./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3527751877 <...> forked to background, child pid 3182 no interfaces have a carrier [ 17.749599][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 17.758095][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts. execve("./syz-executor3527751877", ["./syz-executor3527751877"], 0x7fff1d36ba70 /* 10 vars */) = 0 brk(NULL) = 0x555555807000 brk(0x555555807c40) = 0x555555807c40 arch_prctl(ARCH_SET_FS, 0x555555807300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555558075d0) = 3610 set_robust_list(0x5555558075e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f246f2afa70, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f246f2b0140}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f246f2afb10, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f246f2b0140}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3527751877", 4096) = 28 brk(0x555555828c40) = 0x555555828c40 brk(0x555555829000) = 0x555555829000 mprotect(0x7f246f371000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3610 mkdir("./syzkaller.iRCsba", 0700) = 0 chmod("./syzkaller.iRCsba", 0777) = 0 chdir("./syzkaller.iRCsba") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3611 ./strace-static-x86_64: Process 3611 attached [pid 3611] set_robust_list(0x5555558075e0, 24) = 0 [pid 3611] chdir("./0") = 0 [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3611] setpgid(0, 0) = 0 [pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1000", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3611] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3611] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3611] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3613], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3613 [pid 3611] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3613 attached [pid 3613] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3613] mkdir("./bus", 000) = 0 [pid 3613] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3611] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] memfd_create("syzkaller", 0) = 3 [pid 3613] ftruncate(3, 135266304) = 0 [pid 3613] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3613] mkdir("./file0", 0777) = 0 [pid 3613] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3613] ioctl(4, LOOP_CLR_FD) = 0 [pid 3613] close(4) = 0 [pid 3613] close(3) = 0 [pid 3613] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3611] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] mkdir("./file1", 000) = 0 [pid 3613] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3611] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3613] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3611] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] chdir("./bus") = 0 [pid 3613] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3611] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3611] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3611] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3614], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3614 [pid 3611] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3613] <... futex resumed>) = 1 [pid 3613] link("./file1", "./bus"./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3614] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3614] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3614] <... futex resumed>) = 1 [pid 3614] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] <... link resumed>) = 0 [pid 3613] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] exit_group(0) = ? [pid 3614] <... futex resumed>) = ? [pid 3613] <... futex resumed>) = ? [pid 3614] +++ exited with 0 +++ [pid 3613] +++ exited with 0 +++ [pid 3611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3611, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./0/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./0/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 syzkaller login: [ 36.437233][ T3613] loop0: detected capacity change from 0 to 264192 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./0/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/bus/index") = 0 umount2("./0/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3615 ./strace-static-x86_64: Process 3615 attached [pid 3615] set_robust_list(0x5555558075e0, 24) = 0 [pid 3615] chdir("./1") = 0 [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setpgid(0, 0) = 0 [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1000", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3615] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3615] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3615] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3616], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3616 [pid 3615] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3616] mkdir("./bus", 000) = 0 [pid 3616] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... futex resumed>) = 0 [pid 3615] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] memfd_create("syzkaller", 0) = 3 [pid 3616] ftruncate(3, 135266304) = 0 [pid 3616] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3616] mkdir("./file0", 0777) = 0 [pid 3616] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3616] ioctl(4, LOOP_CLR_FD) = 0 [pid 3616] close(4) = 0 [pid 3616] close(3) = 0 [pid 3616] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3616] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3615] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3615] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] mkdir("./file1", 000) = 0 [pid 3616] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3615] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3616] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3616] chdir("./bus" [pid 3615] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... chdir resumed>) = 0 [pid 3616] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3615] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3615] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE [pid 3616] link("./file1", "./bus" [pid 3615] <... mprotect resumed>) = 0 [pid 3615] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3617 attached , parent_tid=[3617], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3617 [pid 3617] set_robust_list(0x7f246f27e9e0, 24 [pid 3615] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... set_robust_list resumed>) = 0 [pid 3615] <... futex resumed>) = 0 [pid 3617] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3615] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3617] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3617] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3617] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3616] <... link resumed>) = 0 [pid 3616] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3615] exit_group(0) = ? [pid 3616] <... futex resumed>) = ? [pid 3616] +++ exited with 0 +++ [pid 3617] <... futex resumed>) = ? [pid 3617] +++ exited with 0 +++ [pid 3615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3615, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./1/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./1/file1/file1") = 0 umount2("./1/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./1/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./1/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 [ 36.687704][ T3616] loop0: detected capacity change from 0 to 264192 close(5) = 0 rmdir("./1/bus/index") = 0 umount2("./1/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3618 ./strace-static-x86_64: Process 3618 attached [pid 3618] set_robust_list(0x5555558075e0, 24) = 0 [pid 3618] chdir("./2") = 0 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] setpgid(0, 0) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1000", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3618] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3618] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3618] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3619], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3619 [pid 3618] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3619 attached [pid 3619] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3619] mkdir("./bus", 000) = 0 [pid 3619] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] memfd_create("syzkaller", 0) = 3 [pid 3619] ftruncate(3, 135266304) = 0 [pid 3619] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3619] mkdir("./file0", 0777) = 0 [pid 3619] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3619] ioctl(4, LOOP_CLR_FD) = 0 [pid 3619] close(4) = 0 [pid 3619] close(3) = 0 [pid 3619] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] mkdir("./file1", 000) = 0 [pid 3619] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3619] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] chdir("./bus") = 0 [pid 3619] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3618] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3618] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3620], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3620 [pid 3618] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] link("./file1", "./bus"./strace-static-x86_64: Process 3620 attached [pid 3620] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3620] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3620] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3619] <... link resumed>) = 0 [pid 3619] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3619] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3618] <... futex resumed>) = 0 [pid 3618] exit_group(0) = ? [pid 3619] <... futex resumed>) = ? [pid 3619] +++ exited with 0 +++ [pid 3620] <... futex resumed>) = ? [pid 3620] +++ exited with 0 +++ [pid 3618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3618, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./2/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./2/file1/file1") = 0 umount2("./2/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./2/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./2/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/bus/index") = 0 umount2("./2/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 [ 36.774582][ T3619] loop0: detected capacity change from 0 to 264192 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3621 ./strace-static-x86_64: Process 3621 attached [pid 3621] set_robust_list(0x5555558075e0, 24) = 0 [pid 3621] chdir("./3") = 0 [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3621] setpgid(0, 0) = 0 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3621] write(3, "1000", 4) = 4 [pid 3621] close(3) = 0 [pid 3621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3621] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3621] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3621] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3622], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3622 [pid 3621] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3622 attached [pid 3622] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3622] mkdir("./bus", 000 [pid 3621] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... mkdir resumed>) = 0 [pid 3622] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] <... futex resumed>) = 0 [pid 3621] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3622] memfd_create("syzkaller", 0) = 3 [pid 3622] ftruncate(3, 135266304) = 0 [pid 3622] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3622] mkdir("./file0", 0777) = 0 [pid 3622] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3622] ioctl(4, LOOP_CLR_FD) = 0 [pid 3622] close(4) = 0 [pid 3622] close(3) = 0 [pid 3622] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... futex resumed>) = 0 [pid 3621] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [pid 3622] mkdir("./file1", 000) = 0 [pid 3622] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... futex resumed>) = 0 [pid 3621] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [pid 3622] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3622] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... futex resumed>) = 0 [pid 3621] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [pid 3622] chdir("./bus") = 0 [pid 3622] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... futex resumed>) = 0 [pid 3621] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3621] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3621] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3623], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3623 [pid 3621] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... futex resumed>) = 1 [pid 3622] link("./file1", "./bus"./strace-static-x86_64: Process 3623 attached [pid 3623] set_robust_list(0x7f246f27e9e0, 24 [pid 3622] <... link resumed>) = 0 [pid 3622] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3623] <... set_robust_list resumed>) = 0 [pid 3623] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3623] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... futex resumed>) = 0 [pid 3621] exit_group(0) = ? [pid 3622] <... futex resumed>) = ? [pid 3622] +++ exited with 0 +++ [pid 3623] <... futex resumed>) = ? [pid 3623] +++ exited with 0 +++ [pid 3621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3621, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./3/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./3/file1/file1") = 0 umount2("./3/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./3/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./3/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/bus/index") = 0 umount2("./3/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3624 ./strace-static-x86_64: Process 3624 attached [pid 3624] set_robust_list(0x5555558075e0, 24) = 0 [pid 3624] chdir("./4") = 0 [pid 3624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3624] setpgid(0, 0) = 0 [pid 3624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3624] write(3, "1000", 4) = 4 [pid 3624] close(3) = 0 [pid 3624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3624] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3624] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3624] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3625], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3625 [pid 3624] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3625 attached [pid 3625] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3625] mkdir("./bus", 000) = 0 [pid 3625] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] memfd_create("syzkaller", 0) = 3 [pid 3625] ftruncate(3, 135266304) = 0 [pid 3625] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 36.852281][ T3622] loop0: detected capacity change from 0 to 264192 [ 36.878950][ T3623] syz-executor352 (3623) used greatest stack depth: 22064 bytes left [pid 3625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3625] mkdir("./file0", 0777) = 0 [pid 3625] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3625] ioctl(4, LOOP_CLR_FD) = 0 [pid 3625] close(4) = 0 [pid 3625] close(3) = 0 [pid 3625] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] mkdir("./file1", 000) = 0 [pid 3625] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3625] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] chdir("./bus") = 0 [pid 3625] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3624] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3624] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3626], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3626 [pid 3624] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3624] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3625] <... futex resumed>) = 1 [pid 3625] link("./file1", "./bus") = 0 [pid 3625] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3626 attached [pid 3626] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3626] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3626] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... futex resumed>) = 0 [pid 3624] exit_group(0) = ? [pid 3625] <... futex resumed>) = ? [pid 3625] +++ exited with 0 +++ [pid 3626] <... futex resumed>) = ? [pid 3626] +++ exited with 0 +++ [pid 3624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3624, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./4/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./4/file1/file1") = 0 umount2("./4/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./4/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./4/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/bus/index") = 0 umount2("./4/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 36.922757][ T3625] loop0: detected capacity change from 0 to 264192 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3627 ./strace-static-x86_64: Process 3627 attached [pid 3627] set_robust_list(0x5555558075e0, 24) = 0 [pid 3627] chdir("./5") = 0 [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3627] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3627] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3627] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3628 attached , parent_tid=[3628], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3628 [pid 3627] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3628] mkdir("./bus", 000) = 0 [pid 3628] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3628] <... futex resumed>) = 1 [pid 3628] memfd_create("syzkaller", 0) = 3 [pid 3628] ftruncate(3, 135266304) = 0 [pid 3628] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3628] mkdir("./file0", 0777) = 0 [pid 3628] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3628] ioctl(4, LOOP_CLR_FD) = 0 [pid 3628] close(4) = 0 [pid 3628] close(3) = 0 [pid 3628] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] mkdir("./file1", 000) = 0 [pid 3628] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3628] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] chdir("./bus") = 0 [pid 3628] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3627] <... futex resumed>) = 0 [pid 3627] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3627] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3627] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3629], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3629 [pid 3627] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3627] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3628] link("./file1", "./bus"./strace-static-x86_64: Process 3629 attached [pid 3629] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3629] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3629] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3627] <... futex resumed>) = 0 [pid 3629] <... futex resumed>) = 1 [pid 3628] <... link resumed>) = 0 [pid 3628] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3629] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3627] exit_group(0) = ? [pid 3628] <... futex resumed>) = ? [pid 3628] +++ exited with 0 +++ [pid 3629] <... futex resumed>) = ? [pid 3629] +++ exited with 0 +++ [pid 3627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3627, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./5/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./5/file1/file1") = 0 umount2("./5/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./5/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 36.999598][ T3628] loop0: detected capacity change from 0 to 264192 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./5/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/bus/index") = 0 umount2("./5/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3630 ./strace-static-x86_64: Process 3630 attached [pid 3630] set_robust_list(0x5555558075e0, 24) = 0 [pid 3630] chdir("./6") = 0 [pid 3630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3630] setpgid(0, 