./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3158646081 <...> Warning: Permanently added '10.128.0.100' (ECDSA) to the list of known hosts. execve("./syz-executor3158646081", ["./syz-executor3158646081"], 0x7ffd3c19df00 /* 10 vars */) = 0 brk(NULL) = 0x555556b17000 brk(0x555556b17c40) = 0x555556b17c40 arch_prctl(ARCH_SET_FS, 0x555556b17300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556b175d0) = 5237 set_robust_list(0x555556b175e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f9f27b10a70, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f9f27b11140}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f9f27b10b10, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9f27b11140}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3158646081", 4096) = 28 brk(0x555556b38c40) = 0x555556b38c40 brk(0x555556b39000) = 0x555556b39000 mprotect(0x7f9f27bd2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5237 mkdir("./syzkaller.zZA529", 0700) = 0 chmod("./syzkaller.zZA529", 0777) = 0 chdir("./syzkaller.zZA529") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x555556b175e0, 24) = 0 [pid 5238] chdir("./0") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5238] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5240 attached , parent_tid=[5240], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5240 [pid 5240] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5238] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] mkdir("./bus", 000) = 0 [pid 5240] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] ftruncate(3, 135266304) = 0 [pid 5240] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] mkdir("./file0", 0777) = 0 [pid 5240] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] close(3) = 0 [pid 5240] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5240] mkdir("./file1", 000 [pid 5238] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... mkdir resumed>) = 0 [pid 5240] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5240] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5238] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... mount resumed>) = 0 [pid 5240] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5240] chdir("./bus" [pid 5238] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... chdir resumed>) = 0 [pid 5240] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5240] link("./file1", "./bus" [pid 5238] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5238] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5241], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5241 [pid 5238] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x7f9f27adf9e0, 24) = 0 [ 53.039543][ T5240] loop0: detected capacity change from 0 to 264192 [pid 5241] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5241] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5240] <... link resumed>) = 0 [pid 5241] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] exit_group(0 [pid 5241] <... futex resumed>) = ? [pid 5240] <... futex resumed>) = ? [pid 5238] <... exit_group resumed>) = ? [pid 5241] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./0/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./0/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./0/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/bus/index") = 0 umount2("./0/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./0/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5242 ./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x555556b175e0, 24) = 0 [pid 5242] chdir("./1") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5242] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5243], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5243 [pid 5242] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5243] mkdir("./bus", 000) = 0 [pid 5243] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5243] ftruncate(3, 135266304) = 0 [pid 5243] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5243] mkdir("./file0", 0777) = 0 [pid 5243] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5243] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5243] ioctl(4, LOOP_CLR_FD) = 0 [pid 5243] close(4) = 0 [pid 5243] close(3) = 0 [pid 5243] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] mkdir("./file1", 000) = 0 [pid 5243] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5243] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] chdir("./bus") = 0 [pid 5243] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5242] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5244], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5244 [pid 5242] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] link("./file1", "./bus"./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5244] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5244] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5244] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... link resumed>) = 0 [pid 5243] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] exit_group(0) = ? [pid 5243] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5244] <... futex resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 53.385164][ T5243] loop0: detected capacity change from 0 to 264192 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./1/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./1/file1/file1") = 0 umount2("./1/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./1/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./1/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/bus/index") = 0 umount2("./1/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./1/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5245 attached , child_tidptr=0x555556b175d0) = 5245 [pid 5245] set_robust_list(0x555556b175e0, 24) = 0 [pid 5245] chdir("./2") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5245] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5246], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5246 [pid 5245] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5246] mkdir("./bus", 000) = 0 [pid 5246] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5246] <... futex resumed>) = 1 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] ftruncate(3, 135266304) = 0 [pid 5246] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] mkdir("./file0", 0777) = 0 [pid 5246] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] close(3) = 0 [pid 5246] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] mkdir("./file1", 000) = 0 [pid 5246] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5246] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] chdir("./bus") = 0 [pid 5246] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5245] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5246] link("./file1", "./bus" [pid 5245] <... clone resumed>, parent_tid=[5247], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5247 [pid 5245] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5247] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5247] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5247] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... link resumed>) = 0 [pid 5246] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] exit_group(0) = ? [pid 5247] <... futex resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 53.517439][ T5246] loop0: detected capacity change from 0 to 264192 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./2/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./2/file1/file1") = 0 umount2("./2/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./2/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./2/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/bus/index") = 0 umount2("./2/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./2/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5248 ./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x555556b175e0, 24) = 0 [pid 5248] chdir("./3") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5248] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5249 attached , parent_tid=[5249], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5249 [pid 5248] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5249] mkdir("./bus", 000) = 0 [pid 5249] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5249] memfd_create("syzkaller", 0) = 3 [pid 5249] ftruncate(3, 135266304) = 0 [pid 5249] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5249] mkdir("./file0", 0777) = 0 [pid 5249] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5249] ioctl(4, LOOP_CLR_FD) = 0 [pid 5249] close(4) = 0 [pid 5249] close(3) = 0 [pid 5249] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... futex resumed>) = 1 [pid 5249] mkdir("./file1", 000) = 0 [pid 5249] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... futex resumed>) = 1 [pid 5249] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5249] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... futex resumed>) = 1 [pid 5249] chdir("./bus") = 0 [pid 5249] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5248] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5250 [pid 5248] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... futex resumed>) = 1 [pid 5249] link("./file1", "./bus"./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5249] <... link resumed>) = 0 [pid 5249] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5250] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5248] exit_group(0 [pid 5249] <... futex resumed>) = ? [pid 5248] <... exit_group resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 53.644051][ T5249] loop0: detected capacity change from 0 to 264192 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./3/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./3/file1/file1") = 0 umount2("./3/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./3/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./3/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/bus/index") = 0 umount2("./3/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./3/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x555556b175e0, 24) = 0 [pid 5251] chdir("./4") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [ 53.712845][ T5250] syz-executor315 (5250) used greatest stack depth: 22416 bytes left [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5251] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5252] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... clone resumed>, parent_tid=[5252], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5252 [pid 5251] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5252] mkdir("./bus", 000) = 0 [pid 5251] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5251] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] ftruncate(3, 135266304) = 0 [pid 5252] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] mkdir("./file0", 0777) = 0 [pid 5252] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] close(3) = 0 [pid 5252] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] mkdir("./file1", 000) = 0 [pid 5252] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5252] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] chdir("./bus") = 0 [pid 5252] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5251] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5253], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5253 [pid 5251] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] link("./file1", "./bus"./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5253] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5253] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5253] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... link resumed>) = 0 [pid 5252] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0 [pid 5253] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5253] +++ exited with 0 +++ [pid 5252] <... futex resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 53.792382][ T5252] loop0: detected capacity change from 0 to 264192 lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./4/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./4/file1/file1") = 0 umount2("./4/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./4/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./4/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/bus/index") = 0 umount2("./4/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./4/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5254 ./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x555556b175e0, 24) = 0 [pid 5254] chdir("./5") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5254] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5255 attached , parent_tid=[5255], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5255 [pid 5254] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5255] mkdir("./bus", 000) = 0 [pid 5255] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] memfd_create("syzkaller", 0) = 3 [pid 5255] ftruncate(3, 135266304) = 0 [pid 5255] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] mkdir("./file0", 0777) = 0 [pid 5255] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5255] ioctl(4, LOOP_CLR_FD) = 0 [pid 5255] close(4) = 0 [pid 5255] close(3) = 0 [pid 5255] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] mkdir("./file1", 000) = 0 [pid 5255] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5255] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] chdir("./bus") = 0 [pid 5255] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5254] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x7f9f27adf9e0, 24 [pid 5254] <... clone resumed>, parent_tid=[5256], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5256 [pid 5256] <... set_robust_list resumed>) = 0 [pid 5254] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] link("./file1", "./bus" [pid 5256] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5256] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [ 53.930494][ T5255] loop0: detected capacity change from 0 to 264192 [pid 5256] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... link resumed>) = 0 [pid 5255] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] exit_group(0 [pid 5256] <... futex resumed>) = ? [pid 5255] <... futex resumed>) = ? [pid 5254] <... exit_group resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./5/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./5/file1/file1") = 0 umount2("./5/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./5/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./5/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/bus/index") = 0 umount2("./5/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./5/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x555556b175e0, 24) = 0 [pid 5257] chdir("./6") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5257] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5258 attached , parent_tid=[5258], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5258 [pid 5257] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] set_robust_list(0x7f9f27b009e0, 24 [pid 5257] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... set_robust_list resumed>) = 0 [pid 5258] mkdir("./bus", 000) = 0 [pid 5258] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] ftruncate(3, 135266304) = 0 [pid 5258] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] mkdir("./file0", 0777) = 0 [pid 5258] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5258] ioctl(4, LOOP_CLR_FD) = 0 [pid 5258] close(4) = 0 [pid 5258] close(3) = 0 [pid 5258] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... futex resumed>) = 1 [pid 5258] mkdir("./file1", 000) = 0 [pid 5258] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5257] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... mount resumed>) = 0 [pid 5258] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] chdir("./bus") = 0 [pid 5258] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5257] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] link("./file1", "./bus" [pid 5257] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5259], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5259 [pid 5257] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5259] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5259] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5259] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... link resumed>) = 0 [pid 5258] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] exit_group(0 [pid 5259] <... futex resumed>) = ? [pid 5257] <... exit_group resumed>) = ? [pid 5259] +++ exited with 0 +++ [ 54.069129][ T5258] loop0: detected capacity change from 0 to 264192 [pid 5258] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./6/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./6/file1/file1") = 0 umount2("./6/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./6/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./6/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/bus/index") = 0 umount2("./6/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./6/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5260 ./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x555556b175e0, 24) = 0 [pid 5260] chdir("./7") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5260] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5260] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5261], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5261 [pid 5260] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5261] mkdir("./bus", 000) = 0 [pid 5261] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5261] <... futex resumed>) = 0 [pid 5261] memfd_create("syzkaller", 0) = 3 [pid 5261] ftruncate(3, 135266304) = 0 [pid 5261] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5261] mkdir("./file0", 0777) = 0 [pid 5261] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5261] ioctl(4, LOOP_CLR_FD) = 0 [pid 5261] close(4) = 0 [pid 5261] close(3) = 0 [pid 5261] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... futex resumed>) = 0 [pid 5261] mkdir("./file1", 000) = 0 [pid 5261] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5260] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... mount