328] ? __up_read+0x690/0x690 [ 73.046473][ T5328] path_openat+0x163a/0x3180 [ 73.051067][ T5328] ? gfs2_rename2+0x2480/0x2480 [ 73.055936][ T5328] ? do_filp_open+0x490/0x490 [ 73.060615][ T5328] ? rcu_is_watching+0x15/0xb0 [ 73.065394][ T5328] do_filp_open+0x234/0x490 [ 73.069894][ T5328] ? vfs_tmpfile+0x4b0/0x4b0 [ 73.074483][ T5328]