0) = 0 [pid 3630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3630] write(3, "1000", 4) = 4 [pid 3630] close(3) = 0 [pid 3630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3630] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3630] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3630] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3631], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3631 ./strace-static-x86_64: Process 3631 attached [pid 3630] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3630] <... futex resumed>) = 0 [pid 3631] mkdir("./bus", 000 [pid 3630] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3631] <... mkdir resumed>) = 0 [pid 3631] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3630] <... futex resumed>) = 0 [pid 3631] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3630] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3630] <... futex resumed>) = 0 [pid 3631] memfd_create("syzkaller", 0 [pid 3630] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3631] <... memfd_create resumed>) = 3 [pid 3631] ftruncate(3, 135266304) = 0 [pid 3631] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3631] mkdir("./file0", 0777) = 0 [pid 3631] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3631] ioctl(4, LOOP_CLR_FD) = 0 [pid 3631] close(4) = 0 [pid 3631] close(3) = 0 [pid 3631] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3630] <... futex resumed>) = 0 [pid 3630] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3630] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3631] <... futex resumed>) = 0 [pid 3631] mkdir("./file1", 000) = 0 [pid 3631] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3630] <... futex resumed>) = 0 [pid 3630] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3630] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3631] <... futex resumed>) = 1 [pid 3631] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3631] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3630] <... futex resumed>) = 0 [pid 3630] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3630] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3631] <... futex resumed>) = 1 [pid 3631] chdir("./bus") = 0 [pid 3631] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3630] <... futex resumed>) = 0 [pid 3630] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3630] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3630] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3630] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3632 attached , parent_tid=[3632], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3632 [pid 3632] set_robust_list(0x7f246f27e9e0, 24 [pid 3630] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] <... set_robust_list resumed>) = 0 [pid 3630] <... futex resumed>) = 0 [pid 3632] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3630] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3631] <... futex resumed>) = 1 [pid 3631] link("./file1", "./bus" [pid 3632] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3632] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3630] <... futex resumed>) = 0 [pid 3631] <... link resumed>) = 0 [pid 3631] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3630] exit_group(0) = ? [pid 3631] <... futex resumed>) = ? [pid 3631] +++ exited with 0 +++ [pid 3632] +++ exited with 0 +++ [pid 3630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3630, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./6/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./6/file1/file1") = 0 umount2("./6/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./6/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./6/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 37.098509][ T3631] loop0: detected capacity change from 0 to 264192 lstat("./6/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/bus/index") = 0 umount2("./6/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3633 ./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x5555558075e0, 24) = 0 [pid 3633] chdir("./7") = 0 [pid 3633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3633] setpgid(0, 0) = 0 [pid 3633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3633] write(3, "1000", 4) = 4 [pid 3633] close(3) = 0 [pid 3633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3633] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3633] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3633] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3634], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3634 [pid 3633] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3634 attached [pid 3634] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3634] mkdir("./bus", 000) = 0 [pid 3634] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] memfd_create("syzkaller", 0 [pid 3633] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3634] <... memfd_create resumed>) = 3 [pid 3634] ftruncate(3, 135266304) = 0 [pid 3634] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3634] mkdir("./file0", 0777) = 0 [pid 3634] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3634] ioctl(4, LOOP_CLR_FD) = 0 [pid 3634] close(4) = 0 [pid 3634] close(3) = 0 [pid 3634] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 1 [pid 3634] mkdir("./file1", 000) = 0 [pid 3634] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 1 [pid 3634] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3634] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 1 [pid 3634] chdir("./bus") = 0 [pid 3634] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3633] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3633] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3635], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3635 [pid 3633] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3634] <... futex resumed>) = 1 [pid 3634] link("./file1", "./bus") = 0 [pid 3634] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3635 attached [pid 3635] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3635] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3635] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = 0 [pid 3633] exit_group(0) = ? [pid 3634] <... futex resumed>) = ? [pid 3634] +++ exited with 0 +++ [pid 3635] <... futex resumed>) = ? [pid 3635] +++ exited with 0 +++ [pid 3633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3633, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./7/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./7/file1/file1") = 0 umount2("./7/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./7/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./7/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/bus/index") = 0 umount2("./7/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 37.190126][ T3634] loop0: detected capacity change from 0 to 264192 lstat("./7/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3636 ./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x5555558075e0, 24) = 0 [pid 3636] chdir("./8") = 0 [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3636] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3636] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x7f246f29f9e0, 24 [pid 3636] <... clone resumed>, parent_tid=[3637], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3637 [pid 3637] <... set_robust_list resumed>) = 0 [pid 3636] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] mkdir("./bus", 000 [pid 3636] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... mkdir resumed>) = 0 [pid 3637] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3637] memfd_create("syzkaller", 0 [pid 3636] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... memfd_create resumed>) = 3 [pid 3636] <... futex resumed>) = 0 [pid 3637] ftruncate(3, 135266304 [pid 3636] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3637] <... ftruncate resumed>) = 0 [pid 3637] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3637] mkdir("./file0", 0777) = 0 [pid 3637] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3637] ioctl(4, LOOP_CLR_FD) = 0 [pid 3637] close(4) = 0 [pid 3637] close(3) = 0 [pid 3637] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3637] mkdir("./file1", 000 [pid 3636] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... mkdir resumed>) = 0 [pid 3636] <... futex resumed>) = 0 [pid 3637] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... futex resumed>) = 0 [pid 3636] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3637] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3636] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... mount resumed>) = 0 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... futex resumed>) = 1 [pid 3637] chdir("./bus") = 0 [pid 3637] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3636] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3638], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3638 [pid 3636] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... futex resumed>) = 1 [pid 3637] link("./file1", "./bus"./strace-static-x86_64: Process 3638 attached [pid 3638] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3638] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3638] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3638] <... futex resumed>) = 1 [pid 3638] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] <... link resumed>) = 0 [pid 3637] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] exit_group(0 [pid 3638] <... futex resumed>) = ? [pid 3637] <... futex resumed>) = ? [pid 3636] <... exit_group resumed>) = ? [pid 3638] +++ exited with 0 +++ [pid 3637] +++ exited with 0 +++ [pid 3636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./8/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./8/file1/file1") = 0 umount2("./8/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./8/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./8/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 37.273402][ T3637] loop0: detected capacity change from 0 to 264192 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/bus/index") = 0 umount2("./8/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3639 ./strace-static-x86_64: Process 3639 attached [pid 3639] set_robust_list(0x5555558075e0, 24) = 0 [pid 3639] chdir("./9") = 0 [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3639] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3639] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3639] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3640], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3640 [pid 3639] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3640 attached [pid 3640] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3640] mkdir("./bus", 000) = 0 [pid 3640] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3639] <... futex resumed>) = 0 [pid 3640] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3639] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3640] memfd_create("syzkaller", 0) = 3 [pid 3640] ftruncate(3, 135266304) = 0 [pid 3640] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3640] mkdir("./file0", 0777) = 0 [pid 3640] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3640] ioctl(4, LOOP_CLR_FD) = 0 [pid 3640] close(4) = 0 [pid 3640] close(3) = 0 [pid 3640] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] mkdir("./file1", 000) = 0 [pid 3640] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3640] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] chdir("./bus") = 0 [pid 3640] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3639] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3639] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3641], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3641 [pid 3639] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... futex resumed>) = 1 [pid 3640] link("./file1", "./bus"./strace-static-x86_64: Process 3641 attached [pid 3641] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3641] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3641] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3641] <... futex resumed>) = 1 [pid 3641] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3640] <... link resumed>) = 0 [pid 3640] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] exit_group(0) = ? [pid 3641] <... futex resumed>) = ? [pid 3641] +++ exited with 0 +++ [pid 3640] <... futex resumed>) = ? [pid 3640] +++ exited with 0 +++ [pid 3639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./9/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./9/file1/file1") = 0 umount2("./9/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./9/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./9/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 [ 37.360867][ T3640] loop0: detected capacity change from 0 to 264192 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/bus/index") = 0 umount2("./9/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3642 ./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x5555558075e0, 24) = 0 [pid 3642] chdir("./10") = 0 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3642] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3642] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3643], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3643 [pid 3642] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3643] mkdir("./bus", 000) = 0 [pid 3643] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] ftruncate(3, 135266304) = 0 [pid 3643] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3643] mkdir("./file0", 0777) = 0 [pid 3643] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3643] close(4) = 0 [pid 3643] close(3) = 0 [pid 3643] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] mkdir("./file1", 000) = 0 [pid 3643] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3643] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] chdir("./bus") = 0 [pid 3643] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3642] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3644 attached [pid 3644] set_robust_list(0x7f246f27e9e0, 24 [pid 3642] <... clone resumed>, parent_tid=[3644], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3644 [pid 3644] <... set_robust_list resumed>) = 0 [pid 3642] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3644] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3643] <... futex resumed>) = 1 [pid 3643] link("./file1", "./bus" [pid 3644] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3644] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3644] <... futex resumed>) = 1 [pid 3644] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3643] <... link resumed>) = 0 [pid 3643] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] exit_group(0) = ? [pid 3644] <... futex resumed>) = ? [pid 3644] +++ exited with 0 +++ [pid 3643] <... futex resumed>) = ? [pid 3643] +++ exited with 0 +++ [pid 3642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./10/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./10/file1/file1") = 0 umount2("./10/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./10/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./10/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/bus/index") = 0 umount2("./10/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 37.447273][ T3643] loop0: detected capacity change from 0 to 264192 lstat("./10/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] set_robust_list(0x5555558075e0, 24) = 0 [pid 3645] chdir("./11") = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3645] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3645] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3646], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3646 [pid 3645] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3646 attached [pid 3646] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3646] mkdir("./bus", 000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... mkdir resumed>) = 0 [pid 3646] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3646] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3646] <... futex resumed>) = 0 [pid 3645] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3646] memfd_create("syzkaller", 0) = 3 [pid 3646] ftruncate(3, 135266304) = 0 [pid 3646] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3646] mkdir("./file0", 0777) = 0 [pid 3646] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3646] ioctl(4, LOOP_CLR_FD) = 0 [pid 3646] close(4) = 0 [pid 3646] close(3) = 0 [pid 3646] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 1 [pid 3646] mkdir("./file1", 000) = 0 [pid 3646] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 1 [pid 3646] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3646] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 1 [pid 3646] chdir("./bus") = 0 [pid 3646] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3645] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3645] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3647 attached [pid 3647] set_robust_list(0x7f246f27e9e0, 24 [pid 3645] <... clone resumed>, parent_tid=[3647], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3647 [pid 3647] <... set_robust_list resumed>) = 0 [pid 3647] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3645] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3647] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3646] <... futex resumed>) = 1 [pid 3646] link("./file1", "./bus" [pid 3647] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3647] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] <... futex resumed>) = 0 [pid 3647] <... futex resumed>) = 1 [pid 3647] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3646] <... link resumed>) = 0 [pid 3646] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3645] exit_group(0) = ? [pid 3647] <... futex resumed>) = ? [pid 3647] +++ exited with 0 +++ [pid 3646] <... futex resumed>) = ? [pid 3646] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./11/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./11/file1/file1") = 0 umount2("./11/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./11/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./11/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 [ 37.531387][ T3646] loop0: detected capacity change from 0 to 264192 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/bus/index") = 0 umount2("./11/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] set_robust_list(0x5555558075e0, 24) = 0 [pid 3648] chdir("./12") = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3648] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3648] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3649], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3649 [pid 3648] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3649 attached [pid 3649] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3649] mkdir("./bus", 000) = 0 [pid 3649] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3649] memfd_create("syzkaller", 0) = 3 [pid 3649] ftruncate(3, 135266304) = 0 [pid 3649] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3649] mkdir("./file0", 0777) = 0 [pid 3649] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3649] ioctl(4, LOOP_CLR_FD) = 0 [pid 3649] close(4) = 0 [pid 3649] close(3) = 0 [pid 3649] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] mkdir("./file1", 000) = 0 [pid 3649] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3649] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] chdir("./bus") = 0 [pid 3649] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3648] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3650], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3650 [pid 3648] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] link("./file1", "./bus"./strace-static-x86_64: Process 3650 attached [pid 3650] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3649] <... link resumed>) = 0 [pid 3649] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3650] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3650] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] exit_group(0) = ? [pid 3649] <... futex resumed>) = ? [pid 3649] +++ exited with 0 +++ [pid 3650] <... futex resumed>) = ? [pid 3650] +++ exited with 0 +++ [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./12/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./12/file1/file1") = 0 umount2("./12/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./12/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./12/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/bus/index") = 0 umount2("./12/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3651 ./strace-static-x86_64: Process 3651 attached [ 37.617389][ T3649] loop0: detected capacity change from 0 to 264192 [pid 3651] set_robust_list(0x5555558075e0, 24) = 0 [pid 3651] chdir("./13") = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3651] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3651] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3652 attached [pid 3652] set_robust_list(0x7f246f29f9e0, 24 [pid 3651] <... clone resumed>, parent_tid=[3652], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3652 [pid 3652] <... set_robust_list resumed>) = 0 [pid 3651] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] mkdir("./bus", 000 [pid 3651] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... mkdir resumed>) = 0 [pid 3652] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] memfd_create("syzkaller", 0 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3652] <... memfd_create resumed>) = 3 [pid 3652] ftruncate(3, 135266304) = 0 [pid 3652] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3652] mkdir("./file0", 0777) = 0 [pid 3652] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3652] ioctl(4, LOOP_CLR_FD) = 0 [pid 3652] close(4) = 0 [pid 3652] close(3) = 0 [pid 3652] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3652] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 0 [pid 3652] mkdir("./file1", 000) = 0 [pid 3652] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 1 [pid 3652] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3652] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3652] chdir("./bus" [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... chdir resumed>) = 0 [pid 3652] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3651] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3653], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3653 [pid 3651] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] link("./file1", "./bus" [pid 3651] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... link resumed>) = 0 [pid 3652] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3653] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3653] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3651] <... futex resumed>) = 0 [pid 3651] exit_group(0) = ? [pid 3653] <... futex resumed>) = ? [pid 3653] +++ exited with 0 +++ [pid 3652] <... futex resumed>) = ? [pid 3652] +++ exited with 0 +++ [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./13/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./13/file1/file1") = 0 umount2("./13/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./13/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 [ 37.694799][ T3652] loop0: detected capacity change from 0 to 264192 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./13/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/bus/index") = 0 umount2("./13/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3654 ./strace-static-x86_64: Process 3654 attached [pid 3654] set_robust_list(0x5555558075e0, 24) = 0 [pid 3654] chdir("./14") = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3654] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3654] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3654] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3655], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3655 [pid 3654] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3655 attached [pid 3655] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3655] mkdir("./bus", 000) = 0 [pid 3655] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3655] <... futex resumed>) = 1 [pid 3655] memfd_create("syzkaller", 0) = 3 [pid 3655] ftruncate(3, 135266304) = 0 [pid 3655] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3655] mkdir("./file0", 0777) = 0 [pid 3655] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3655] ioctl(4, LOOP_CLR_FD) = 0 [pid 3655] close(4) = 0 [pid 3655] close(3) = 0 [pid 3655] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] mkdir("./file1", 000 [pid 3654] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... mkdir resumed>) = 0 [pid 3655] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3655] <... futex resumed>) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3654] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... mount resumed>) = 0 [pid 3655] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 1 [pid 3655] chdir("./bus") = 0 [pid 3655] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3654] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3655] <... futex resumed>) = 1 [pid 3654] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3656 attached [pid 3655] link("./file1", "./bus" [pid 3656] set_robust_list(0x7f246f27e9e0, 24 [pid 3654] <... clone resumed>, parent_tid=[3656], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3656 [pid 3656] <... set_robust_list resumed>) = 0 [pid 3654] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3656] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3654] <... futex resumed>) = 0 [pid 3656] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3655] <... link resumed>) = 0 [pid 3654] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3656] <... futex resumed>) = 0 [pid 3656] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3655] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] exit_group(0 [pid 3656] <... futex resumed>) = ? [pid 3655] <... futex resumed>) = ? [pid 3654] <... exit_group resumed>) = ? [pid 3656] +++ exited with 0 +++ [pid 3655] +++ exited with 0 +++ [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./14/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./14/file1/file1") = 0 umount2("./14/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./14/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 [ 37.786261][ T3655] loop0: detected capacity change from 0 to 264192 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./14/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/bus/index") = 0 umount2("./14/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x5555558075e0, 24) = 0 [pid 3657] chdir("./15") = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3657] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3657] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3658], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3658 [pid 3657] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3658 attached [pid 3658] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3658] mkdir("./bus", 000) = 0 [pid 3658] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3658] <... futex resumed>) = 1 [pid 3658] memfd_create("syzkaller", 0) = 3 [pid 3658] ftruncate(3, 135266304) = 0 [pid 3658] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3658] mkdir("./file0", 0777) = 0 [pid 3658] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3658] ioctl(4, LOOP_CLR_FD) = 0 [pid 3658] close(4) = 0 [pid 3658] close(3) = 0 [pid 3658] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3658] mkdir("./file1", 000 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... mkdir resumed>) = 0 [pid 3658] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3657] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... mount resumed>) = 0 [pid 3658] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] chdir("./bus" [pid 3657] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] <... chdir resumed>) = 0 [pid 3657] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] link("./file1", "./bus" [pid 3657] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3657] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3659], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3659 [pid 3657] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3659 attached [pid 3658] <... link resumed>) = 0 [pid 3658] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3659] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3659] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3657] <... futex resumed>) = 0 [pid 3657] exit_group(0) = ? [pid 3658] <... futex resumed>) = ? [pid 3658] +++ exited with 0 +++ [pid 3659] <... futex resumed>) = ? [pid 3659] +++ exited with 0 +++ [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./15/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./15/file1/file1") = 0 umount2("./15/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./15/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 37.877925][ T3658] loop0: detected capacity change from 0 to 264192 lstat("./15/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./15/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/bus/index") = 0 umount2("./15/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3660 ./strace-static-x86_64: Process 3660 attached [pid 3660] set_robust_list(0x5555558075e0, 24) = 0 [pid 3660] chdir("./16") = 0 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3660] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3660] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3661], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3661 [pid 3660] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3661 attached [pid 3661] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3661] mkdir("./bus", 000) = 0 [pid 3661] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] memfd_create("syzkaller", 0) = 3 [pid 3661] ftruncate(3, 135266304) = 0 [pid 3661] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3661] mkdir("./file0", 0777) = 0 [pid 3661] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3661] ioctl(4, LOOP_CLR_FD) = 0 [pid 3661] close(4) = 0 [pid 3661] close(3) = 0 [pid 3661] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] mkdir("./file1", 000) = 0 [pid 3661] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3661] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] chdir("./bus") = 0 [pid 3661] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3660] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3662], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3662 [pid 3660] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] link("./file1", "./bus"./strace-static-x86_64: Process 3662 attached [pid 3662] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3662] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3661] <... link resumed>) = 0 [pid 3661] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3662] <... open resumed>) = 3 [pid 3662] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] <... futex resumed>) = 0 [pid 3662] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] exit_group(0) = ? [pid 3662] <... futex resumed>) = ? [pid 3661] <... futex resumed>) = ? [pid 3662] +++ exited with 0 +++ [pid 3661] +++ exited with 0 +++ [pid 3660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./16/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./16/file1/file1") = 0 umount2("./16/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./16/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./16/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 [ 37.967401][ T3661] loop0: detected capacity change from 0 to 264192 rmdir("./16/bus/index") = 0 umount2("./16/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x5555558075e0, 24) = 0 [pid 3663] chdir("./17") = 0 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3663] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3663] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3610] <... clone resumed>, child_tidptr=0x5555558075d0) = 3663 [pid 3663] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3664], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3664 [pid 3663] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3664 attached [pid 3664] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3664] mkdir("./bus", 000) = 0 [pid 3664] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3664] memfd_create("syzkaller", 0) = 3 [pid 3664] ftruncate(3, 135266304) = 0 [pid 3664] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3664] mkdir("./file0", 0777) = 0 [pid 3664] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3664] ioctl(4, LOOP_CLR_FD) = 0 [pid 3664] close(4) = 0 [pid 3664] close(3) = 0 [pid 3664] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] mkdir("./file1", 000) = 0 [pid 3664] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3664] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] chdir("./bus") = 0 [pid 3664] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3663] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3665], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3665 [pid 3663] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] <... futex resumed>) = 1 [pid 3664] link("./file1", "./bus"./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3665] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3665] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3665] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] <... link resumed>) = 0 [pid 3664] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3663] exit_group(0) = ? [pid 3664] <... futex resumed>) = ? [pid 3665] <... futex resumed>) = ? [pid 3664] +++ exited with 0 +++ [pid 3665] +++ exited with 0 +++ [pid 3663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./17/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./17/file1/file1") = 0 umount2("./17/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./17/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 [ 38.050198][ T3664] loop0: detected capacity change from 0 to 264192 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./17/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./17/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/bus/index") = 0 umount2("./17/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./17/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3666 ./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x5555558075e0, 24) = 0 [pid 3666] chdir("./18") = 0 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3666] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3666] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3667], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3667 [pid 3666] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3667 attached [pid 3667] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3667] mkdir("./bus", 000) = 0 [pid 3667] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3667] memfd_create("syzkaller", 0) = 3 [pid 3667] ftruncate(3, 135266304) = 0 [pid 3667] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3667] mkdir("./file0", 0777) = 0 [pid 3667] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3667] ioctl(4, LOOP_CLR_FD) = 0 [pid 3667] close(4) = 0 [pid 3667] close(3) = 0 [pid 3667] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 1 [pid 3667] mkdir("./file1", 000) = 0 [pid 3667] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 1 [pid 3667] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3667] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] <... futex resumed>) = 1 [pid 3667] chdir("./bus") = 0 [pid 3667] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3666] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3668 attached [pid 3668] set_robust_list(0x7f246f27e9e0, 24 [pid 3666] <... clone resumed>, parent_tid=[3668], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3668 [pid 3668] <... set_robust_list resumed>) = 0 [pid 3666] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3668] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3666] <... futex resumed>) = 0 [pid 3666] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3668] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3668] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3667] <... futex resumed>) = 1 [pid 3667] link("./file1", "./bus") = 0 [pid 3667] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] exit_group(0 [pid 3668] <... futex resumed>) = ? [pid 3666] <... exit_group resumed>) = ? [pid 3668] +++ exited with 0 +++ [pid 3667] <... futex resumed>) = ? [pid 3667] +++ exited with 0 +++ [pid 3666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./18/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./18/file1/file1") = 0 umount2("./18/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./18/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 [ 38.140434][ T3667] loop0: detected capacity change from 0 to 264192 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./18/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/bus/index") = 0 umount2("./18/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3669 ./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x5555558075e0, 24) = 0 [pid 3669] chdir("./19") = 0 [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3669] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3669] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3669] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3670 attached [pid 3670] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3670] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] <... clone resumed>, parent_tid=[3670], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3670 [pid 3669] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] <... futex resumed>) = 0 [pid 3669] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] mkdir("./bus", 000) = 0 [pid 3670] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] <... futex resumed>) = 0 [pid 3669] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3670] memfd_create("syzkaller", 0) = 3 [pid 3670] ftruncate(3, 135266304) = 0 [pid 3670] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3670] mkdir("./file0", 0777) = 0 [pid 3670] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3670] ioctl(4, LOOP_CLR_FD) = 0 [pid 3670] close(4) = 0 [pid 3670] close(3) = 0 [pid 3670] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] mkdir("./file1", 000) = 0 [pid 3670] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3670] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] chdir("./bus") = 0 [pid 3670] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3669] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3669] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3671], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3671 [pid 3669] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] <... futex resumed>) = 1 [pid 3670] link("./file1", "./bus"./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3671] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3671] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3669] <... futex resumed>) = 0 [pid 3671] <... futex resumed>) = 1 [pid 3671] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3670] <... link resumed>) = 0 [pid 3670] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] exit_group(0) = ? [pid 3671] <... futex resumed>) = ? [pid 3671] +++ exited with 0 +++ [pid 3670] <... futex resumed>) = ? [pid 3670] +++ exited with 0 +++ [pid 3669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./19/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./19/file1/file1") = 