resumed>) = 0 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5260] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] chdir("./bus") = 0 [pid 5261] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = 0 [pid 5260] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] link("./file1", "./bus" [pid 5260] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5260] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5262], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5262 [pid 5260] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5262] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5262] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5262] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... link resumed>) = 0 [pid 5261] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] exit_group(0 [pid 5261] <... futex resumed>) = ? [pid 5260] <... exit_group resumed>) = ? [pid 5262] <... futex resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 54.200018][ T5261] loop0: detected capacity change from 0 to 264192 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./7/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./7/file1/file1") = 0 umount2("./7/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./7/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./7/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/bus/index") = 0 umount2("./7/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./7/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x555556b175e0, 24) = 0 [pid 5263] chdir("./8") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5263] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5264], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5264 [pid 5263] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5264 attached [pid 5264] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5264] mkdir("./bus", 000) = 0 [pid 5264] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5264] <... futex resumed>) = 1 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] ftruncate(3, 135266304) = 0 [pid 5264] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] mkdir("./file0", 0777) = 0 [pid 5264] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [pid 5264] close(3) = 0 [pid 5264] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5263] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] mkdir("./file1", 000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... mkdir resumed>) = 0 [pid 5264] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... mount resumed>) = 0 [pid 5264] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] chdir("./bus") = 0 [pid 5264] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] link("./file1", "./bus" [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5263] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5264] <... link resumed>) = 0 [pid 5263] <... clone resumed>, parent_tid=[5265], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5265 [pid 5263] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5265] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5264] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] <... open resumed>) = 3 [ 54.340284][ T5264] loop0: detected capacity change from 0 to 264192 [pid 5265] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5265] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] exit_group(0 [pid 5265] <... futex resumed>) = ? [pid 5264] <... futex resumed>) = ? [pid 5263] <... exit_group resumed>) = ? [pid 5265] +++ exited with 0 +++ [pid 5264] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./8/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./8/file1/file1") = 0 umount2("./8/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./8/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./8/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/bus/index") = 0 umount2("./8/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./8/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5266 ./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x555556b175e0, 24) = 0 [pid 5266] chdir("./9") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5266] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5267], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5267 [pid 5266] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5267] mkdir("./bus", 000) = 0 [pid 5267] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5266] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5267] memfd_create("syzkaller", 0) = 3 [pid 5267] ftruncate(3, 135266304) = 0 [pid 5267] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] mkdir("./file0", 0777) = 0 [pid 5267] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5267] ioctl(4, LOOP_CLR_FD) = 0 [pid 5267] close(4) = 0 [pid 5267] close(3) = 0 [pid 5267] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 0 [pid 5267] mkdir("./file1", 000) = 0 [pid 5267] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [pid 5267] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5267] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 1 [pid 5267] chdir("./bus") = 0 [pid 5267] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] link("./file1", "./bus" [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5266] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5268], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5268 [pid 5266] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... link resumed>) = 0 [pid 5267] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5268] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [ 54.479714][ T5267] loop0: detected capacity change from 0 to 264192 [pid 5267] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... open resumed>) = 3 [pid 5268] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5266] exit_group(0 [pid 5268] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... exit_group resumed>) = ? [pid 5268] <... futex resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5267] <... futex resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./9/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./9/file1/file1") = 0 umount2("./9/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./9/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./9/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/bus/index") = 0 umount2("./9/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./9/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached , child_tidptr=0x555556b175d0) = 5269 [pid 5269] set_robust_list(0x555556b175e0, 24) = 0 [pid 5269] chdir("./10") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5269] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5270], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5270 ./strace-static-x86_64: Process 5270 attached [pid 5269] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] set_robust_list(0x7f9f27b009e0, 24 [pid 5269] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... set_robust_list resumed>) = 0 [pid 5270] mkdir("./bus", 000) = 0 [pid 5270] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] ftruncate(3, 135266304) = 0 [pid 5270] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] mkdir("./file0", 0777) = 0 [pid 5270] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] close(3) = 0 [pid 5270] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] mkdir("./file1", 000) = 0 [pid 5270] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5270] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] chdir("./bus") = 0 [pid 5270] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5269] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5270] link("./file1", "./bus" [pid 5269] <... mprotect resumed>) = 0 [pid 5269] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5271], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5271 [pid 5269] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5271 attached [pid 5270] <... link resumed>) = 0 [pid 5270] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] set_robust_list(0x7f9f27adf9e0, 24 [pid 5270] <... futex resumed>) = 0 [pid 5271] <... set_robust_list resumed>) = 0 [pid 5271] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5270] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... open resumed>) = 3 [pid 5271] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] exit_group(0) = ? [pid 5270] <... futex resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 54.630907][ T5270] loop0: detected capacity change from 0 to 264192 openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./10/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./10/file1/file1") = 0 umount2("./10/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./10/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./10/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/bus/index") = 0 umount2("./10/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./10/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x555556b175e0, 24) = 0 [pid 5272] chdir("./11") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5272] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x7f9f27b009e0, 24 [pid 5272] <... clone resumed>, parent_tid=[5273], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5273 [pid 5273] <... set_robust_list resumed>) = 0 [pid 5272] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mkdir("./bus", 000 [pid 5272] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... mkdir resumed>) = 0 [pid 5273] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] ftruncate(3, 135266304) = 0 [pid 5273] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] mkdir("./file0", 0777) = 0 [pid 5273] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] close(3) = 0 [pid 5273] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5273] mkdir("./file1", 000 [pid 5272] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... mkdir resumed>) = 0 [pid 5273] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5272] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... mount resumed>) = 0 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] chdir("./bus") = 0 [pid 5273] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5272] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] link("./file1", "./bus" [pid 5272] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5274], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5274 [pid 5272] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... link resumed>) = 0 ./strace-static-x86_64: Process 5274 attached [pid 5273] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5274] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5273] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] <... open resumed>) = 3 [pid 5274] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] exit_group(0) = ? [pid 5274] <... futex resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5273] <... futex resumed>) = ? [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 54.780107][ T5273] loop0: detected capacity change from 0 to 264192 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./11/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./11/file1/file1") = 0 umount2("./11/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./11/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./11/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/bus/index") = 0 umount2("./11/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./11/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x555556b175d0) = 5275 [pid 5275] set_robust_list(0x555556b175e0, 24) = 0 [pid 5275] chdir("./12") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5275] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5276], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5276 [pid 5275] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5276 attached [pid 5276] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5276] mkdir("./bus", 000) = 0 [pid 5276] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] ftruncate(3, 135266304) = 0 [pid 5276] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] mkdir("./file0", 0777) = 0 [pid 5276] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] close(3) = 0 [pid 5276] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] mkdir("./file1", 000) = 0 [pid 5276] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5275] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... mount resumed>) = 0 [pid 5276] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] chdir("./bus") = 0 [pid 5276] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5275] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5277], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5277 [pid 5275] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] link("./file1", "./bus"./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5277] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5277] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5277] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... link resumed>) = 0 [pid 5276] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] exit_group(0 [pid 5277] <... futex resumed>) = ? [pid 5276] <... futex resumed>) = ? [pid 5275] <... exit_group resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 54.915023][ T5276] loop0: detected capacity change from 0 to 264192 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./12/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./12/file1/file1") = 0 umount2("./12/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./12/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./12/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/bus/index") = 0 umount2("./12/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./12/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5278 ./strace-static-x86_64: Process 5278 attached [pid 5278] set_robust_list(0x555556b175e0, 24) = 0 [pid 5278] chdir("./13") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5278] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5279 attached [pid 5279] set_robust_list(0x7f9f27b009e0, 24 [pid 5278] <... clone resumed>, parent_tid=[5279], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5279 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5278] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] mkdir("./bus", 000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... mkdir resumed>) = 0 [pid 5279] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] <... futex resumed>) = 0 [pid 5279] memfd_create("syzkaller", 0 [pid 5278] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5279] <... memfd_create resumed>) = 3 [pid 5279] ftruncate(3, 135266304) = 0 [pid 5279] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5279] mkdir("./file0", 0777) = 0 [pid 5279] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5279] ioctl(4, LOOP_CLR_FD) = 0 [pid 5279] close(4) = 0 [pid 5279] close(3) = 0 [pid 5279] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] mkdir("./file1", 000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... mkdir resumed>) = 0 [pid 5279] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5278] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... mount resumed>) = 0 [pid 5279] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5278] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] chdir("./bus") = 0 [pid 5279] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] link("./file1", "./bus" [pid 5278] <... futex resumed>) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5278] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5280], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5280 [pid 5278] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5280 attached [pid 5280] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5280] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5279] <... link resumed>) = 0 [pid 5279] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... open resumed>) = 3 [pid 5280] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... futex resumed>) = 0 [pid 5278] exit_group(0) = ? [pid 5279] <... futex resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5280] <... futex resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 55.051091][ T5279] loop0: detected capacity change from 0 to 264192 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./13/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./13/file1/file1") = 0 umount2("./13/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./13/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./13/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/bus/index") = 0 umount2("./13/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./13/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x555556b175e0, 24) = 0 [pid 5281] chdir("./14") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5281] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5282 attached , parent_tid=[5282], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5282 [pid 5281] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5282] mkdir("./bus", 000) = 0 [pid 5282] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5282] <... futex resumed>) = 1 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] ftruncate(3, 135266304) = 0 [pid 5282] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] mkdir("./file0", 0777) = 0 [pid 5282] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] close(3) = 0 [pid 5282] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... futex resumed>) = 1 [pid 5282] mkdir("./file1", 000) = 0 [pid 5282] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... futex resumed>) = 1 [pid 5282] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5282] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] chdir("./bus") = 0 [pid 5282] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5281] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5282] link("./file1", "./bus"./strace-static-x86_64: Process 5283 attached [pid 5281] <... clone resumed>, parent_tid=[5283], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5283 [pid 5281] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5283] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5283] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5282] <... link resumed>) = 0 [pid 5282] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... open resumed>) = 3 [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] exit_group(0) = ? [pid 5282] <... futex resumed>) = ? [pid 5283] <... futex resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5283] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./14/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./14/file1/file1") = 0 umount2("./14/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.182190][ T5282] loop0: detected capacity change from 0 to 264192 lstat("./14/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./14/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./14/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/bus/index") = 0 umount2("./14/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./14/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5284 ./strace-static-x86_64: Process 5284 attached [pid 5284] set_robust_list(0x555556b175e0, 24) = 0 [pid 5284] chdir("./15") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5284] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5285], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5285 [pid 5284] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5285 attached [pid 5285] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5285] mkdir("./bus", 000) = 0 [pid 5285] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] memfd_create("syzkaller", 0) = 3 [pid 5285] ftruncate(3, 135266304) = 0 [pid 5285] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5285] mkdir("./file0", 0777) = 0 [pid 5285] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5285] ioctl(4, LOOP_CLR_FD) = 0 [pid 5285] close(4) = 0 [pid 5285] close(3) = 0 [pid 5285] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] mkdir("./file1", 000) = 0 [pid 5285] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5285] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] chdir("./bus") = 0 [pid 5285] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5284] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5286], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5286 [pid 5284] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] link("./file1", "./bus") = 0 [pid 5285] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5286] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5286] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] exit_group(0) = ? [pid 5285] <... futex resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5286] <... futex resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./15/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./15/file1/file1") = 0 umount2("./15/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.314122][ T5285] loop0: detected capacity change from 0 to 264192 lstat("./15/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./15/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./15/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/bus/index") = 0 umount2("./15/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./15/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5287 ./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x555556b175e0, 24) = 0 [pid 5287] chdir("./16") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5287] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5288 attached , parent_tid=[5288], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5288 [pid 5287] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5288] mkdir("./bus", 000) = 0 [pid 5288] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5288] ftruncate(3, 135266304) = 0 [pid 5288] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] mkdir("./file0", 0777) = 0 [pid 5288] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] close(3) = 0 [pid 5288] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] mkdir("./file1", 000) = 0 [pid 5288] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5288] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] chdir("./bus") = 0 [pid 5288] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5287] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5289], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5289 [pid 5287] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] link("./file1", "./bus"./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5289] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5288] <... link resumed>) = 0 [pid 5288] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5289] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] exit_group(0 [pid 5289] <... futex resumed>) = ? [pid 5287] <... exit_group resumed>) = ? [pid 5289] +++ exited with 0 +++ [pid 5288] <... futex resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./16/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./16/file1/file1") = 0 umount2("./16/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./16/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 55.426814][ T5288] loop0: detected capacity change from 0 to 264192 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./16/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/bus/index") = 0 umount2("./16/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./16/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5290 ./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x555556b175e0, 24) = 0 [pid 5290] chdir("./17") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5290] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5290] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5290] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5291] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] <... clone resumed>, parent_tid=[5291], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5291 [pid 5290] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] mkdir("./bus", 000) = 0 [pid 5291] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5291] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5290] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5290] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5291] memfd_create("syzkaller", 0) = 3 [pid 5291] ftruncate(3, 135266304) = 0 [pid 5291] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5291] mkdir("./file0", 0777) = 0 [pid 5291] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5291] ioctl(4, LOOP_CLR_FD) = 0 [pid 5291] close(4) = 0 [pid 5291] close(3) = 0 [pid 5291] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 1 [pid 5291] mkdir("./file1", 000) = 0 [pid 5291] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 1 [pid 5291] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5291] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 1 [pid 5291] chdir("./bus") = 0 [pid 5291] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5290] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5290] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5292], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5292 [pid 5290] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5291] link("./file1", "./bus" [pid 5290] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5292] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5292] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5292] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5291] <... link resumed>) = 0 [pid 5291] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] exit_group(0 [pid 5292] <... futex resumed>) = ? [pid 5290] <... exit_group resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 55.552302][ T5291] loop0: detected capacity change from 0 to 264192 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./17/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./17/file1/file1") = 0 umount2("./17/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./17/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./17/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./17/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/bus/index") = 0 umount2("./17/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./17/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5293 ./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x555556b175e0, 24) = 0 [pid 5293] chdir("./18") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5293] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5294 attached , parent_tid=[5294], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5294 [pid 5294] set_robust_list(0x7f9f27b009e0, 24 [pid 5293] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] <... futex resumed>) = 0 [pid 5294] mkdir("./bus", 000 [pid 5293] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... mkdir resumed>) = 0 [pid 5294] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] memfd_create("syzkaller", 0 [pid 5293] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... memfd_create resumed>) = 3 [pid 5293] <... futex resumed>) = 0 [pid 5294] ftruncate(3, 135266304 [pid 5293] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5294] <... ftruncate resumed>) = 0 [pid 5294] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] mkdir("./file0", 0777) = 0 [pid 5294] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] close(3) = 0 [pid 5294] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] mkdir("./file1", 000) = 0 [pid 5294] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5294] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] chdir("./bus") = 0 [pid 5294] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5293] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5294] link("./file1", "./bus" [pid 5293] <... clone resumed>, parent_tid=[5295], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5295 [pid 5293] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5295] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5295] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5295] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] <... link resumed>) = 0 [pid 5294] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.678441][ T5294] loop0: detected capacity change from 0 to 264192 [pid 5294] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] exit_group(0 [pid 5295] <... futex resumed>) = ? [pid 5293] <... exit_group resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5294] <... futex resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./18/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./18/file1/file1") = 0 umount2("./18/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./18/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./18/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/bus/index") = 0 umount2("./18/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./18/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5296 ./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x555556b175e0, 24) = 0 [pid 5296] chdir("./19") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5296] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5297 attached , parent_tid=[5297], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5297 [pid 5296] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5297] mkdir("./bus", 000) = 0 [pid 5297] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] ftruncate(3, 135266304) = 0 [pid 5297] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] mkdir("./file0", 0777) = 0 [pid 5297] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] close(3) = 0 [pid 5297] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] mkdir("./file1", 000) = 0 [pid 5297] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5297] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] chdir("./bus") = 0 [pid 5297] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5296] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5298], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5298 [pid 5296] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] link("./file1", "./bus"./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5298] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5298] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5298] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... link resumed>) = 0 [pid 5297] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] exit_group(0) = ? [pid 5298] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./19/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./19/file1/file1") = 0 umount2("./19/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./19/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 [ 55.820339][ T5297] loop0: detected capacity change from 0 to 264192 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./19/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/bus/index") = 0 umount2("./19/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./19/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5299 ./strace-static-x86_64: Process 5299 attached [pid 5299] set_robust_list(0x555556b175e0, 24) = 0 [pid 5299] chdir("./20") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5299] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5300 attached [pid 5300] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5300] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... clone resumed>, parent_tid=[5300], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5300 [pid 5299] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5300] mkdir("./bus", 000) = 0 [pid 5300] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5300] memfd_create("syzkaller", 0 [pid 5299] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5300] <... memfd_create resumed>) = 3 [pid 5300] ftruncate(3, 135266304) = 0 [pid 5300] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] mkdir("./file0", 0777) = 0 [pid 5300] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] close(3) = 0 [pid 5300] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 0 [pid 5300] mkdir("./file1", 000) = 0 [pid 5300] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5300] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] chdir("./bus") = 0 [pid 5300] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5299] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5301 attached , parent_tid=[5301], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5301 [pid 5301] set_robust_list(0x7f9f27adf9e0, 24 [pid 5300] <... futex resumed>) = 1 [pid 5299] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... set_robust_list resumed>) = 0 [pid 5300] link("./file1", "./bus" [pid 5299] <... futex resumed>) = 0 [ 55.956232][ T5300] loop0: detected capacity change from 0 to 264192 [pid 5301] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5299] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5301] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5301] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] <... link resumed>) = 0 [pid 5300] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] exit_group(0 [pid 5301] <... futex resumed>) = ? [pid 5299] <... exit_group resumed>) = ? [pid 5301] +++ exited with 0 +++ [pid 5300] <... futex resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./20/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./20/file1/file1") = 0 umount2("./20/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./20/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./20/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/bus/index") = 0 umount2("./20/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./20/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5302 ./strace-static-x86_64: Process 5302 attached [pid 5302] set_robust_list(0x555556b175e0, 24) = 0 [pid 5302] chdir("./21") = 0 [pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5302] setpgid(0, 0) = 0 [pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5302] write(3, "1000", 4) = 4 [pid 5302] close(3) = 0 [pid 5302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5302] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5302] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5303], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5303 [pid 5302] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5303] mkdir("./bus", 000) = 0 [pid 5303] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] memfd_create("syzkaller", 0) = 3 [pid 5303] ftruncate(3, 135266304) = 0 [pid 5303] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] mkdir("./file0", 0777) = 0 [pid 5303] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5303] ioctl(4, LOOP_CLR_FD) = 0 [pid 5303] close(4) = 0 [pid 5303] close(3) = 0 [pid 5303] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] mkdir("./file1", 000) = 0 [pid 5303] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5303] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] chdir("./bus") = 0 [pid 5303] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5302] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5304], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5304 [pid 5302] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] link("./file1", "./bus"./strace-static-x86_64: Process 5304 attached [pid 5304] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5304] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5304] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5304] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... link resumed>) = 0 [pid 5303] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] exit_group(0) = ? [pid 5303] <... futex resumed>) = ? [pid 5303] +++ exited with 0 +++ [pid 5304] <... futex resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./21/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./21/file1/file1") = 0 umount2("./21/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.086137][ T5303] loop0: detected capacity change from 0 to 264192 lstat("./21/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./21/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./21/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/bus/index") = 0 umount2("./21/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./21/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5305 ./strace-static-x86_64: Process 5305 attached [pid 5305] set_robust_list(0x555556b175e0, 24) = 0 [pid 5305] chdir("./22") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5305] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5306], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5306 [pid 5305] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5306 attached [pid 5306] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5306] mkdir("./bus", 000) = 0 [pid 5306] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5306] <... futex resumed>) = 1 [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] ftruncate(3, 135266304) = 0 [pid 5306] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] mkdir("./file0", 0777) = 0 [pid 5306] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] close(3) = 0 [pid 5306] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 1 [pid 5306] mkdir("./file1", 000) = 0 [pid 5306] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 1 [pid 5306] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5306] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 1 [pid 5306] chdir("./bus") = 0 [pid 5306] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5305] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5307], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5307 [pid 5305] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 1 [pid 5306] link("./file1", "./bus") = 0 [pid 5306] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5307 attached [pid 5307] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5307] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5307] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] exit_group(0) = ? [pid 5306] <... futex resumed>) = ? [pid 5306] +++ exited with 0 +++ [pid 5307] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./22/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./22/file1/file1") = 0 umount2("./22/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./22/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 [ 56.193287][ T5306] loop0: detected capacity change from 0 to 264192 close(4) = 0 rmdir("./22/file1") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./22/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/bus/index") = 0 umount2("./22/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./22/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5308 ./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x555556b175e0, 24) = 0 [pid 5308] chdir("./23") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5308] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5309], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5309 [pid 5308] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5309] mkdir("./bus", 000) = 0 [pid 5309] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5309] <... futex resumed>) = 1 [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] ftruncate(3, 135266304) = 0 [pid 5309] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] mkdir("./file0", 0777) = 0 [pid 5309] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5309] ioctl(4, LOOP_CLR_FD) = 0 [pid 5309] close(4) = 0 [pid 5309] close(3) = 0 [pid 5309] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = 1 [pid 5309] mkdir("./file1", 000) = 0 [pid 5309] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = 1 [pid 5309] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5309] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = 1 [pid 5309] chdir("./bus") = 0 [pid 5309] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5308] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5310], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5310 [pid 5308] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = 1 [pid 5309] link("./file1", "./bus"./strace-static-x86_64: Process 5310 attached [pid 5310] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5310] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5310] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5310] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... link resumed>) = 0 [pid 5309] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] exit_group(0 [pid 5310] <... futex resumed>) = ? [pid 5308] <... exit_group resumed>) = ? [pid 5310] +++ exited with 0 +++ [ 56.340862][ T5309] loop0: detected capacity change from 0 to 264192 [pid 5309] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./23/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./23/file1/file1") = 0 umount2("./23/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./23/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./23/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/bus/index") = 0 umount2("./23/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./23/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5311 ./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x555556b175e0, 24) = 0 [pid 5311] chdir("./24") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5311] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5312], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5312 ./strace-static-x86_64: Process 5312 attached [pid 5312] set_robust_list(0x7f9f27b009e0, 24 [pid 5311] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... set_robust_list resumed>) = 0 [pid 5312] mkdir("./bus", 000) = 0 [pid 5312] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] ftruncate(3, 135266304) = 0 [pid 5312] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] mkdir("./file0", 0777) = 0 [pid 5312] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] close(3) = 0 [pid 5312] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5312] mkdir("./file1", 000) = 0 [pid 5312] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5312] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5312] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5312] chdir("./bus") = 0 [pid 5312] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5311] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5313 attached , parent_tid=[5313], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5313 [pid 5311] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5313] set_robust_list(0x7f9f27adf9e0, 24 [pid 5312] link("./file1", "./bus" [pid 5313] <... set_robust_list resumed>) = 0 [pid 5313] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5313] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5313] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... link resumed>) = 0 [pid 5312] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] exit_group(0) = ? [pid 5313] <... futex resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5312] <... futex resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 [ 56.459759][ T5312] loop0: detected capacity change from 0 to 264192 umount2("./24/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./24/file1/file1") = 0 umount2("./24/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./24/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./24/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/bus/index") = 0 umount2("./24/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./24/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5314 attached , child_tidptr=0x555556b175d0) = 5314 [pid 5314] set_robust_list(0x555556b175e0, 24) = 0 [pid 5314] chdir("./25") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5314] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5315 attached , parent_tid=[5315], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5315 [pid 5314] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5315] mkdir("./bus", 000) = 0 [pid 5315] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5315] memfd_create("syzkaller", 0) = 3 [pid 5315] ftruncate(3, 135266304) = 0 [pid 5315] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5315] mkdir("./file0", 0777) = 0 [pid 5315] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5315] ioctl(4, LOOP_CLR_FD) = 0 [pid 5315] close(4) = 0 [pid 5315] close(3) = 0 [pid 5315] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] mkdir("./file1", 000 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... mkdir resumed>) = 0 [pid 5315] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... mount resumed>) = 0 [pid 5315] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] chdir("./bus") = 0 [pid 5315] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5314] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5315] link("./file1", "./bus" [pid 5314] <... mprotect resumed>) = 0 [pid 5314] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5316], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5316 [pid 5314] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... link resumed>) = 0 [pid 5315] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5316 attached [pid 5316] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5316] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] <... open resumed>) = 3 [pid 5316] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] exit_group(0 [pid 5315] <... futex resumed>) = ? [pid 5314] <... exit_group resumed>) = ? [pid 5315] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 56.590064][ T5315] loop0: detected capacity change from 0 to 264192 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./25/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./25/file1/file1") = 0 umount2("./25/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./25/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./25/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/bus/index") = 0 umount2("./25/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./25/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x555556b175e0, 24) = 0 [pid 5317] chdir("./26") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5317] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5318 attached [pid 5318] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5318] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... clone resumed>, parent_tid=[5318], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5318 [pid 5317] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5318] mkdir("./bus", 000 [pid 5317] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... mkdir resumed>) = 0 [pid 5318] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5317] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] ftruncate(3, 135266304) = 0 [pid 5318] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] mkdir("./file0", 0777) = 0 [pid 5318] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] close(3) = 0 [pid 5318] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] mkdir("./file1", 000 [pid 5317] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... mkdir resumed>) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5318] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5317] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... mount resumed>) = 0 [pid 5318] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 1 [pid 5318] chdir("./bus") = 0 [pid 5318] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5317] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] link("./file1", "./bus" [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5317] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5319 attached , parent_tid=[5319], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5319 [pid 5317] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5319] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5319] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... link resumed>) = 0 [pid 5318] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5319] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] exit_group(0 [pid 5319] <... futex resumed>) = ? [pid 5317] <... exit_group resumed>) = ? [pid 5319] +++ exited with 0 +++ [pid 5318] <... futex resumed>) = ? [ 56.731143][ T5318] loop0: detected capacity change from 0 to 264192 [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./26/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./26/file1/file1") = 0 umount2("./26/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./26/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./26/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/bus/index") = 0 umount2("./26/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./26/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x555556b175e0, 24) = 0 [pid 5320] chdir("./27") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5320] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5321 attached , parent_tid=[5321], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5321 [pid 5321] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5321] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5321] mkdir("./bus", 000 [pid 5320] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... mkdir resumed>) = 0 [pid 5321] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5320] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] ftruncate(3, 135266304) = 0 [pid 5321] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] mkdir("./file0", 0777) = 0 [pid 5321] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5321] ioctl(4, LOOP_CLR_FD) = 0 [pid 5321] close(4) = 0 [pid 5321] close(3) = 0 [pid 5321] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... futex resumed>) = 1 [pid 5321] mkdir("./file1", 000) = 0 [pid 5321] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5320] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... mount resumed>) = 0 [pid 5321] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5320] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] chdir("./bus" [pid 5320] <... futex resumed>) = 0 [pid 5321] <... chdir resumed>) = 0 [pid 5320] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] <... futex resumed>) = 0 [pid 5320] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] link("./file1", "./bus" [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5320] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5322 attached , parent_tid=[5322], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5322 [pid 5322] set_robust_list(0x7f9f27adf9e0, 24 [pid 5320] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... link resumed>) = 0 [pid 5322] <... set_robust_list resumed>) = 0 [pid 5322] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5321] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... open resumed>) = 3 [pid 5322] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5322] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] exit_group(0) = ? [pid 5322] <... futex resumed>) = ? [pid 5322] +++ exited with 0 +++ [pid 5321] <... futex resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.870379][ T5321] loop0: detected capacity change from 0 to 264192 lstat("./27/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./27/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./27/file1/file1") = 0 umount2("./27/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./27/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./27/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/bus/index") = 0 umount2("./27/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./27/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5323 ./strace-static-x86_64: Process 5323 attached [pid 5323] set_robust_list(0x555556b175e0, 24) = 0 [pid 5323] chdir("./28") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5323] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5324], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5324 [pid 5323] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5324] mkdir("./bus", 000) = 0 [pid 5324] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5324] <... futex resumed>) = 1 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] ftruncate(3, 135266304) = 0 [pid 5324] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] mkdir("./file0", 0777) = 0 [pid 5324] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [pid 5324] close(3) = 0 [pid 5324] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... futex resumed>) = 1 [pid 5324] mkdir("./file1", 000) = 0 [pid 5324] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... futex resumed>) = 1 [pid 5324] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5324] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... futex resumed>) = 1 [pid 5324] chdir("./bus") = 0 [pid 5324] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5323] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5325], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5325 [pid 5323] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... futex resumed>) = 1 [pid 5324] link("./file1", "./bus"./strace-static-x86_64: Process 5325 attached [pid 5325] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5324] <... link resumed>) = 0 [pid 5324] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5324] <... futex resumed>) = 0 [pid 5324] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] <... open resumed>) = 3 [pid 5325] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] exit_group(0) = ? [pid 5324] <... futex resumed>) = ? [pid 5324] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./28/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./28/file1/file1") = 0 umount2("./28/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./28/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 [ 56.983994][ T5324] loop0: detected capacity change from 0 to 264192 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./28/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/bus/index") = 0 umount2("./28/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./28/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5326 ./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x555556b175e0, 24) = 0 [pid 5326] chdir("./29") = 0 [pid 5326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5326] setpgid(0, 0) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5326] write(3, "1000", 4) = 4 [pid 5326] close(3) = 0 [pid 5326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5326] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5326] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5327], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5327 [pid 5326] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5327 attached [pid 5327] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5327] mkdir("./bus", 000) = 0 [pid 5327] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5327] <... futex resumed>) = 