0 umount2("./19/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./19/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./19/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/bus/index") = 0 umount2("./19/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 [ 38.223813][ T3670] loop0: detected capacity change from 0 to 264192 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3672 ./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x5555558075e0, 24) = 0 [pid 3672] chdir("./20") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3672] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3672] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3673 attached , parent_tid=[3673], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3673 [pid 3673] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3673] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] <... futex resumed>) = 0 [pid 3673] mkdir("./bus", 000 [pid 3672] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... mkdir resumed>) = 0 [pid 3673] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3673] memfd_create("syzkaller", 0) = 3 [pid 3673] ftruncate(3, 135266304) = 0 [pid 3673] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3673] mkdir("./file0", 0777) = 0 [pid 3673] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3673] ioctl(4, LOOP_CLR_FD) = 0 [pid 3673] close(4) = 0 [pid 3673] close(3) = 0 [pid 3673] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] mkdir("./file1", 000 [pid 3672] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... mkdir resumed>) = 0 [pid 3673] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] <... mount resumed>) = 0 [pid 3673] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3673] chdir("./bus") = 0 [pid 3673] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] link("./file1", "./bus" [pid 3672] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3672] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3674], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3674 [pid 3672] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3674 attached [pid 3674] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3674] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3674] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] <... link resumed>) = 0 [pid 3673] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] <... futex resumed>) = 0 [pid 3672] exit_group(0) = ? [pid 3673] <... futex resumed>) = ? [pid 3673] +++ exited with 0 +++ [pid 3674] <... futex resumed>) = ? [pid 3674] +++ exited with 0 +++ [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./20/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./20/file1/file1") = 0 umount2("./20/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./20/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 [ 38.310449][ T3673] loop0: detected capacity change from 0 to 264192 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./20/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/bus/index") = 0 umount2("./20/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3675 ./strace-static-x86_64: Process 3675 attached [pid 3675] set_robust_list(0x5555558075e0, 24) = 0 [pid 3675] chdir("./21") = 0 [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3675] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3675] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3676], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3676 [pid 3675] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3676 attached [pid 3676] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3676] mkdir("./bus", 000) = 0 [pid 3676] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3676] <... futex resumed>) = 1 [pid 3676] memfd_create("syzkaller", 0) = 3 [pid 3676] ftruncate(3, 135266304) = 0 [pid 3676] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3676] mkdir("./file0", 0777) = 0 [pid 3676] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3676] ioctl(4, LOOP_CLR_FD) = 0 [pid 3676] close(4) = 0 [pid 3676] close(3) = 0 [pid 3676] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... futex resumed>) = 1 [pid 3676] mkdir("./file1", 000) = 0 [pid 3676] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... futex resumed>) = 1 [pid 3676] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3676] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] chdir("./bus") = 0 [pid 3676] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3675] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3677], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3677 [pid 3675] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3677 attached [pid 3676] link("./file1", "./bus" [pid 3677] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3677] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3677] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3677] <... futex resumed>) = 1 [pid 3677] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3676] <... link resumed>) = 0 [pid 3676] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] exit_group(0 [pid 3676] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3675] <... exit_group resumed>) = ? [pid 3677] <... futex resumed>) = ? [pid 3676] <... futex resumed>) = ? [pid 3677] +++ exited with 0 +++ [pid 3676] +++ exited with 0 +++ [pid 3675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./21/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./21/file1/file1") = 0 umount2("./21/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./21/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 [ 38.401102][ T3676] loop0: detected capacity change from 0 to 264192 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./21/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/bus/index") = 0 umount2("./21/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3678 ./strace-static-x86_64: Process 3678 attached [pid 3678] set_robust_list(0x5555558075e0, 24) = 0 [pid 3678] chdir("./22") = 0 [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3678] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3678] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3679], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3679 [pid 3678] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3679 attached [pid 3679] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3679] mkdir("./bus", 000 [pid 3678] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... mkdir resumed>) = 0 [pid 3679] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3678] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] <... futex resumed>) = 0 [pid 3678] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3679] memfd_create("syzkaller", 0) = 3 [pid 3679] ftruncate(3, 135266304) = 0 [pid 3679] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3679] mkdir("./file0", 0777) = 0 [pid 3679] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3679] ioctl(4, LOOP_CLR_FD) = 0 [pid 3679] close(4) = 0 [pid 3679] close(3) = 0 [pid 3679] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 1 [pid 3679] mkdir("./file1", 000) = 0 [pid 3679] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 1 [pid 3679] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3679] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 1 [pid 3679] chdir("./bus") = 0 [pid 3679] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3678] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3680 attached [pid 3680] set_robust_list(0x7f246f27e9e0, 24 [pid 3678] <... clone resumed>, parent_tid=[3680], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3680 [pid 3680] <... set_robust_list resumed>) = 0 [pid 3678] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3680] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 1 [pid 3679] link("./file1", "./bus" [pid 3680] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3680] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3680] <... futex resumed>) = 1 [pid 3680] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3679] <... link resumed>) = 0 [pid 3679] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] exit_group(0 [pid 3680] <... futex resumed>) = ? [pid 3678] <... exit_group resumed>) = ? [pid 3680] +++ exited with 0 +++ [pid 3679] +++ exited with 0 +++ [pid 3678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./22/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./22/file1/file1") = 0 umount2("./22/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./22/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./22/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/bus/index") = 0 umount2("./22/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 [ 38.492976][ T3679] loop0: detected capacity change from 0 to 264192 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3681 ./strace-static-x86_64: Process 3681 attached [pid 3681] set_robust_list(0x5555558075e0, 24) = 0 [pid 3681] chdir("./23") = 0 [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3681] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3681] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3682], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3682 [pid 3681] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3682 attached [pid 3682] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3682] mkdir("./bus", 000) = 0 [pid 3682] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3682] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3682] <... futex resumed>) = 0 [pid 3681] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3682] memfd_create("syzkaller", 0) = 3 [pid 3682] ftruncate(3, 135266304) = 0 [pid 3682] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3682] mkdir("./file0", 0777) = 0 [pid 3682] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3682] ioctl(4, LOOP_CLR_FD) = 0 [pid 3682] close(4) = 0 [pid 3682] close(3) = 0 [pid 3682] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3681] <... futex resumed>) = 0 [pid 3682] mkdir("./file1", 000 [pid 3681] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... mkdir resumed>) = 0 [pid 3682] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3682] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3681] <... futex resumed>) = 0 [pid 3682] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3681] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... mount resumed>) = 0 [pid 3682] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... futex resumed>) = 1 [pid 3682] chdir("./bus") = 0 [pid 3682] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3681] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3683 attached , parent_tid=[3683], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3683 [pid 3681] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] <... futex resumed>) = 1 [pid 3682] link("./file1", "./bus" [pid 3683] set_robust_list(0x7f246f27e9e0, 24 [pid 3682] <... link resumed>) = 0 [pid 3682] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3683] <... set_robust_list resumed>) = 0 [pid 3683] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3683] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3681] <... futex resumed>) = 0 [pid 3681] exit_group(0) = ? [pid 3682] <... futex resumed>) = ? [pid 3682] +++ exited with 0 +++ [pid 3683] <... futex resumed>) = ? [pid 3683] +++ exited with 0 +++ [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./23/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./23/file1/file1") = 0 umount2("./23/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./23/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./23/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 [ 38.570824][ T3682] loop0: detected capacity change from 0 to 264192 close(5) = 0 rmdir("./23/bus/index") = 0 umount2("./23/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3684 ./strace-static-x86_64: Process 3684 attached [pid 3684] set_robust_list(0x5555558075e0, 24) = 0 [pid 3684] chdir("./24") = 0 [pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3684] setpgid(0, 0) = 0 [pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3684] write(3, "1000", 4) = 4 [pid 3684] close(3) = 0 [pid 3684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3684] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3684] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3684] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3685] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3684] <... clone resumed>, parent_tid=[3685], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3685 [pid 3684] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3685] mkdir("./bus", 000) = 0 [pid 3685] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3685] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3684] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3685] memfd_create("syzkaller", 0) = 3 [pid 3685] ftruncate(3, 135266304) = 0 [pid 3685] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3685] mkdir("./file0", 0777) = 0 [pid 3685] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3685] ioctl(4, LOOP_CLR_FD) = 0 [pid 3685] close(4) = 0 [pid 3685] close(3) = 0 [pid 3685] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] <... futex resumed>) = 1 [pid 3685] mkdir("./file1", 000) = 0 [pid 3685] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] <... futex resumed>) = 1 [pid 3685] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3685] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] <... futex resumed>) = 1 [pid 3685] chdir("./bus") = 0 [pid 3685] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3684] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3684] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3686], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3686 [pid 3684] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] <... futex resumed>) = 1 [pid 3685] link("./file1", "./bus") = 0 ./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x7f246f27e9e0, 24 [pid 3685] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... set_robust_list resumed>) = 0 [pid 3686] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3685] <... futex resumed>) = 0 [pid 3685] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] <... open resumed>) = 3 [pid 3686] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] <... futex resumed>) = 0 [pid 3684] exit_group(0) = ? [pid 3686] <... futex resumed>) = ? [pid 3686] +++ exited with 0 +++ [pid 3685] <... futex resumed>) = ? [pid 3685] +++ exited with 0 +++ [pid 3684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./24/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./24/file1/file1") = 0 umount2("./24/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./24/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./24/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 38.658939][ T3685] loop0: detected capacity change from 0 to 264192 openat(AT_FDCWD, "./24/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/bus/index") = 0 umount2("./24/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x5555558075e0, 24) = 0 [pid 3687] chdir("./25") = 0 [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3687] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3687] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3688], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3688 ./strace-static-x86_64: Process 3688 attached [pid 3687] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3688] mkdir("./bus", 000) = 0 [pid 3688] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3688] memfd_create("syzkaller", 0) = 3 [pid 3688] ftruncate(3, 135266304) = 0 [pid 3688] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3688] mkdir("./file0", 0777) = 0 [pid 3688] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3688] ioctl(4, LOOP_CLR_FD) = 0 [pid 3688] close(4) = 0 [pid 3688] close(3) = 0 [pid 3688] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] mkdir("./file1", 000) = 0 [pid 3688] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3688] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] chdir("./bus") = 0 [pid 3688] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3687] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3689], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3689 [pid 3687] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] <... futex resumed>) = 1 [pid 3688] link("./file1", "./bus"./strace-static-x86_64: Process 3689 attached ) = 0 [pid 3688] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3689] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3689] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3689] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3687] exit_group(0) = ? [pid 3688] <... futex resumed>) = ? [pid 3688] +++ exited with 0 +++ [pid 3689] <... futex resumed>) = ? [pid 3689] +++ exited with 0 +++ [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./25/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./25/file1/file1") = 0 umount2("./25/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./25/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./25/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/bus/index") = 0 umount2("./25/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 [ 38.737727][ T3688] loop0: detected capacity change from 0 to 264192 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3690 ./strace-static-x86_64: Process 3690 attached [pid 3690] set_robust_list(0x5555558075e0, 24) = 0 [pid 3690] chdir("./26") = 0 [pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3690] setpgid(0, 0) = 0 [pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3690] write(3, "1000", 4) = 4 [pid 3690] close(3) = 0 [pid 3690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3690] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3690] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3690] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3691], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3691 [pid 3690] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3691 attached [pid 3691] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3691] mkdir("./bus", 000) = 0 [pid 3691] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... futex resumed>) = 0 [pid 3690] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3691] <... futex resumed>) = 1 [pid 3691] memfd_create("syzkaller", 0) = 3 [pid 3691] ftruncate(3, 135266304) = 0 [pid 3691] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3691] mkdir("./file0", 0777) = 0 [pid 3691] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3691] ioctl(4, LOOP_CLR_FD) = 0 [pid 3691] close(4) = 0 [pid 3691] close(3) = 0 [pid 3691] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... futex resumed>) = 0 [pid 3690] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... futex resumed>) = 1 [pid 3691] mkdir("./file1", 000) = 0 [pid 3691] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... futex resumed>) = 0 [pid 3690] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... futex resumed>) = 1 [pid 3691] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3691] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... futex resumed>) = 0 [pid 3690] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... futex resumed>) = 1 [pid 3691] chdir("./bus") = 0 [pid 3691] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3690] <... futex resumed>) = 0 [pid 3690] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3690] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3690] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3692], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3692 [pid 3690] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... futex resumed>) = 1 [pid 3691] link("./file1", "./bus") = 0 [pid 3691] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3692] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3691] <... futex resumed>) = 0 [pid 3691] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3692] <... open resumed>) = 3 [pid 3692] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3692] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] exit_group(0 [pid 3692] <... futex resumed>) = ? [pid 3690] <... exit_group resumed>) = ? [pid 3692] +++ exited with 0 +++ [pid 3691] <... futex resumed>) = ? [pid 3691] +++ exited with 0 +++ [pid 3690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3690, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./26/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./26/file1/file1") = 0 umount2("./26/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./26/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./26/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 [ 38.811585][ T3691] loop0: detected capacity change from 0 to 264192 rmdir("./26/bus/index") = 0 umount2("./26/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3693 ./strace-static-x86_64: Process 3693 attached [pid 3693] set_robust_list(0x5555558075e0, 24) = 0 [pid 3693] chdir("./27") = 0 [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3693] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3693] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3693] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3694 attached , parent_tid=[3694], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3694 [pid 3694] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3694] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] <... futex resumed>) = 0 [pid 3694] mkdir("./bus", 000 [pid 3693] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... mkdir resumed>) = 0 [pid 3694] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] <... futex resumed>) = 0 [pid 3693] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3694] memfd_create("syzkaller", 0) = 3 [pid 3694] ftruncate(3, 135266304) = 0 [pid 3694] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3694] mkdir("./file0", 0777) = 0 [pid 3694] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3694] ioctl(4, LOOP_CLR_FD) = 0 [pid 3694] close(4) = 0 [pid 3694] close(3) = 0 [pid 3694] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... futex resumed>) = 0 [pid 3694] mkdir("./file1", 000) = 0 [pid 3694] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... futex resumed>) = 1 [pid 3694] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3694] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... futex resumed>) = 1 [pid 3694] chdir("./bus") = 0 [pid 3694] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3693] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3693] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3695], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3695 [pid 3693] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... futex resumed>) = 1 [pid 3694] link("./file1", "./bus"./strace-static-x86_64: Process 3695 attached [pid 3695] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3695] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3695] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3695] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3694] <... link resumed>) = 0 [pid 3694] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] exit_group(0 [pid 3695] <... futex resumed>) = ? [pid 3693] <... exit_group resumed>) = ? [pid 3695] +++ exited with 0 +++ [pid 3694] +++ exited with 0 +++ [pid 3693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./27/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./27/file1/file1") = 0 umount2("./27/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./27/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./27/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/bus/index") = 0 umount2("./27/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 [ 38.902919][ T3694] loop0: detected capacity change from 0 to 264192 close(5) = 0 rmdir("./27/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3696 ./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x5555558075e0, 24) = 0 [pid 3696] chdir("./28") = 0 [pid 3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3696] setpgid(0, 0) = 0 [pid 3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3696] write(3, "1000", 4) = 4 [pid 3696] close(3) = 0 [pid 3696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3696] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3696] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3696] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3697], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3697 ./strace-static-x86_64: Process 3697 attached [pid 3697] set_robust_list(0x7f246f29f9e0, 24 [pid 3696] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... set_robust_list resumed>) = 0 [pid 3697] mkdir("./bus", 000) = 0 [pid 3697] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3696] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] memfd_create("syzkaller", 0 [pid 3696] <... futex resumed>) = 0 [pid 3697] <... memfd_create resumed>) = 3 [pid 3697] ftruncate(3, 135266304 [pid 3696] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3697] <... ftruncate resumed>) = 0 [pid 3697] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3697] mkdir("./file0", 0777) = 0 [pid 3697] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3697] ioctl(4, LOOP_CLR_FD) = 0 [pid 3697] close(4) = 0 [pid 3697] close(3) = 0 [pid 3697] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3697] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3696] <... futex resumed>) = 0 [pid 3697] mkdir("./file1", 000 [pid 3696] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... mkdir resumed>) = 0 [pid 3697] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3697] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3696] <... futex resumed>) = 0 [pid 3697] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3696] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... mount resumed>) = 0 [pid 3697] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... futex resumed>) = 0 [pid 3696] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... futex resumed>) = 1 [pid 3697] chdir("./bus") = 0 [pid 3697] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3696] <... futex resumed>) = 0 [pid 3696] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3696] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3697] <... futex resumed>) = 1 [pid 3696] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3697] link("./file1", "./bus" [pid 3696] <... clone resumed>, parent_tid=[3698], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3698 [pid 3696] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... link resumed>) = 0 ./strace-static-x86_64: Process 3698 attached [pid 3697] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3697] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3698] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3698] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3698] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] exit_group(0 [pid 3698] <... futex resumed>) = ? [pid 3696] <... exit_group resumed>) = ? [pid 3697] <... futex resumed>) = ? [pid 3697] +++ exited with 0 +++ [pid 3698] +++ exited with 0 +++ [pid 3696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3696, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./28/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./28/file1/file1") = 0 umount2("./28/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./28/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 [ 38.985295][ T3697] loop0: detected capacity change from 0 to 264192 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./28/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/bus/index") = 0 umount2("./28/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3699 ./strace-static-x86_64: Process 3699 attached [pid 3699] set_robust_list(0x5555558075e0, 24) = 0 [pid 3699] chdir("./29") = 0 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3699] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3699] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3699] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3700], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3700 [pid 3699] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3700 attached [pid 3700] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3700] mkdir("./bus", 000) = 0 [pid 3700] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3700] <... futex resumed>) = 1 [pid 3700] memfd_create("syzkaller", 0) = 3 [pid 3700] ftruncate(3, 135266304) = 0 [pid 3700] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3700] mkdir("./file0", 0777) = 0 [pid 3700] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3700] ioctl(4, LOOP_CLR_FD) = 0 [pid 3700] close(4) = 0 [pid 3700] close(3) = 0 [pid 3700] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... futex resumed>) = 1 [pid 3700] mkdir("./file1", 000) = 0 [pid 3700] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... futex resumed>) = 1 [pid 3700] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3700] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... futex resumed>) = 1 [pid 3700] chdir("./bus") = 0 [pid 3700] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3699] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3699] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3701], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3701 [pid 3699] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... futex resumed>) = 1 [pid 3700] link("./file1", "./bus"./strace-static-x86_64: Process 3701 attached [pid 3701] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3701] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3700] <... link resumed>) = 0 [pid 3700] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3701] <... open resumed>) = 3 [pid 3701] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3699] exit_group(0) = ? [pid 3700] <... futex resumed>) = ? [pid 3700] +++ exited with 0 +++ [pid 3701] <... futex resumed>) = ? [pid 3701] +++ exited with 0 +++ [pid 3699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./29/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./29/file1/file1") = 0 umount2("./29/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./29/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./29/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/bus/index") = 0 umount2("./29/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 [ 39.081445][ T3700] loop0: detected capacity change from 0 to 264192 rmdir("./29/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3702 ./strace-static-x86_64: Process 3702 attached [pid 3702] set_robust_list(0x5555558075e0, 24) = 0 [pid 3702] chdir("./30") = 0 [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3702] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3702] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3703], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3703 [pid 3702] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3703 attached [pid 3703] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3703] mkdir("./bus", 000) = 0 [pid 3703] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3703] <... futex resumed>) = 1 [pid 3703] memfd_create("syzkaller", 0) = 3 [pid 3703] ftruncate(3, 135266304) = 0 [pid 3703] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3703] mkdir("./file0", 0777) = 0 [pid 3703] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3703] ioctl(4, LOOP_CLR_FD) = 0 [pid 3703] close(4) = 0 [pid 3703] close(3) = 0 [pid 3703] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3703] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3703] mkdir("./file1", 000) = 0 [pid 3703] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3703] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] chdir("./bus") = 0 [pid 3703] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3703] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3703] link("./file1", "./bus" [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3702] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3704], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3704 [pid 3702] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3704 attached [pid 3704] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3704] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3704] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3704] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3703] <... link resumed>) = 0 [pid 3703] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] exit_group(0) = ? [pid 3703] +++ exited with 0 +++ [pid 3704] <... futex resumed>) = ? [pid 3704] +++ exited with 0 +++ [pid 3702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./30/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./30/file1/file1") = 0 umount2("./30/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./30/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./30/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/bus/index") = 0 [ 39.152891][ T3703] loop0: detected capacity change from 0 to 264192 umount2("./30/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3705 ./strace-static-x86_64: Process 3705 attached [pid 3705] set_robust_list(0x5555558075e0, 24) = 0 [pid 3705] chdir("./31") = 0 [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3705] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3705] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3705] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3706], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3706 [pid 3705] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3706 attached [pid 3706] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3706] mkdir("./bus", 000) = 0 [pid 3706] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3706] <... futex resumed>) = 1 [pid 3706] memfd_create("syzkaller", 0) = 3 [pid 3706] ftruncate(3, 135266304) = 0 [pid 3706] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3706] mkdir("./file0", 0777) = 0 [pid 3706] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3706] ioctl(4, LOOP_CLR_FD) = 0 [pid 3706] close(4) = 0 [pid 3706] close(3) = 0 [pid 3706] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] mkdir("./file1", 000 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... mkdir resumed>) = 0 [pid 3706] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3706] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... mount resumed>) = 0 [pid 3706] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] chdir("./bus") = 0 [pid 3706] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3705] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3705] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3705] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3707], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3707 [pid 3705] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... futex resumed>) = 1 [pid 3706] link("./file1", "./bus") = 0 ./strace-static-x86_64: Process 3707 attached [pid 3706] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3707] set_robust_list(0x7f246f27e9e0, 24 [pid 3706] <... futex resumed>) = 0 [pid 3706] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] <... set_robust_list resumed>) = 0 [pid 3707] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3707] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3707] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3705] exit_group(0 [pid 3707] <... futex resumed>) = ? [pid 3705] <... exit_group resumed>) = ? [pid 3706] <... futex resumed>) = ? [pid 3707] +++ exited with 0 +++ [pid 3706] +++ exited with 0 +++ [pid 3705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./31/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./31/file1/file1") = 0 umount2("./31/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./31/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 39.228172][ T3706] loop0: detected capacity change from 0 to 264192 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./31/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./31/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/bus/index") = 0 umount2("./31/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./31/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3708 ./strace-static-x86_64: Process 3708 attached [pid 3708] set_robust_list(0x5555558075e0, 24) = 0 [pid 3708] chdir("./32") = 0 [pid 3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3708] setpgid(0, 0) = 0 [pid 3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3708] write(3, "1000", 4) = 4 [pid 3708] close(3) = 0 [pid 3708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3708] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3708] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3708] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3709 attached , parent_tid=[3709], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3709 [pid 3709] set_robust_list(0x7f246f29f9e0, 24 [pid 3708] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... set_robust_list resumed>) = 0 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] mkdir("./bus", 000) = 0 [pid 3709] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3709] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3708] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3708] <... futex resumed>) = 0 [pid 3709] memfd_create("syzkaller", 0 [pid 3708] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3709] <... memfd_create resumed>) = 3 [pid 3709] ftruncate(3, 135266304) = 0 [pid 3709] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3709] mkdir("./file0", 0777) = 0 [pid 3709] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3709] ioctl(4, LOOP_CLR_FD) = 0 [pid 3709] close(4) = 0 [pid 3709] close(3) = 0 [pid 3709] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3709] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3708] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 0 [pid 3709] mkdir("./file1", 000) = 0 [pid 3709] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3709] <... futex resumed>) = 1 [pid 3708] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3709] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] chdir("./bus") = 0 [pid 3709] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3709] link("./file1", "./bus" [pid 3708] <... futex resumed>) = 0 [pid 3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3708] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3708] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3710 attached , parent_tid=[3710], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3710 [pid 3710] set_robust_list(0x7f246f27e9e0, 24 [pid 3708] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3710] <... set_robust_list resumed>) = 0 [pid 3708] <... futex resumed>) = 0 [pid 3710] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3708] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3710] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3710] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3710] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3709] <... link resumed>) = 0 [pid 3709] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] exit_group(0 [pid 3710] <... futex resumed>) = ? [pid 3708] <... exit_group resumed>) = ? [pid 3710] +++ exited with 0 +++ [pid 3709] <... futex resumed>) = ? [pid 3709] +++ exited with 0 +++ [pid 3708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./32/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./32/file1/file1") = 0 umount2("./32/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./32/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 [ 39.320192][ T3709] loop0: detected capacity change from 0 to 264192 umount2("./32/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/bus/index") = 