1 [pid 5327] memfd_create("syzkaller", 0) = 3 [pid 5327] ftruncate(3, 135266304) = 0 [pid 5327] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5327] mkdir("./file0", 0777) = 0 [pid 5327] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5327] ioctl(4, LOOP_CLR_FD) = 0 [pid 5327] close(4) = 0 [pid 5327] close(3) = 0 [pid 5327] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... futex resumed>) = 1 [pid 5327] mkdir("./file1", 000) = 0 [pid 5327] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... futex resumed>) = 1 [pid 5327] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5327] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... futex resumed>) = 1 [pid 5327] chdir("./bus") = 0 [pid 5327] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5326] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5328], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5328 [pid 5326] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... futex resumed>) = 1 [pid 5327] link("./file1", "./bus"./strace-static-x86_64: Process 5328 attached [pid 5328] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5328] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5328] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... link resumed>) = 0 [pid 5327] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... futex resumed>) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] exit_group(0) = ? [pid 5327] <... futex resumed>) = ? [pid 5327] +++ exited with 0 +++ [pid 5328] +++ exited with 0 +++ [pid 5326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5326, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./29/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./29/file1/file1") = 0 umount2("./29/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./29/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 57.088005][ T5327] loop0: detected capacity change from 0 to 264192 rmdir("./29/file0") = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./29/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/bus/index") = 0 umount2("./29/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./29/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5329 ./strace-static-x86_64: Process 5329 attached [pid 5329] set_robust_list(0x555556b175e0, 24) = 0 [pid 5329] chdir("./30") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5329] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5330], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5330 [pid 5329] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5330 attached [pid 5330] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5330] mkdir("./bus", 000) = 0 [pid 5330] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] ftruncate(3, 135266304) = 0 [pid 5330] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] mkdir("./file0", 0777) = 0 [pid 5330] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] close(3) = 0 [pid 5330] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] mkdir("./file1", 000) = 0 [pid 5330] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5330] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] chdir("./bus") = 0 [pid 5330] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5329] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5331], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5331 [pid 5329] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] link("./file1", "./bus"./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5331] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5331] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 1 [pid 5331] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] <... link resumed>) = 0 [pid 5330] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] exit_group(0) = ? [pid 5331] <... futex resumed>) = ? [pid 5330] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./30/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./30/file1/file1") = 0 [ 57.199684][ T5330] loop0: detected capacity change from 0 to 264192 umount2("./30/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./30/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./30/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/bus/index") = 0 umount2("./30/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./30/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5332 ./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x555556b175e0, 24) = 0 [pid 5332] chdir("./31") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5332] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5333 attached , parent_tid=[5333], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5333 [pid 5332] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5333] mkdir("./bus", 000) = 0 [pid 5333] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] memfd_create("syzkaller", 0 [pid 5332] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5333] <... memfd_create resumed>) = 3 [pid 5333] ftruncate(3, 135266304) = 0 [pid 5333] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5333] mkdir("./file0", 0777) = 0 [pid 5333] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [pid 5333] close(4) = 0 [pid 5333] close(3) = 0 [pid 5333] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5332] <... futex resumed>) = 0 [pid 5333] mkdir("./file1", 000 [pid 5332] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... mkdir resumed>) = 0 [pid 5333] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5333] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5333] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 1 [pid 5333] chdir("./bus") = 0 [pid 5333] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5333] link("./file1", "./bus" [pid 5332] <... mmap resumed>) = 0x7f9f27abf000 [pid 5332] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5334], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5334 [pid 5332] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5334] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5334] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [ 57.319467][ T5333] loop0: detected capacity change from 0 to 264192 [pid 5334] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] <... link resumed>) = 0 [pid 5333] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] exit_group(0 [pid 5333] <... futex resumed>) = ? [pid 5332] <... exit_group resumed>) = ? [pid 5333] +++ exited with 0 +++ [pid 5334] <... futex resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5332, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./31/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./31/file1/file1") = 0 umount2("./31/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./31/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./31/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./31/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/bus/index") = 0 umount2("./31/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./31/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5335 ./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x555556b175e0, 24) = 0 [pid 5335] chdir("./32") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5335] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5336 attached , parent_tid=[5336], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5336 [pid 5336] set_robust_list(0x7f9f27b009e0, 24 [pid 5335] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... set_robust_list resumed>) = 0 [pid 5335] <... futex resumed>) = 0 [pid 5336] mkdir("./bus", 000 [pid 5335] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... mkdir resumed>) = 0 [pid 5336] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] <... futex resumed>) = 0 [pid 5336] memfd_create("syzkaller", 0 [pid 5335] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5336] <... memfd_create resumed>) = 3 [pid 5336] ftruncate(3, 135266304) = 0 [pid 5336] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] mkdir("./file0", 0777) = 0 [pid 5336] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] close(3) = 0 [pid 5336] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] <... futex resumed>) = 0 [pid 5336] mkdir("./file1", 000 [pid 5335] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... mkdir resumed>) = 0 [pid 5336] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5336] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5335] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... mount resumed>) = 0 [pid 5336] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5335] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] chdir("./bus" [pid 5335] <... futex resumed>) = 0 [pid 5336] <... chdir resumed>) = 0 [pid 5335] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] <... futex resumed>) = 0 [pid 5335] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] link("./file1", "./bus" [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5335] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5336] <... link resumed>) = 0 [pid 5335] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5337 attached [pid 5336] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] <... clone resumed>, parent_tid=[5337], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5337 [pid 5337] set_robust_list(0x7f9f27adf9e0, 24 [pid 5336] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... set_robust_list resumed>) = 0 [pid 5335] <... futex resumed>) = 0 [pid 5337] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5335] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] <... open resumed>) = 3 [pid 5337] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5337] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] exit_group(0 [pid 5337] <... futex resumed>) = ? [pid 5336] <... futex resumed>) = ? [pid 5335] <... exit_group resumed>) = ? [pid 5336] +++ exited with 0 +++ [ 57.453277][ T5336] loop0: detected capacity change from 0 to 264192 [pid 5337] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./32/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./32/file1/file1") = 0 umount2("./32/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./32/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./32/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/bus/index") = 0 umount2("./32/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./32/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5338 ./strace-static-x86_64: Process 5338 attached [pid 5338] set_robust_list(0x555556b175e0, 24) = 0 [pid 5338] chdir("./33") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5338] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5339 attached [pid 5339] set_robust_list(0x7f9f27b009e0, 24 [pid 5338] <... clone resumed>, parent_tid=[5339], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5339 [pid 5339] <... set_robust_list resumed>) = 0 [pid 5338] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] mkdir("./bus", 000) = 0 [pid 5339] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5338] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] ftruncate(3, 135266304) = 0 [pid 5339] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5339] mkdir("./file0", 0777) = 0 [pid 5339] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5339] ioctl(4, LOOP_CLR_FD) = 0 [pid 5339] close(4) = 0 [pid 5339] close(3) = 0 [pid 5339] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] mkdir("./file1", 000 [pid 5338] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... mkdir resumed>) = 0 [pid 5339] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5339] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] chdir("./bus") = 0 [pid 5339] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] link("./file1", "./bus" [pid 5338] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... link resumed>) = 0 [pid 5338] <... futex resumed>) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5338] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5339] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... mprotect resumed>) = 0 [pid 5338] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5339] <... futex resumed>) = 0 [pid 5338] <... clone resumed>, parent_tid=[5340], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5340 [pid 5338] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5340 attached [pid 5340] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5340] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [ 57.596670][ T5339] loop0: detected capacity change from 0 to 264192 [pid 5340] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] exit_group(0 [pid 5339] <... futex resumed>) = ? [pid 5338] <... exit_group resumed>) = ? [pid 5339] +++ exited with 0 +++ [pid 5340] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./33/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./33/file1/file1") = 0 umount2("./33/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./33/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./33/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/bus/index") = 0 umount2("./33/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./33/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5341 ./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x555556b175e0, 24) = 0 [pid 5341] chdir("./34") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5341] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5342 attached [pid 5342] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5342] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... clone resumed>, parent_tid=[5342], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5342 [pid 5341] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] mkdir("./bus", 000 [pid 5341] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... mkdir resumed>) = 0 [pid 5342] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5342] memfd_create("syzkaller", 0 [pid 5341] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5342] <... memfd_create resumed>) = 3 [pid 5342] ftruncate(3, 135266304) = 0 [pid 5342] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] mkdir("./file0", 0777) = 0 [pid 5342] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5342] ioctl(4, LOOP_CLR_FD) = 0 [pid 5342] close(4) = 0 [pid 5342] close(3) = 0 [pid 5342] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] mkdir("./file1", 000) = 0 [pid 5342] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5342] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] chdir("./bus") = 0 [pid 5342] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5341] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5342] link("./file1", "./bus" [pid 5341] <... mprotect resumed>) = 0 [pid 5341] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5343], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5343 [pid 5341] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5343 attached [pid 5343] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5343] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5343] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5343] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... link resumed>) = 0 [pid 5342] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] exit_group(0) = ? [pid 5343] <... futex resumed>) = ? [pid 5343] +++ exited with 0 +++ [ 57.738278][ T5342] loop0: detected capacity change from 0 to 264192 [pid 5342] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./34/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./34/file1/file1") = 0 umount2("./34/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./34/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./34/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/bus/index") = 0 umount2("./34/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./34/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5344 ./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x555556b175e0, 24) = 0 [pid 5344] chdir("./35") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5344] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5345 attached , parent_tid=[5345], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5345 [pid 5345] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5345] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5345] mkdir("./bus", 000 [pid 5344] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... mkdir resumed>) = 0 [pid 5345] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5344] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5345] memfd_create("syzkaller", 0) = 3 [pid 5345] ftruncate(3, 135266304) = 0 [pid 5345] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] mkdir("./file0", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] close(3) = 0 [pid 5345] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5344] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] mkdir("./file1", 000) = 0 [pid 5345] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5344] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... mount resumed>) = 0 [pid 5345] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 1 [pid 5344] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... futex resumed>) = 0 [pid 5345] chdir("./bus") = 0 [pid 5345] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5344] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] link("./file1", "./bus" [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5344] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5346 attached , parent_tid=[5346], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5346 [pid 5344] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5346] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5346] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5346] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] <... link resumed>) = 0 [pid 5345] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] exit_group(0 [pid 5346] <... futex resumed>) = ? [pid 5344] <... exit_group resumed>) = ? [pid 5345] <... futex resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5345] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.881092][ T5345] loop0: detected capacity change from 0 to 264192 openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./35/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./35/file1/file1") = 0 