0 umount2("./32/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3711 ./strace-static-x86_64: Process 3711 attached [pid 3711] set_robust_list(0x5555558075e0, 24) = 0 [pid 3711] chdir("./33") = 0 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3711] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3711] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3712], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3712 ./strace-static-x86_64: Process 3712 attached [pid 3712] set_robust_list(0x7f246f29f9e0, 24 [pid 3711] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... set_robust_list resumed>) = 0 [pid 3712] mkdir("./bus", 000) = 0 [pid 3712] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3712] memfd_create("syzkaller", 0) = 3 [pid 3712] ftruncate(3, 135266304) = 0 [pid 3712] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3712] mkdir("./file0", 0777) = 0 [pid 3712] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3712] ioctl(4, LOOP_CLR_FD) = 0 [pid 3712] close(4) = 0 [pid 3712] close(3) = 0 [pid 3712] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [pid 3712] mkdir("./file1", 000) = 0 [pid 3712] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [pid 3712] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3712] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [pid 3712] chdir("./bus") = 0 [pid 3712] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3711] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3713], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3713 [pid 3711] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [pid 3712] link("./file1", "./bus") = 0 [pid 3712] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3713 attached [pid 3713] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3713] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3713] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3711] exit_group(0) = ? [pid 3712] <... futex resumed>) = ? [pid 3712] +++ exited with 0 +++ [pid 3713] +++ exited with 0 +++ [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./33/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./33/file1/file1") = 0 umount2("./33/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./33/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./33/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/bus/index") = 0 umount2("./33/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 [ 39.408653][ T3712] loop0: detected capacity change from 0 to 264192 rmdir("./33/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3714 ./strace-static-x86_64: Process 3714 attached [pid 3714] set_robust_list(0x5555558075e0, 24) = 0 [pid 3714] chdir("./34") = 0 [pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3714] setpgid(0, 0) = 0 [pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3714] write(3, "1000", 4) = 4 [pid 3714] close(3) = 0 [pid 3714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3714] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3714] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3714] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3715], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3715 [pid 3714] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3715 attached [pid 3715] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3715] mkdir("./bus", 000) = 0 [pid 3715] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3715] <... futex resumed>) = 1 [pid 3715] memfd_create("syzkaller", 0) = 3 [pid 3715] ftruncate(3, 135266304) = 0 [pid 3715] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3715] mkdir("./file0", 0777) = 0 [pid 3715] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3715] ioctl(4, LOOP_CLR_FD) = 0 [pid 3715] close(4) = 0 [pid 3715] close(3) = 0 [pid 3715] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... futex resumed>) = 1 [pid 3715] mkdir("./file1", 000) = 0 [pid 3715] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... futex resumed>) = 1 [pid 3715] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3715] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... futex resumed>) = 1 [pid 3715] chdir("./bus") = 0 [pid 3715] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3714] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3714] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3716], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3716 [pid 3714] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... futex resumed>) = 1 [pid 3715] link("./file1", "./bus"./strace-static-x86_64: Process 3716 attached [pid 3716] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3716] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3716] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3716] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3715] <... link resumed>) = 0 [pid 3715] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3714] exit_group(0) = ? [pid 3716] <... futex resumed>) = ? [pid 3715] <... futex resumed>) = ? [pid 3715] +++ exited with 0 +++ [pid 3716] +++ exited with 0 +++ [pid 3714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./34/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./34/file1/file1") = 0 umount2("./34/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./34/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./34/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/bus/index") = 0 umount2("./34/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3717 [ 39.485804][ T3715] loop0: detected capacity change from 0 to 264192 ./strace-static-x86_64: Process 3717 attached [pid 3717] set_robust_list(0x5555558075e0, 24) = 0 [pid 3717] chdir("./35") = 0 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3717] setpgid(0, 0) = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3717] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3717] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3718], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3718 [pid 3717] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3718 attached [pid 3718] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3718] mkdir("./bus", 000) = 0 [pid 3718] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3718] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3718] <... futex resumed>) = 0 [pid 3718] memfd_create("syzkaller", 0) = 3 [pid 3718] ftruncate(3, 135266304) = 0 [pid 3718] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3718] mkdir("./file0", 0777) = 0 [pid 3718] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3718] ioctl(4, LOOP_CLR_FD) = 0 [pid 3718] close(4) = 0 [pid 3718] close(3) = 0 [pid 3718] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3718] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... futex resumed>) = 0 [pid 3718] mkdir("./file1", 000) = 0 [pid 3718] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... futex resumed>) = 1 [pid 3718] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3718] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... futex resumed>) = 1 [pid 3718] chdir("./bus") = 0 [pid 3718] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3717] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3719], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3719 [pid 3717] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... futex resumed>) = 1 [pid 3718] link("./file1", "./bus"./strace-static-x86_64: Process 3719 attached ) = 0 [pid 3718] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3718] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3719] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3719] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3717] exit_group(0) = ? [pid 3718] <... futex resumed>) = ? [pid 3718] +++ exited with 0 +++ [pid 3719] <... futex resumed>) = ? [pid 3719] +++ exited with 0 +++ [pid 3717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./35/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./35/file1/file1") = 0 umount2("./35/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./35/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./35/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/bus/index") = 0 umount2("./35/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 39.564041][ T3718] loop0: detected capacity change from 0 to 264192 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3720 ./strace-static-x86_64: Process 3720 attached [pid 3720] set_robust_list(0x5555558075e0, 24) = 0 [pid 3720] chdir("./36") = 0 [pid 3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3720] setpgid(0, 0) = 0 [pid 3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3720] write(3, "1000", 4) = 4 [pid 3720] close(3) = 0 [pid 3720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3720] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3720] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3720] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3721 attached , parent_tid=[3721], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3721 [pid 3720] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3721] mkdir("./bus", 000) = 0 [pid 3721] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3721] memfd_create("syzkaller", 0) = 3 [pid 3721] ftruncate(3, 135266304) = 0 [pid 3721] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3721] mkdir("./file0", 0777) = 0 [pid 3721] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3721] ioctl(4, LOOP_CLR_FD) = 0 [pid 3721] close(4) = 0 [pid 3721] close(3) = 0 [pid 3721] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] <... futex resumed>) = 1 [pid 3721] mkdir("./file1", 000) = 0 [pid 3721] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] <... futex resumed>) = 1 [pid 3721] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3721] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] <... futex resumed>) = 1 [pid 3721] chdir("./bus") = 0 [pid 3721] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3720] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3720] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3722], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3722 [pid 3720] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] <... futex resumed>) = 1 [pid 3721] link("./file1", "./bus"./strace-static-x86_64: Process 3722 attached [pid 3722] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3721] <... link resumed>) = 0 [pid 3722] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3721] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3722] <... open resumed>) = 3 [pid 3722] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] exit_group(0) = ? [pid 3721] <... futex resumed>) = ? [pid 3721] +++ exited with 0 +++ [pid 3722] <... futex resumed>) = ? [pid 3722] +++ exited with 0 +++ [pid 3720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./36/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./36/file1/file1") = 0 umount2("./36/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./36/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./36/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/bus/index") = 0 umount2("./36/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3723 ./strace-static-x86_64: Process 3723 attached [pid 3723] set_robust_list(0x5555558075e0, 24) = 0 [ 39.632636][ T3721] loop0: detected capacity change from 0 to 264192 [pid 3723] chdir("./37") = 0 [pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3723] setpgid(0, 0) = 0 [pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3723] write(3, "1000", 4) = 4 [pid 3723] close(3) = 0 [pid 3723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3723] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3723] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3723] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3724 attached [pid 3724] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3724] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3723] <... clone resumed>, parent_tid=[3724], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3724 [pid 3723] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3724] <... futex resumed>) = 0 [pid 3724] mkdir("./bus", 000 [pid 3723] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] <... mkdir resumed>) = 0 [pid 3724] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3724] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3723] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3724] <... futex resumed>) = 0 [pid 3724] memfd_create("syzkaller", 0) = 3 [pid 3724] ftruncate(3, 135266304) = 0 [pid 3723] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3724] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3724] mkdir("./file0", 0777) = 0 [pid 3724] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3724] ioctl(4, LOOP_CLR_FD) = 0 [pid 3724] close(4) = 0 [pid 3724] close(3) = 0 [pid 3724] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3723] <... futex resumed>) = 0 [pid 3723] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] mkdir("./file1", 000) = 0 [pid 3724] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3723] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] <... futex resumed>) = 1 [pid 3724] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3724] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3723] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] <... futex resumed>) = 1 [pid 3724] chdir("./bus") = 0 [pid 3724] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3723] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3723] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3723] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3725], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3725 [pid 3723] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] <... futex resumed>) = 1 [pid 3724] link("./file1", "./bus") = 0 [pid 3724] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3725 attached [pid 3725] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3725] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3724] <... futex resumed>) = 0 [pid 3724] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3725] <... open resumed>) = 3 [pid 3725] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3723] <... futex resumed>) = 0 [pid 3725] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3723] exit_group(0) = ? [pid 3725] <... futex resumed>) = ? [pid 3725] +++ exited with 0 +++ [pid 3724] <... futex resumed>) = ? [pid 3724] +++ exited with 0 +++ [pid 3723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./37/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./37/file1/file1") = 0 umount2("./37/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./37/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 [ 39.715850][ T3724] loop0: detected capacity change from 0 to 264192 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./37/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/bus/index") = 0 umount2("./37/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3726 ./strace-static-x86_64: Process 3726 attached [pid 3726] set_robust_list(0x5555558075e0, 24) = 0 [pid 3726] chdir("./38") = 0 [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3726] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3726] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3726] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3727], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3727 [pid 3726] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3727 attached [pid 3727] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3727] mkdir("./bus", 000) = 0 [pid 3727] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3727] <... futex resumed>) = 1 [pid 3727] memfd_create("syzkaller", 0) = 3 [pid 3727] ftruncate(3, 135266304) = 0 [pid 3727] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3727] mkdir("./file0", 0777) = 0 [pid 3727] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3727] ioctl(4, LOOP_CLR_FD) = 0 [pid 3727] close(4) = 0 [pid 3727] close(3) = 0 [pid 3727] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... futex resumed>) = 1 [pid 3727] mkdir("./file1", 000) = 0 [pid 3727] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3726] <... futex resumed>) = 0 [pid 3727] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3726] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... mount resumed>) = 0 [pid 3727] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... futex resumed>) = 1 [pid 3727] chdir("./bus") = 0 [pid 3727] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3726] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3726] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3728], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3728 [pid 3726] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... futex resumed>) = 1 [pid 3727] link("./file1", "./bus"./strace-static-x86_64: Process 3728 attached [pid 3728] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3728] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3728] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3728] <... futex resumed>) = 1 [pid 3728] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3727] <... link resumed>) = 0 [pid 3727] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3727] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] exit_group(0) = ? [pid 3728] <... futex resumed>) = ? [pid 3728] +++ exited with 0 +++ [pid 3727] <... futex resumed>) = ? [pid 3727] +++ exited with 0 +++ [pid 3726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./38/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./38/file1/file1") = 0 umount2("./38/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./38/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./38/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/bus/index") = 0 umount2("./38/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 [ 39.798721][ T3727] loop0: detected capacity change from 0 to 264192 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3729 ./strace-static-x86_64: Process 3729 attached [pid 3729] set_robust_list(0x5555558075e0, 24) = 0 [pid 3729] chdir("./39") = 0 [pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3729] setpgid(0, 0) = 0 [pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3729] write(3, "1000", 4) = 4 [pid 3729] close(3) = 0 [pid 3729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3729] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3729] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3729] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3730 attached [pid 3730] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3730] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] <... clone resumed>, parent_tid=[3730], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3730 [pid 3729] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3730] <... futex resumed>) = 0 [pid 3730] mkdir("./bus", 000 [pid 3729] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] <... mkdir resumed>) = 0 [pid 3730] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3729] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] memfd_create("syzkaller", 0 [pid 3729] <... futex resumed>) = 0 [pid 3730] <... memfd_create resumed>) = 3 [pid 3729] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3730] ftruncate(3, 135266304) = 0 [pid 3730] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3730] mkdir("./file0", 0777) = 0 [pid 3730] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3730] ioctl(4, LOOP_CLR_FD) = 0 [pid 3730] close(4) = 0 [pid 3730] close(3) = 0 [pid 3730] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3730] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3730] <... futex resumed>) = 0 [pid 3730] mkdir("./file1", 000 [pid 3729] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] <... mkdir resumed>) = 0 [pid 3730] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3730] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3729] <... futex