umount2("./35/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./35/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./35/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/bus/index") = 0 umount2("./35/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./35/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5347 ./strace-static-x86_64: Process 5347 attached [pid 5347] set_robust_list(0x555556b175e0, 24) = 0 [pid 5347] chdir("./36") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5347] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5347] <... clone resumed>, parent_tid=[5348], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5348 [pid 5348] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5347] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] mkdir("./bus", 000) = 0 [pid 5348] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] memfd_create("syzkaller", 0 [pid 5347] <... futex resumed>) = 0 [pid 5348] <... memfd_create resumed>) = 3 [pid 5347] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5348] ftruncate(3, 135266304) = 0 [pid 5348] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] mkdir("./file0", 0777) = 0 [pid 5348] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] close(3) = 0 [pid 5348] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] mkdir("./file1", 000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... mkdir resumed>) = 0 [pid 5348] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = 0 [pid 5348] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5347] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... mount resumed>) = 0 [pid 5348] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] chdir("./bus") = 0 [pid 5348] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] link("./file1", "./bus" [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5347] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5349], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5349 ./strace-static-x86_64: Process 5349 attached [pid 5348] <... link resumed>) = 0 [pid 5347] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] set_robust_list(0x7f9f27adf9e0, 24 [pid 5348] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... set_robust_list resumed>) = 0 [pid 5349] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [ 58.028112][ T5348] loop0: detected capacity change from 0 to 264192 [pid 5349] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5349] <... futex resumed>) = 1 [pid 5347] exit_group(0) = ? [pid 5348] <... futex resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ [pid 5347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./36/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./36/file1/file1") = 0 umount2("./36/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./36/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./36/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/bus/index") = 0 umount2("./36/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./36/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5350 ./strace-static-x86_64: Process 5350 attached [pid 5350] set_robust_list(0x555556b175e0, 24) = 0 [pid 5350] chdir("./37") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5350] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5351 attached [pid 5351] set_robust_list(0x7f9f27b009e0, 24 [pid 5350] <... clone resumed>, parent_tid=[5351], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5351 [pid 5350] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... set_robust_list resumed>) = 0 [pid 5351] mkdir("./bus", 000) = 0 [pid 5351] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] memfd_create("syzkaller", 0 [pid 5350] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5351] <... memfd_create resumed>) = 3 [pid 5351] ftruncate(3, 135266304) = 0 [pid 5351] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] mkdir("./file0", 0777) = 0 [pid 5351] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] close(3) = 0 [pid 5351] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5350] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] mkdir("./file1", 000 [pid 5350] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... mkdir resumed>) = 0 [pid 5351] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5350] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... mount resumed>) = 0 [pid 5351] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] chdir("./bus" [pid 5350] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... chdir resumed>) = 0 [pid 5351] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [ 58.167896][ T5351] loop0: detected capacity change from 0 to 264192 [pid 5351] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] link("./file1", "./bus" [pid 5350] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5351] <... link resumed>) = 0 [pid 5350] <... mmap resumed>) = 0x7f9f27abf000 [pid 5351] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... mprotect resumed>) = 0 [pid 5350] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5352 attached , parent_tid=[5352], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5352 [pid 5352] set_robust_list(0x7f9f27adf9e0, 24 [pid 5350] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... set_robust_list resumed>) = 0 [pid 5352] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5352] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5350] exit_group(0) = ? [pid 5351] <... futex resumed>) = ? [pid 5351] +++ exited with 0 +++ [pid 5352] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=3, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./37/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./37/file1/file1") = 0 umount2("./37/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./37/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./37/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/bus/index") = 0 umount2("./37/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./37/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x555556b175e0, 24) = 0 [pid 5353] chdir("./38") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5353] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5354 attached , parent_tid=[5354], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5354 [pid 5354] set_robust_list(0x7f9f27b009e0, 24 [pid 5353] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... set_robust_list resumed>) = 0 [pid 5354] mkdir("./bus", 000) = 0 [pid 5354] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] ftruncate(3, 135266304) = 0 [pid 5354] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] mkdir("./file0", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] close(3) = 0 [pid 5354] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] mkdir("./file1", 000) = 0 [pid 5354] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5354] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5354] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5353] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] chdir("./bus") = 0 [pid 5354] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5353] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5354] link("./file1", "./bus" [pid 5353] <... mprotect resumed>) = 0 [pid 5353] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5355], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5355 [pid 5353] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... link resumed>) = 0 [pid 5354] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5354] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5355 attached [pid 5355] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5355] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5355] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] exit_group(0) = ? [pid 5354] <... futex resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5355] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 [ 58.320949][ T5354] loop0: detected capacity change from 0 to 264192 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./38/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./38/file1/file1") = 0 umount2("./38/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./38/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./38/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/bus/index") = 0 umount2("./38/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./38/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5356 ./strace-static-x86_64: Process 5356 attached [pid 5356] set_robust_list(0x555556b175e0, 24) = 0 [pid 5356] chdir("./39") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5356] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5357 attached , parent_tid=[5357], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5357 [pid 5357] set_robust_list(0x7f9f27b009e0, 24 [pid 5356] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... set_robust_list resumed>) = 0 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] mkdir("./bus", 000) = 0 [pid 5357] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5356] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] ftruncate(3, 135266304) = 0 [pid 5357] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] mkdir("./file0", 0777) = 0 [pid 5357] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] close(3) = 0 [pid 5357] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 1 [pid 5357] mkdir("./file1", 000 [pid 5356] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... mkdir resumed>) = 0 [pid 5357] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5356] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... mount resumed>) = 0 [pid 5357] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] chdir("./bus" [pid 5356] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... chdir resumed>) = 0 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5357] link("./file1", "./bus" [pid 5356] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5356] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5358], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5358 [pid 5356] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... link resumed>) = 0 [pid 5357] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5358] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5358] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] exit_group(0 [pid 5357] <... futex resumed>) = ? [pid 5356] <... exit_group resumed>) = ? [pid 5357] +++ exited with 0 +++ [pid 5358] <... futex resumed>) = ? [ 58.445227][ T5357] loop0: detected capacity change from 0 to 264192 [pid 5358] +++ exited with 0 +++ [pid 5356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5356, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./39/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./39/file1/file1") = 0 umount2("./39/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./39/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./39/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/bus/index") = 0 umount2("./39/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./39/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x555556b175e0, 24) = 0 [pid 5359] chdir("./40") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5359] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5360], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5360 [pid 5359] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5360 attached [pid 5360] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5360] mkdir("./bus", 000) = 0 [pid 5360] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] ftruncate(3, 135266304) = 0 [pid 5360] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] mkdir("./file0", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] close(3) = 0 [pid 5360] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] mkdir("./file1", 000) = 0 [pid 5360] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5360] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] chdir("./bus") = 0 [pid 5360] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5359] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5361], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5361 [pid 5359] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] link("./file1", "./bus"./strace-static-x86_64: Process 5361 attached [pid 5361] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5361] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5361] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... link resumed>) = 0 [pid 5360] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... futex resumed>) = 0 [pid 5359] exit_group(0) = ? [pid 5361] <... futex resumed>) = ? [pid 5360] <... futex resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./40/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./40/file1/file1") = 0 umount2("./40/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./40/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 [ 58.571773][ T5360] loop0: detected capacity change from 0 to 264192 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./40/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/bus/index") = 0 umount2("./40/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./40/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5362 ./strace-static-x86_64: Process 5362 attached [pid 5362] set_robust_list(0x555556b175e0, 24) = 0 [pid 5362] chdir("./41") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5362] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5363 attached , parent_tid=[5363], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5363 [pid 5363] set_robust_list(0x7f9f27b009e0, 24 [pid 5362] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... set_robust_list resumed>) = 0 [pid 5363] mkdir("./bus", 000) = 0 [pid 5363] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5363] <... futex resumed>) = 1 [pid 5363] memfd_create("syzkaller", 0) = 3 [pid 5363] ftruncate(3, 135266304) = 0 [pid 5363] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] mkdir("./file0", 0777) = 0 [pid 5363] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [pid 5363] close(3) = 0 [pid 5363] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] mkdir("./file1", 000) = 0 [pid 5363] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5363] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] chdir("./bus") = 0 [pid 5363] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5362] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5363] link("./file1", "./bus"./strace-static-x86_64: Process 5364 attached [pid 5362] <... clone resumed>, parent_tid=[5364], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5364 [pid 5362] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5364] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5363] <... link resumed>) = 0 [pid 5363] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... open resumed>) = 3 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5362] exit_group(0 [pid 5364] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... exit_group resumed>) = ? [pid 5363] <... futex resumed>) = ? [pid 5364] <... futex resumed>) = ? [pid 5363] +++ exited with 0 +++ [pid 5364] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5362, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./41/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./41/file1/file1") = 0 umount2("./41/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 [ 58.694492][ T5363] loop0: detected capacity change from 0 to 264192 unlink("./41/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./41/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/bus/index") = 0 umount2("./41/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./41/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x555556b175e0, 24) = 0 [pid 5365] chdir("./42") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5365] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5366 attached , parent_tid=[5366], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5366 [pid 5366] set_robust_list(0x7f9f27b009e0, 24 [pid 5365] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... set_robust_list resumed>) = 0 [pid 5366] mkdir("./bus", 000) = 0 [pid 5366] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] ftruncate(3, 135266304) = 0 [pid 5366] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] mkdir("./file0", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] close(3) = 0 [pid 5366] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] mkdir("./file1", 000) = 0 [pid 5366] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5366] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] chdir("./bus") = 0 [pid 5366] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5365] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5367 attached , parent_tid=[5367], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5367 [pid 5365] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] link("./file1", "./bus" [pid 5367] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5367] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5367] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... link resumed>) = 0 [pid 5366] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] exit_group(0 [pid 5367] <... futex resumed>) = ? [pid 5365] <... exit_group resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5366] <... futex resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./42/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./42/file1/file1") = 0 umount2("./42/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 [ 58.824905][ T5366] loop0: detected capacity change from 0 to 264192 unlink("./42/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./42/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/bus/index") = 0 umount2("./42/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./42/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5368 ./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x555556b175e0, 24) = 0 [pid 5368] chdir("./43") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5368] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5369 attached , parent_tid=[5369], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5369 [pid 5369] set_robust_list(0x7f9f27b009e0, 24 [pid 5368] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5368] <... futex resumed>) = 0 [pid 5369] mkdir("./bus", 000 [pid 