resumed>) = 0 [pid 3730] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 3729] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] <... mount resumed>) = 0 [pid 3730] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3730] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3729] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] chdir("./bus") = 0 [pid 3730] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3730] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3729] <... futex resumed>) = 0 [pid 3730] link("./file1", "./bus" [pid 3729] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3729] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3729] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3731], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3731 [pid 3729] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3731 attached [pid 3731] set_robust_list(0x7f246f27e9e0, 24 [pid 3730] <... link resumed>) = 0 [pid 3730] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3730] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3731] <... set_robust_list resumed>) = 0 [pid 3731] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3731] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3731] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] <... futex resumed>) = 0 [pid 3729] exit_group(0) = ? [pid 3730] <... futex resumed>) = ? [pid 3731] <... futex resumed>) = ? [pid 3730] +++ exited with 0 +++ [pid 3731] +++ exited with 0 +++ [pid 3729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./39/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./39/file1/file1") = 0 umount2("./39/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./39/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 [ 39.883204][ T3730] loop0: detected capacity change from 0 to 264192 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./39/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/bus/index") = 0 umount2("./39/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3732 ./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x5555558075e0, 24) = 0 [pid 3732] chdir("./40") = 0 [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3732] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3732] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3733], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3733 [pid 3732] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3733 attached [pid 3733] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3733] mkdir("./bus", 000) = 0 [pid 3733] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3733] <... futex resumed>) = 1 [pid 3733] memfd_create("syzkaller", 0) = 3 [pid 3733] ftruncate(3, 135266304) = 0 [pid 3733] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3733] mkdir("./file0", 0777) = 0 [pid 3733] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3733] ioctl(4, LOOP_CLR_FD) = 0 [pid 3733] close(4) = 0 [pid 3733] close(3) = 0 [pid 3733] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 1 [pid 3733] mkdir("./file1", 000) = 0 [pid 3733] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 1 [pid 3733] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3733] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 1 [pid 3733] chdir("./bus") = 0 [pid 3733] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3732] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3734], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3734 [pid 3732] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 1 [pid 3733] link("./file1", "./bus"./strace-static-x86_64: Process 3734 attached ) = 0 [pid 3733] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3734] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3734] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3734] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] exit_group(0) = ? [pid 3733] <... futex resumed>) = ? [pid 3733] +++ exited with 0 +++ [pid 3734] <... futex resumed>) = ? [pid 3734] +++ exited with 0 +++ [pid 3732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./40/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./40/file1/file1") = 0 umount2("./40/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./40/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./40/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/bus/index") = 0 umount2("./40/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 [ 39.989969][ T3733] loop0: detected capacity change from 0 to 264192 rmdir("./40/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3735 ./strace-static-x86_64: Process 3735 attached [pid 3735] set_robust_list(0x5555558075e0, 24) = 0 [pid 3735] chdir("./41") = 0 [pid 3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3735] setpgid(0, 0) = 0 [pid 3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3735] write(3, "1000", 4) = 4 [pid 3735] close(3) = 0 [pid 3735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3735] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3735] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3735] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3736 attached [pid 3736] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3736] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] <... clone resumed>, parent_tid=[3736], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3736 [pid 3735] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3736] <... futex resumed>) = 0 [pid 3736] mkdir("./bus", 000 [pid 3735] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3736] <... mkdir resumed>) = 0 [pid 3736] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3735] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3736] <... futex resumed>) = 0 [pid 3736] memfd_create("syzkaller", 0 [pid 3735] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3736] <... memfd_create resumed>) = 3 [pid 3736] ftruncate(3, 135266304) = 0 [pid 3736] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3736] mkdir("./file0", 0777) = 0 [pid 3736] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3736] ioctl(4, LOOP_CLR_FD) = 0 [pid 3736] close(4) = 0 [pid 3736] close(3) = 0 [pid 3736] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3735] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3736] <... futex resumed>) = 1 [pid 3736] mkdir("./file1", 000) = 0 [pid 3736] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3735] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3736] <... futex resumed>) = 1 [pid 3736] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3736] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3735] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3736] <... futex resumed>) = 1 [pid 3736] chdir("./bus") = 0 [pid 3736] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3735] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3735] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3735] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3737 attached , parent_tid=[3737], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3737 [pid 3735] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3737] set_robust_list(0x7f246f27e9e0, 24 [pid 3736] <... futex resumed>) = 1 [pid 3736] link("./file1", "./bus" [pid 3737] <... set_robust_list resumed>) = 0 [pid 3737] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3737] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3735] <... futex resumed>) = 0 [pid 3737] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3736] <... link resumed>) = 0 [pid 3736] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] exit_group(0) = ? [pid 3737] <... futex resumed>) = ? [pid 3737] +++ exited with 0 +++ [pid 3736] <... futex resumed>) = ? [pid 3736] +++ exited with 0 +++ [pid 3735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./41/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./41/file1/file1") = 0 umount2("./41/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./41/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 40.074246][ T3736] loop0: detected capacity change from 0 to 264192 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./41/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/bus/index") = 0 umount2("./41/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3738 ./strace-static-x86_64: Process 3738 attached [pid 3738] set_robust_list(0x5555558075e0, 24) = 0 [pid 3738] chdir("./42") = 0 [pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3738] setpgid(0, 0) = 0 [pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3738] write(3, "1000", 4) = 4 [pid 3738] close(3) = 0 [pid 3738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3738] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3738] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3738] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3739 attached , parent_tid=[3739], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3739 [pid 3739] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3739] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3738] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] mkdir("./bus", 000) = 0 [pid 3739] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3739] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3738] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3739] <... futex resumed>) = 0 [pid 3739] memfd_create("syzkaller", 0) = 3 [pid 3739] ftruncate(3, 135266304) = 0 [pid 3739] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3739] mkdir("./file0", 0777) = 0 [pid 3739] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3739] ioctl(4, LOOP_CLR_FD) = 0 [pid 3739] close(4) = 0 [pid 3739] close(3) = 0 [pid 3739] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] <... futex resumed>) = 1 [pid 3739] mkdir("./file1", 000) = 0 [pid 3739] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] <... futex resumed>) = 1 [pid 3739] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3739] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] <... futex resumed>) = 1 [pid 3739] chdir("./bus") = 0 [pid 3739] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3738] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3738] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3740 attached [pid 3740] set_robust_list(0x7f246f27e9e0, 24 [pid 3738] <... clone resumed>, parent_tid=[3740], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3740 [pid 3740] <... set_robust_list resumed>) = 0 [pid 3738] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3740] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] <... futex resumed>) = 1 [pid 3740] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3740] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3738] <... futex resumed>) = 0 [pid 3740] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3739] link("./file1", "./bus") = 0 [pid 3739] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3738] exit_group(0 [pid 3740] <... futex resumed>) = ? [pid 3738] <... exit_group resumed>) = ? [pid 3740] +++ exited with 0 +++ [pid 3739] <... futex resumed>) = ? [pid 3739] +++ exited with 0 +++ [pid 3738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./42/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./42/file1/file1") = 0 umount2("./42/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./42/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 40.168747][ T3739] loop0: detected capacity change from 0 to 264192 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./42/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/bus/index") = 0 umount2("./42/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3741 ./strace-static-x86_64: Process 3741 attached [pid 3741] set_robust_list(0x5555558075e0, 24) = 0 [pid 3741] chdir("./43") = 0 [pid 3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3741] setpgid(0, 0) = 0 [pid 3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3741] write(3, "1000", 4) = 4 [pid 3741] close(3) = 0 [pid 3741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3741] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3741] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3741] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3742], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3742 [pid 3741] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3742 attached [pid 3742] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3742] mkdir("./bus", 000) = 0 [pid 3742] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3742] <... futex resumed>) = 1 [pid 3742] memfd_create("syzkaller", 0) = 3 [pid 3742] ftruncate(3, 135266304) = 0 [pid 3742] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3742] mkdir("./file0", 0777) = 0 [pid 3742] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3742] ioctl(4, LOOP_CLR_FD) = 0 [pid 3742] close(4) = 0 [pid 3742] close(3) = 0 [pid 3742] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] <... futex resumed>) = 1 [pid 3742] mkdir("./file1", 000) = 0 [pid 3742] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] <... futex resumed>) = 1 [pid 3742] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3742] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] <... futex resumed>) = 1 [pid 3742] chdir("./bus") = 0 [pid 3742] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3741] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3741] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3743], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3743 [pid 3741] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] <... futex resumed>) = 1 [pid 3742] link("./file1", "./bus") = 0 [pid 3742] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3743 attached [pid 3743] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3743] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3743] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3741] exit_group(0) = ? [pid 3742] <... futex resumed>) = ? [pid 3742] +++ exited with 0 +++ [pid 3743] <... futex resumed>) = ? [pid 3743] +++ exited with 0 +++ [pid 3741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3741, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./43/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./43/file1/file1") = 0 umount2("./43/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./43/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./43/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/bus/index") = 0 umount2("./43/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 [ 40.251341][ T3742] loop0: detected capacity change from 0 to 264192 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3744 ./strace-static-x86_64: Process 3744 attached [pid 3744] set_robust_list(0x5555558075e0, 24) = 0 [pid 3744] chdir("./44") = 0 [pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3744] setpgid(0, 0) = 0 [pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3744] write(3, "1000", 4) = 4 [pid 3744] close(3) = 0 [pid 3744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3744] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3744] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3744] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3745 attached [pid 3745] set_robust_list(0x7f246f29f9e0, 24 [pid 3744] <... clone resumed>, parent_tid=[3745], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3745 [pid 3745] <... set_robust_list resumed>) = 0 [pid 3744] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] mkdir("./bus", 000 [pid 3744] <... futex resumed>) = 0 [pid 3745] <... mkdir resumed>) = 0 [pid 3744] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3745] memfd_create("syzkaller", 0 [pid 3744] <... futex resumed>) = 0 [pid 3745] <... memfd_create resumed>) = 3 [pid 3744] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3745] ftruncate(3, 135266304) = 0 [pid 3745] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3745] mkdir("./file0", 0777) = 0 [pid 3745] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3745] ioctl(4, LOOP_CLR_FD) = 0 [pid 3745] close(4) = 0 [pid 3745] close(3) = 0 [pid 3745] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3745] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 0 [pid 3745] mkdir("./file1", 000) = 0 [pid 3745] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 1 [pid 3745] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3745] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 1 [pid 3745] chdir("./bus") = 0 [pid 3745] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3744] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3744] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3746 attached , parent_tid=[3746], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3746 [pid 3746] set_robust_list(0x7f246f27e9e0, 24 [pid 3744] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3746] <... set_robust_list resumed>) = 0 [pid 3744] <... futex resumed>) = 0 [pid 3746] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3744] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3746] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 3746] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3746] <... futex resumed>) = 1 [pid 3746] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3745] <... futex resumed>) = 1 [pid 3745] link("./file1", "./bus") = 0 [pid 3745] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] exit_group(0 [pid 3746] <... futex resumed>) = ? [pid 3744] <... exit_group resumed>) = ? [pid 3746] +++ exited with 0 +++ [pid 3745] +++ exited with 0 +++ [pid 3744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./44/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./44/file1/file1") = 0 umount2("./44/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./44/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./44/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 40.328266][ T3745] loop0: detected capacity change from 0 to 264192 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/bus/index") = 0 umount2("./44/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3747 attached , child_tidptr=0x5555558075d0) = 3747 [pid 3747] set_robust_list(0x5555558075e0, 24) = 0 [pid 3747] chdir("./45") = 0 [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3747] setpgid(0, 0) = 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3747] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3747] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3748 attached [pid 3748] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3748] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] <... clone resumed>, parent_tid=[3748], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3748 [pid 3747] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3748] <... futex resumed>) = 0 [pid 3748] mkdir("./bus", 000 [pid 3747] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... mkdir resumed>) = 0 [pid 3748] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3748] memfd_create("syzkaller", 0) = 3 [pid 3748] ftruncate(3, 135266304) = 0 [pid 3748] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3748] mkdir("./file0", 0777) = 0 [pid 3748] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3748] ioctl(4, LOOP_CLR_FD) = 0 [pid 3748] close(4) = 0 [pid 3748] close(3) = 0 [pid 3748] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... futex resumed>) = 1 [pid 3748] mkdir("./file1", 000) = 0 [pid 3748] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... futex resumed>) = 1 [pid 3748] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3748] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... futex resumed>) = 1 [pid 3748] chdir("./bus") = 0 [pid 3748] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3747] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3749], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3749 [pid 3747] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... futex resumed>) = 