5368] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... mkdir resumed>) = 0 [pid 5369] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5369] memfd_create("syzkaller", 0) = 3 [pid 5369] ftruncate(3, 135266304) = 0 [pid 5369] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3 [pid 5368] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5369] <... ioctl resumed>) = 0 [pid 5369] mkdir("./file0", 0777) = 0 [pid 5369] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] close(3) = 0 [pid 5369] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] mkdir("./file1", 000) = 0 [pid 5369] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5368] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... mount resumed>) = 0 [pid 5369] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] chdir("./bus" [pid 5368] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... chdir resumed>) = 0 [pid 5369] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] link("./file1", "./bus" [pid 5368] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5368] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5370], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5370 [pid 5368] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... link resumed>) = 0 [pid 5369] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5370 attached [pid 5370] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5370] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5370] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] exit_group(0 [pid 5369] <... futex resumed>) = ? [pid 5368] <... exit_group resumed>) = ? [pid 5369] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 [ 58.959367][ T5369] loop0: detected capacity change from 0 to 264192 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./43/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./43/file1/file1") = 0 umount2("./43/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./43/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./43/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/bus/index") = 0 umount2("./43/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./43/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5371 ./strace-static-x86_64: Process 5371 attached [pid 5371] set_robust_list(0x555556b175e0, 24) = 0 [pid 5371] chdir("./44") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5371] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5372 attached , parent_tid=[5372], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5372 [pid 5372] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5371] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] mkdir("./bus", 000) = 0 [pid 5372] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] ftruncate(3, 135266304) = 0 [pid 5372] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] mkdir("./file0", 0777) = 0 [pid 5372] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] close(3) = 0 [pid 5372] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5371] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] mkdir("./file1", 000) = 0 [pid 5372] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5371] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... mount resumed>) = 0 [pid 5372] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5372] <... futex resumed>) = 1 [pid 5371] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] chdir("./bus") = 0 [pid 5372] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] link("./file1", "./bus" [pid 5371] <... futex resumed>) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5371] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5373], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5373 [pid 5371] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5373] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5373] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5373] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... link resumed>) = 0 [pid 5372] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] exit_group(0) = ? [pid 5373] <... futex resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5372] <... futex resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./44/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 [ 59.095276][ T5372] loop0: detected capacity change from 0 to 264192 unlink("./44/file1/file1") = 0 umount2("./44/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./44/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./44/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/bus/index") = 0 umount2("./44/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./44/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5374 ./strace-static-x86_64: Process 5374 attached [pid 5374] set_robust_list(0x555556b175e0, 24) = 0 [pid 5374] chdir("./45") = 0 [pid 5374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5374] setpgid(0, 0) = 0 [pid 5374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5374] write(3, "1000", 4) = 4 [pid 5374] close(3) = 0 [pid 5374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5374] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5374] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5375], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5375 [pid 5374] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5375 attached [pid 5375] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5375] mkdir("./bus", 000) = 0 [pid 5375] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5375] <... futex resumed>) = 1 [pid 5375] memfd_create("syzkaller", 0) = 3 [pid 5375] ftruncate(3, 135266304) = 0 [pid 5375] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5375] mkdir("./file0", 0777) = 0 [pid 5375] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5375] ioctl(4, LOOP_CLR_FD) = 0 [pid 5375] close(4) = 0 [pid 5375] close(3) = 0 [pid 5375] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] mkdir("./file1", 000) = 0 [pid 5375] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... mount resumed>) = 0 [pid 5375] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] chdir("./bus") = 0 [pid 5375] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5375] link("./file1", "./bus" [pid 5374] <... mmap resumed>) = 0x7f9f27abf000 [pid 5374] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5376], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5376 [pid 5374] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5376 attached [pid 5376] set_robust_list(0x7f9f27adf9e0, 24 [pid 5375] <... link resumed>) = 0 [pid 5376] <... set_robust_list resumed>) = 0 [pid 5376] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [ 59.221992][ T5375] loop0: detected capacity change from 0 to 264192 [pid 5375] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] <... open resumed>) = 3 [pid 5376] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5374] exit_group(0) = ? [pid 5376] <... futex resumed>) = ? [pid 5376] +++ exited with 0 +++ [pid 5375] <... futex resumed>) = ? [pid 5375] +++ exited with 0 +++ [pid 5374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5374, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./45/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./45/file1/file1") = 0 umount2("./45/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./45/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./45/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/bus/index") = 0 umount2("./45/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./45/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5377 ./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x555556b175e0, 24) = 0 [pid 5377] chdir("./46") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5377] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5378 attached , parent_tid=[5378], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5378 [pid 5377] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5378] mkdir("./bus", 000) = 0 [pid 5378] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] memfd_create("syzkaller", 0) = 3 [pid 5378] ftruncate(3, 135266304) = 0 [pid 5378] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] mkdir("./file0", 0777) = 0 [pid 5378] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] close(3) = 0 [pid 5378] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] mkdir("./file1", 000) = 0 [pid 5378] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5378] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] chdir("./bus") = 0 [pid 5378] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5377] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5379], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5379 [pid 5377] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... futex resumed>) = 1 [pid 5378] link("./file1", "./bus"./strace-static-x86_64: Process 5379 attached [pid 5379] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5379] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5379] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [ 59.369115][ T5378] loop0: detected capacity change from 0 to 264192 [pid 5379] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5378] <... link resumed>) = 0 [pid 5378] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] exit_group(0 [pid 5379] <... futex resumed>) = ? [pid 5378] <... futex resumed>) = ? [pid 5377] <... exit_group resumed>) = ? [pid 5379] +++ exited with 0 +++ [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./46/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./46/file1/file1") = 0 umount2("./46/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./46/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./46/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/bus/index") = 0 umount2("./46/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./46/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5380 ./strace-static-x86_64: Process 5380 attached [pid 5380] set_robust_list(0x555556b175e0, 24) = 0 [pid 5380] chdir("./47") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5380] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5381 attached [pid 5381] set_robust_list(0x7f9f27b009e0, 24 [pid 5380] <... clone resumed>, parent_tid=[5381], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5381 [pid 5380] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... set_robust_list resumed>) = 0 [pid 5381] mkdir("./bus", 000) = 0 [pid 5381] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5381] memfd_create("syzkaller", 0) = 3 [pid 5381] ftruncate(3, 135266304) = 0 [pid 5381] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5381] mkdir("./file0", 0777) = 0 [pid 5381] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5381] ioctl(4, LOOP_CLR_FD) = 0 [pid 5381] close(4) = 0 [pid 5381] close(3) = 0 [pid 5381] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] mkdir("./file1", 000) = 0 [pid 5381] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5381] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] chdir("./bus") = 0 [pid 5381] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5380] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5382], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5382 [pid 5380] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = 1 [pid 5381] link("./file1", "./bus"./strace-static-x86_64: Process 5382 attached [pid 5382] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5382] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [ 59.509333][ T5381] loop0: detected capacity change from 0 to 264192 [pid 5382] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5382] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... link resumed>) = 0 [pid 5381] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] exit_group(0) = ? [pid 5381] <... futex resumed>) = ? [pid 5381] +++ exited with 0 +++ [pid 5382] <... futex resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5380, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./47/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./47/file1/file1") = 0 umount2("./47/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./47/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./47/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/bus/index") = 0 umount2("./47/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./47/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x555556b175e0, 24) = 0 [pid 5383] chdir("./48") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5383] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5384 attached , parent_tid=[5384], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5384 [pid 5383] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5384] mkdir("./bus", 000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... mkdir resumed>) = 0 [pid 5384] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5383] <... futex resumed>) = 1 [pid 5384] memfd_create("syzkaller", 0 [pid 5383] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5384] <... memfd_create resumed>) = 3 [pid 5384] ftruncate(3, 135266304) = 0 [pid 5384] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] mkdir("./file0", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] close(3) = 0 [pid 5384] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] mkdir("./file1", 000) = 0 [pid 5384] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5384] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] chdir("./bus") = 0 [pid 5384] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5383] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5385], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5385 [pid 5383] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5385 attached [pid 5385] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5385] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5384] <... futex resumed>) = 1 [pid 5385] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5385] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5385] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5384] link("./file1", "./bus") = 0 [ 59.654157][ T5384] loop0: detected capacity change from 0 to 264192 [pid 5384] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] exit_group(0 [pid 5385] <... futex resumed>) = ? [pid 5383] <... exit_group resumed>) = ? [pid 5385] +++ exited with 0 +++ [pid 5384] <... futex resumed>) = ? [pid 5384] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./48/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./48/file1/file1") = 0 umount2("./48/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./48/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./48/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/bus/index") = 0 umount2("./48/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./48/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5386 ./strace-static-x86_64: Process 5386 attached [pid 5386] set_robust_list(0x555556b175e0, 24) = 0 [pid 5386] chdir("./49") = 0 [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5386] setpgid(0, 0) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5386] write(3, "1000", 4) = 4 [pid 5386] close(3) = 0 [pid 5386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5386] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5386] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5387 attached , parent_tid=[5387], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5387 [pid 5387] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5387] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5386] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] mkdir("./bus", 000) = 0 [pid 5387] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5387] memfd_create("syzkaller", 0) = 3 [pid 5387] ftruncate(3, 135266304) = 0 [pid 5387] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5387] mkdir("./file0", 0777) = 0 [pid 5387] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5387] ioctl(4, LOOP_CLR_FD) = 0 [pid 5387] close(4) = 0 [pid 5387] close(3) = 0 [pid 5387] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5386] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] mkdir("./file1", 000 [pid 5386] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... mkdir resumed>) = 0 [pid 5387] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5387] <... futex resumed>) = 1 [pid 5386] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... mount resumed>) = 0 [pid 5387] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] chdir("./bus") = 0 [pid 5387] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5386] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5388 attached , parent_tid=[5388], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5388 [pid 5386] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5388] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5387] link("./file1", "./bus" [pid 5388] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5388] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5388] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] <... link resumed>) = 0 [pid 5387] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5386] <... exit_group resumed>) = ? [pid 5388] +++ exited with 0 +++ [ 59.788540][ T5387] loop0: detected capacity change from 0 to 264192 [pid 5387] <... futex resumed>) = ? [pid 5387] +++ exited with 0 +++ [pid 5386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5386, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./49/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./49/file1/file1") = 0 umount2("./49/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./49/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./49/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./49/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./49/bus/index") = 0 umount2("./49/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./49/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./49/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x555556b175e0, 24) = 0 [pid 5389] chdir("./50") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5389] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5390], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5390 [pid 5389] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5390 attached [pid 5390] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5390] mkdir("./bus", 