1 [pid 3748] link("./file1", "./bus"./strace-static-x86_64: Process 3749 attached [pid 3749] set_robust_list(0x7f246f27e9e0, 24 [pid 3748] <... link resumed>) = 0 [pid 3748] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3749] <... set_robust_list resumed>) = 0 [pid 3748] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3749] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3749] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] exit_group(0) = ? [pid 3748] <... futex resumed>) = ? [pid 3748] +++ exited with 0 +++ [pid 3749] <... futex resumed>) = ? [pid 3749] +++ exited with 0 +++ [pid 3747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./45/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./45/file1/file1") = 0 umount2("./45/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./45/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./45/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 [ 40.426946][ T3748] loop0: detected capacity change from 0 to 264192 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/bus/index") = 0 umount2("./45/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3750 ./strace-static-x86_64: Process 3750 attached [pid 3750] set_robust_list(0x5555558075e0, 24) = 0 [pid 3750] chdir("./46") = 0 [pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3750] setpgid(0, 0) = 0 [pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3750] write(3, "1000", 4) = 4 [pid 3750] close(3) = 0 [pid 3750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3750] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3750] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3750] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3751 attached [pid 3751] set_robust_list(0x7f246f29f9e0, 24 [pid 3750] <... clone resumed>, parent_tid=[3751], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3751 [pid 3751] <... set_robust_list resumed>) = 0 [pid 3750] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] mkdir("./bus", 000 [pid 3750] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... mkdir resumed>) = 0 [pid 3751] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3751] <... futex resumed>) = 1 [pid 3751] memfd_create("syzkaller", 0 [pid 3750] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] <... memfd_create resumed>) = 3 [pid 3750] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3751] ftruncate(3, 135266304) = 0 [pid 3751] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3751] mkdir("./file0", 0777) = 0 [pid 3751] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3751] ioctl(4, LOOP_CLR_FD) = 0 [pid 3751] close(4) = 0 [pid 3751] close(3) = 0 [pid 3751] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3750] <... futex resumed>) = 0 [pid 3751] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3751] mkdir("./file1", 000) = 0 [pid 3751] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3751] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3751] <... futex resumed>) = 1 [pid 3750] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3751] chdir("./bus" [pid 3750] <... futex resumed>) = 0 [pid 3751] <... chdir resumed>) = 0 [pid 3750] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3750] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3750] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3752], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3752 [pid 3750] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] link("./file1", "./bus") = 0 [pid 3751] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3752 attached [pid 3752] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3752] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 3752] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] exit_group(0) = ? [pid 3751] <... futex resumed>) = ? [pid 3751] +++ exited with 0 +++ [pid 3752] <... futex resumed>) = ? [pid 3752] +++ exited with 0 +++ [pid 3750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./46/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./46/file1/file1") = 0 umount2("./46/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./46/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 [ 40.510801][ T3751] loop0: detected capacity change from 0 to 264192 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./46/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/bus/index") = 0 umount2("./46/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3753 ./strace-static-x86_64: Process 3753 attached [pid 3753] set_robust_list(0x5555558075e0, 24) = 0 [pid 3753] chdir("./47") = 0 [pid 3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3753] setpgid(0, 0) = 0 [pid 3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3753] write(3, "1000", 4) = 4 [pid 3753] close(3) = 0 [pid 3753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3753] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3753] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3753] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3754], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3754 [pid 3753] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3754 attached [pid 3754] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3754] mkdir("./bus", 000) = 0 [pid 3754] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3754] <... futex resumed>) = 1 [pid 3754] memfd_create("syzkaller", 0) = 3 [pid 3754] ftruncate(3, 135266304) = 0 [pid 3754] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3754] mkdir("./file0", 0777) = 0 [pid 3754] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3754] ioctl(4, LOOP_CLR_FD) = 0 [pid 3754] close(4) = 0 [pid 3754] close(3) = 0 [pid 3754] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... futex resumed>) = 1 [pid 3754] mkdir("./file1", 000) = 0 [pid 3754] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... futex resumed>) = 1 [pid 3754] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3754] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... futex resumed>) = 1 [pid 3754] chdir("./bus") = 0 [pid 3754] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3753] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3753] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3755], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3755 [pid 3753] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... futex resumed>) = 1 [pid 3754] link("./file1", "./bus"./strace-static-x86_64: Process 3755 attached [pid 3755] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3755] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3755] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3755] futex(0x7f246f3774b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3754] <... link resumed>) = 0 [pid 3754] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3753] exit_group(0) = ? [pid 3755] <... futex resumed>) = ? [pid 3754] <... futex resumed>) = ? [pid 3754] +++ exited with 0 +++ [pid 3755] +++ exited with 0 +++ [pid 3753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./47/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./47/file1/file1") = 0 umount2("./47/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./47/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./47/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/bus/index") = 0 umount2("./47/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3756 ./strace-static-x86_64: Process 3756 attached [pid 3756] set_robust_list(0x5555558075e0, 24) = 0 [pid 3756] chdir("./48") = 0 [pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3756] setpgid(0, 0) = 0 [pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3756] write(3, "1000", 4) = 4 [pid 3756] close(3) = 0 [pid 3756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3756] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3756] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3756] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3757 attached , parent_tid=[3757], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3757 [pid 3756] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 40.597482][ T3754] loop0: detected capacity change from 0 to 264192 [pid 3756] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3757] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3757] mkdir("./bus", 000) = 0 [pid 3757] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3757] memfd_create("syzkaller", 0) = 3 [pid 3757] ftruncate(3, 135266304) = 0 [pid 3757] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3757] mkdir("./file0", 0777) = 0 [pid 3757] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3757] ioctl(4, LOOP_CLR_FD) = 0 [pid 3757] close(4) = 0 [pid 3757] close(3) = 0 [pid 3757] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3756] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3757] <... futex resumed>) = 0 [pid 3757] mkdir("./file1", 000) = 0 [pid 3757] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3757] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3757] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3757] <... futex resumed>) = 1 [pid 3757] chdir("./bus") = 0 [pid 3757] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3756] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3756] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3758], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3758 [pid 3756] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3757] <... futex resumed>) = 1 [pid 3757] link("./file1", "./bus"./strace-static-x86_64: Process 3758 attached [pid 3758] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3758] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 3758] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... link resumed>) = 0 [pid 3757] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3756] <... futex resumed>) = 0 [pid 3756] exit_group(0) = ? [pid 3757] <... futex resumed>) = ? [pid 3757] +++ exited with 0 +++ [pid 3758] <... futex resumed>) = ? [pid 3758] +++ exited with 0 +++ [pid 3756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555808620 /* 6 entries */, 32768) = 168 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./48/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./48/file1/file1") = 0 umount2("./48/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./48/file1/bus") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 [ 40.662689][ T3757] loop0: detected capacity change from 0 to 264192 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555555810660 /* 4 entries */, 32768) = 104 umount2("./48/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/bus/index") = 0 umount2("./48/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x5555558186a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x5555558186a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/bus/work") = 0 getdents64(4, 0x555555810660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 getdents64(3, 0x555555808620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558075d0) = 3759 ./strace-static-x86_64: Process 3759 attached [pid 3759] set_robust_list(0x5555558075e0, 24) = 0 [pid 3759] chdir("./49") = 0 [pid 3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3759] setpgid(0, 0) = 0 [pid 3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3759] write(3, "1000", 4) = 4 [pid 3759] close(3) = 0 [pid 3759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3759] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f27f000 [pid 3759] mprotect(0x7f246f280000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3759] clone(child_stack=0x7f246f29f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3760 attached [pid 3760] set_robust_list(0x7f246f29f9e0, 24) = 0 [pid 3760] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3759] <... clone resumed>, parent_tid=[3760], tls=0x7f246f29f700, child_tidptr=0x7f246f29f9d0) = 3760 [pid 3759] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3760] mkdir("./bus", 000 [pid 3759] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3760] <... mkdir resumed>) = 0 [pid 3760] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3759] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3759] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3760] <... futex resumed>) = 0 [pid 3760] memfd_create("syzkaller", 0) = 3 [pid 3760] ftruncate(3, 135266304) = 0 [pid 3760] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3760] mkdir("./file0", 0777) = 0 [pid 3760] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3760] ioctl(4, LOOP_CLR_FD) = 0 [pid 3760] close(4) = 0 [pid 3760] close(3) = 0 [pid 3760] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3759] <... futex resumed>) = 0 [pid 3759] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3760] mkdir("./file1", 000) = 0 [pid 3760] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3759] <... futex resumed>) = 0 [pid 3759] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3760] <... futex resumed>) = 1 [pid 3760] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 3760] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3759] <... futex resumed>) = 0 [pid 3759] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7f246f3774ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3760] <... futex resumed>) = 1 [pid 3760] chdir("./bus") = 0 [pid 3760] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3759] <... futex resumed>) = 0 [pid 3759] futex(0x7f246f3774a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7f246f3774bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f246f25e000 [pid 3759] mprotect(0x7f246f25f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3759] clone(child_stack=0x7f246f27e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3761], tls=0x7f246f27e700, child_tidptr=0x7f246f27e9d0) = 3761 [pid 3759] futex(0x7f246f3774b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7f246f3774bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3760] <... futex resumed>) = 1 [pid 3760] link("./file1", "./bus"./strace-static-x86_64: Process 3761 attached [pid 3761] set_robust_list(0x7f246f27e9e0, 24) = 0 [pid 3761] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 3760] <... link resumed>) = 0 [pid 3760] futex(0x7f246f3774ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 40.767423][ T3760] loop0: detected capacity change from 0 to 264192 [ 40.795614][ T3761] general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN [ 40.807379][ T3761] KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] [ 40.815765][ T3761] CPU: 0 PID: 3761 Comm: syz-executor352 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 40.825891][ T3761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 40.836026][ T3761] RIP: 0010:security_inode_getattr+0x46/0x140 [ 40.842082][ T3761] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b [ 40.861684][ T3761] RSP: 0018:ffffc9000400f578 EFLAGS: 00010212 [ 40.867735][ T3761] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 40.875686][ T3761] RDX: 000000000000000d RSI: ffffffff83bd72fe RDI: 0000000000000068 [ 40.883633][ T3761] RBP: ffffc9000400f750 R08: 0000000000000005 R09: 0000000000000000 [ 40.891595][ T3761] R10: 0000000000000000 R11: 000000000008c07d R12: ffff8880763dca48 [ 40.899559][ T3761] R13: ffffc9000400f750 R14: 00000000000007ff R15: 0000000000000000 [ 40.907533][ T3761] FS: 00007f246f27e700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 40.916450][ T3761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.923019][ T3761] CR2: 00007f246f27e718 CR3: 00000000717a9000 CR4: 0000000000350ef0 [ 40.930977][ T3761] Call Trace: [ 40.934238][ T3761] [ 40.937154][ T3761] vfs_getattr+0x22/0x60 [ 40.941385][ T3761] ovl_copy_up_one+0x12c/0x2870 [ 40.946220][ T3761] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.951674][ T3761] ? lock_acquire+0x480/0x570 [ 40.956351][ T3761] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.961803][ T3761] ? lock_release+0x560/0x780 [ 40.966466][ T3761] ? debug_check_no_obj_freed+0x20c/0x420 [ 40.972176][ T3761] ? lock_downgrade+0x6e0/0x6e0 [ 40.977011][ T3761] ? rwlock_bug.part.0+0x90/0x90 [ 40.981934][ T3761] ? ovl_copy_up_inode+0x970/0x970 [ 40.987030][ T3761] ? debug_check_no_obj_freed+0x20c/0x420 [ 40.992741][ T3761] ? trace_hardirqs_on+0x2d/0x120 [ 40.997760][ T3761] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 41.003658][ T3761] ? debug_check_no_obj_freed+0x20c/0x420 [ 41.009369][ T3761] ? trace_hardirqs_on+0x2d/0x120 [ 41.014418][ T3761] ? do_raw_spin_unlock+0x171/0x230 [ 41.019608][ T3761] ? dget_parent+0x14f/0x540 [ 41.024195][ T3761] ovl_copy_up_flags+0x150/0x1d0 [ 41.029124][ T3761] ovl_maybe_copy_up+0x140/0x190 [ 41.034048][ T3761] ovl_open+0xf1/0x2d0 [ 41.038111][ T3761] ? ovl_llseek+0x340/0x340 [ 41.042624][ T3761] ? fsnotify_perm.part.0+0x221/0x610 [ 41.047992][ T3761] do_dentry_open+0x6cc/0x13f0 [ 41.052745][ T3761] ? ovl_llseek+0x340/0x340 [ 41.057242][ T3761] ? may_open+0x1f6/0x420 [ 41.061565][ T3761] path_openat+0x1c92/0x28f0 [ 41.066165][ T3761] ? path_lookupat+0x840/0x840 [ 41.071015][ T3761] do_filp_open+0x1b6/0x400 [ 41.075503][ T3761] ? may_open_dev+0xf0/0xf0 [ 41.079991][ T3761] ? lock_release+0x560/0x780 [ 41.084655][ T3761] ? do_raw_spin_lock+0x120/0x2a0 [ 41.089666][ T3761] ? rwlock_bug.part.0+0x90/0x90 [ 41.094592][ T3761] ? _find_next_bit+0x1e3/0x260 [ 41.099447][ T3761] ? _raw_spin_unlock+0x24/0x40 [ 41.104285][ T3761] ? alloc_fd+0x2f0/0x6f0 [ 41.108640][ T3761] do_sys_openat2+0x16d/0x4c0 [ 41.113309][ T3761] ? ptrace_stop.part.0+0x5f4/0x8c0 [ 41.118495][ T3761] ? build_open_flags+0x6f0/0x6f0 [ 41.123510][ T3761] ? lock_release+0x560/0x780 [ 41.128174][ T3761] ? ptrace_notify+0xfa/0x140 [ 41.132853][ T3761] ? lock_downgrade+0x6e0/0x6e0 [ 41.137691][ T3761] __x64_sys_open+0x119/0x1c0 [ 41.142359][ T3761] ? do_sys_open+0x140/0x140 [ 41.146935][ T3761] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.152121][ T3761] ? ptrace_notify+0xfa/0x140 [ 41.156787][ T3761] do_syscall_64+0x35/0xb0 [ 41.161193][ T3761] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.167075][ T3761] RIP: 0033:0x7f246f2f2b49 [ 41.171632][ T3761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 41.191230][ T3761] RSP: 002b:00007f246f27e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 41.199631][ T3761] RAX: ffffffffffffffda RBX: 00007f246f3774b0 RCX: 00007f246f2f2b49 [ 41.207607][ T3761] RDX: 0000000000000000 RSI: 0000000000000300 RDI: 0000000020000140 [pid 3760] futex(0x7f246f3774a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3759] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 41.215563][ T3761] RBP: 00007f246f3442ac R08: 00007f246f27e700 R09: 0000000000000000 [ 41.223519][ T3761] R10: 00007f246f27e700 R11: 0000000000000246 R12: 0031656c69662f2e [ 41.231474][ T3761] R13: 79706f636174656d R14: 0079616c7265766f R15: 00007f246f3774b8 [ 41.239458][ T3761] [ 41.242470][ T3761] Modules linked in: [ 41.247345][ T3761] ---[ end trace 0000000000000000 ]--- [ 41.253012][ T3761] RIP: 0010:security_inode_getattr+0x46/0x140 [ 41.259374][ T3761] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b [ 41.279036][ T3761] RSP: 0018:ffffc9000400f578 EFLAGS: 00010212 [ 41.285133][ T3761] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.293124][ T3761] RDX: 000000000000000d RSI: ffffffff83bd72fe RDI: 0000000000000068 [ 41.301439][ T3761] RBP: ffffc9000400f750 R08: 0000000000000005 R09: 0000000000000000 [ 41.309471][ T3761] R10: 0000000000000000 R11: 000000000008c07d R12: ffff8880763dca48 [ 41.317480][ T3761] R13: ffffc9000400f750 R14: 00000000000007ff R15: 0000000000000000 [ 41.325485][ T3761] FS: 00007f246f27e700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 41.334452][ T3761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.341052][ T3761] CR2: 00005643c9471000 CR3: 00000000717a9000 CR4: 0000000000350ee0 [ 41.349085][ T3761] Kernel panic - not syncing: Fatal exception [ 41.356012][ T3761] Kernel Offset: disabled [ 41.360355][ T3761] Rebooting in 86400 seconds..