000) = 0 [pid 5390] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5390] <... futex resumed>) = 1 [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] ftruncate(3, 135266304) = 0 [pid 5390] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] close(3) = 0 [pid 5390] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] mkdir("./file1", 000 [pid 5389] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... mkdir resumed>) = 0 [pid 5390] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5390] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] chdir("./bus" [pid 5389] <... futex resumed>) = 0 [pid 5390] <... chdir resumed>) = 0 [pid 5390] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] link("./file1", "./bus" [pid 5389] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5389] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5391], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5391 [pid 5389] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5391 attached [pid 5391] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5391] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5391] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5391] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] <... link resumed>) = 0 [pid 5390] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.925735][ T5390] loop0: detected capacity change from 0 to 264192 [pid 5390] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] exit_group(0 [pid 5391] <... futex resumed>) = ? [pid 5389] <... exit_group resumed>) = ? [pid 5391] +++ exited with 0 +++ [pid 5390] <... futex resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./50/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./50/file1/file1") = 0 umount2("./50/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./50/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./50/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./50/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./50/bus/index") = 0 umount2("./50/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./50/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./50/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5392 ./strace-static-x86_64: Process 5392 attached [pid 5392] set_robust_list(0x555556b175e0, 24) = 0 [pid 5392] chdir("./51") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5392] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5393], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5393 ./strace-static-x86_64: Process 5393 attached [pid 5393] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5393] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5393] mkdir("./bus", 000 [pid 5392] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... mkdir resumed>) = 0 [pid 5393] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] <... futex resumed>) = 0 [pid 5393] memfd_create("syzkaller", 0 [pid 5392] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5393] <... memfd_create resumed>) = 3 [pid 5393] ftruncate(3, 135266304) = 0 [pid 5393] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5393] mkdir("./file0", 0777) = 0 [pid 5393] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5393] ioctl(4, LOOP_CLR_FD) = 0 [pid 5393] close(4) = 0 [pid 5393] close(3) = 0 [pid 5393] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] <... futex resumed>) = 0 [pid 5393] mkdir("./file1", 000 [pid 5392] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... mkdir resumed>) = 0 [pid 5393] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5393] <... futex resumed>) = 1 [pid 5393] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5392] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... mount resumed>) = 0 [pid 5393] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] chdir("./bus" [pid 5392] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... chdir resumed>) = 0 [pid 5393] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] <... futex resumed>) = 0 [pid 5393] link("./file1", "./bus" [pid 5392] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5392] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5393] <... link resumed>) = 0 ./strace-static-x86_64: Process 5394 attached [pid 5393] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... clone resumed>, parent_tid=[5394], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5394 [pid 5394] set_robust_list(0x7f9f27adf9e0, 24 [pid 5393] <... futex resumed>) = 0 [pid 5392] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] <... set_robust_list resumed>) = 0 [pid 5393] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] <... futex resumed>) = 0 [pid 5394] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5392] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] <... open resumed>) = 3 [pid 5394] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5394] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] exit_group(0 [pid 5394] <... futex resumed>) = ? [pid 5393] <... futex resumed>) = ? [pid 5392] <... exit_group resumed>) = ? [pid 5393] +++ exited with 0 +++ [pid 5394] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5392, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 60.061474][ T5393] loop0: detected capacity change from 0 to 264192 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./51/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./51/file1/file1") = 0 umount2("./51/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./51/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./51/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./51/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./51/bus/index") = 0 umount2("./51/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./51/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./51/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5395 ./strace-static-x86_64: Process 5395 attached [pid 5395] set_robust_list(0x555556b175e0, 24) = 0 [pid 5395] chdir("./52") = 0 [pid 5395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5395] setpgid(0, 0) = 0 [pid 5395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5395] write(3, "1000", 4) = 4 [pid 5395] close(3) = 0 [pid 5395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5395] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5395] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5396 attached [pid 5396] set_robust_list(0x7f9f27b009e0, 24 [pid 5395] <... clone resumed>, parent_tid=[5396], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5396 [pid 5396] <... set_robust_list resumed>) = 0 [pid 5395] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] mkdir("./bus", 000 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... mkdir resumed>) = 0 [pid 5396] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] ftruncate(3, 135266304) = 0 [pid 5396] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] mkdir("./file0", 0777) = 0 [pid 5396] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5396] ioctl(4, LOOP_CLR_FD) = 0 [pid 5396] close(4) = 0 [pid 5396] close(3) = 0 [pid 5396] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... futex resumed>) = 0 [pid 5396] mkdir("./file1", 000) = 0 [pid 5396] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... mount resumed>) = 0 [pid 5396] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] chdir("./bus") = 0 [pid 5396] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5396] link("./file1", "./bus" [pid 5395] <... mmap resumed>) = 0x7f9f27abf000 [pid 5395] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5397], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5397 [pid 5395] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5397 attached [pid 5397] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5397] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5396] <... link resumed>) = 0 [pid 5396] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... open resumed>) = 3 [pid 5397] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5397] <... futex resumed>) = 1 [pid 5395] exit_group(0 [pid 5396] <... futex resumed>) = ? [pid 5395] <... exit_group resumed>) = ? [pid 5396] +++ exited with 0 +++ [pid 5397] +++ exited with 0 +++ [pid 5395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5395, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 60.199029][ T5396] loop0: detected capacity change from 0 to 264192 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./52/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./52/file1/file1") = 0 umount2("./52/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./52/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./52/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./52/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./52/bus/index") = 0 umount2("./52/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./52/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./52/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5398 ./strace-static-x86_64: Process 5398 attached [pid 5398] set_robust_list(0x555556b175e0, 24) = 0 [pid 5398] chdir("./53") = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5398] setpgid(0, 0) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5398] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5399 attached , parent_tid=[5399], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5399 [pid 5398] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5399] mkdir("./bus", 000) = 0 [pid 5399] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5399] memfd_create("syzkaller", 0) = 3 [pid 5399] ftruncate(3, 135266304) = 0 [pid 5399] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] mkdir("./file0", 0777) = 0 [pid 5399] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5399] ioctl(4, LOOP_CLR_FD) = 0 [pid 5399] close(4) = 0 [pid 5399] close(3) = 0 [pid 5399] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] mkdir("./file1", 000) = 0 [pid 5399] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5399] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] chdir("./bus") = 0 [pid 5399] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5398] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5400], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5400 [pid 5398] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] link("./file1", "./bus"./strace-static-x86_64: Process 5400 attached [pid 5400] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5400] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5400] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5400] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... link resumed>) = 0 [pid 5399] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] exit_group(0) = ? [pid 5400] <... futex resumed>) = ? [pid 5400] +++ exited with 0 +++ [pid 5399] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5398, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./53/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./53/file1/file1") = 0 umount2("./53/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./53/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 [ 60.339059][ T5399] loop0: detected capacity change from 0 to 264192 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./53/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./53/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./53/bus/index") = 0 umount2("./53/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./53/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./53/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5401 ./strace-static-x86_64: Process 5401 attached [pid 5401] set_robust_list(0x555556b175e0, 24) = 0 [pid 5401] chdir("./54") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5401] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5402 attached [pid 5402] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5402] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... clone resumed>, parent_tid=[5402], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5402 [pid 5401] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 0 [pid 5402] mkdir("./bus", 000) = 0 [pid 5402] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5402] memfd_create("syzkaller", 0) = 3 [pid 5402] ftruncate(3, 135266304) = 0 [pid 5402] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] mkdir("./file0", 0777) = 0 [pid 5402] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5402] ioctl(4, LOOP_CLR_FD) = 0 [pid 5402] close(4) = 0 [pid 5402] close(3) = 0 [pid 5402] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] mkdir("./file1", 000) = 0 [pid 5402] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5402] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] chdir("./bus") = 0 [pid 5402] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5401] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5403], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5403 ./strace-static-x86_64: Process 5403 attached [pid 5403] set_robust_list(0x7f9f27adf9e0, 24 [pid 5401] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... set_robust_list resumed>) = 0 [pid 5401] <... futex resumed>) = 0 [pid 5403] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5401] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] link("./file1", "./bus" [pid 5403] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5403] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5403] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] <... link resumed>) = 0 [pid 5402] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] exit_group(0 [pid 5403] <... futex resumed>) = ? [pid 5401] <... exit_group resumed>) = ? [pid 5403] +++ exited with 0 +++ [pid 5402] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 60.450952][ T5402] loop0: detected capacity change from 0 to 264192 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./54/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./54/file1/file1") = 0 umount2("./54/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./54/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./54/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./54/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./54/bus/index") = 0 umount2("./54/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./54/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./54/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5404 ./strace-static-x86_64: Process 5404 attached [pid 5404] set_robust_list(0x555556b175e0, 24) = 0 [pid 5404] chdir("./55") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5404] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5404] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5405], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5405 [pid 5404] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5405 attached [pid 5405] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5405] mkdir("./bus", 000) = 0 [pid 5405] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] memfd_create("syzkaller", 0) = 3 [pid 5405] ftruncate(3, 135266304) = 0 [pid 5405] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5405] mkdir("./file0", 0777) = 0 [pid 5405] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5405] ioctl(4, LOOP_CLR_FD) = 0 [pid 5405] close(4) = 0 [pid 5405] close(3) = 0 [pid 5405] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] mkdir("./file1", 000) = 0 [pid 5405] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5405] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] chdir("./bus") = 0 [pid 5405] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5404] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5406], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5406 [pid 5404] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] link("./file1", "./bus"./strace-static-x86_64: Process 5406 attached [pid 5406] set_robust_list(0x7f9f27adf9e0, 24 [pid 5405] <... link resumed>) = 0 [pid 5405] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... set_robust_list resumed>) = 0 [pid 5406] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5406] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] exit_group(0) = ? [pid 5405] <... futex resumed>) = ? [pid 5405] +++ exited with 0 +++ [pid 5406] +++ exited with 0 +++ [pid 5404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5404, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./55/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./55/file1/file1") = 0 umount2("./55/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./55/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.578713][ T5405] loop0: detected capacity change from 0 to 264192 lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./55/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./55/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./55/bus/index") = 0 umount2("./55/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./55/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./55/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5407 ./strace-static-x86_64: Process 5407 attached [pid 5407] set_robust_list(0x555556b175e0, 24) = 0 [pid 5407] chdir("./56") = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5407] write(3, "1000", 4) = 4 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5407] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5407] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5408 attached , parent_tid=[5408], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5408 [pid 5408] set_robust_list(0x7f9f27b009e0, 24 [pid 5407] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... set_robust_list resumed>) = 0 [pid 5407] <... futex resumed>) = 0 [pid 5408] mkdir("./bus", 000 [pid 5407] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... mkdir resumed>) = 0 [pid 5408] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] memfd_create("syzkaller", 0 [pid 5407] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5408] <... memfd_create resumed>) = 3 [pid 5408] ftruncate(3, 135266304) = 0 [pid 5408] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5408] mkdir("./file0", 0777) = 0 [pid 5408] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5408] ioctl(4, LOOP_CLR_FD) = 0 [pid 5408] close(4) = 0 [pid 5408] close(3) = 0 [pid 5408] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 0 [pid 5408] mkdir("./file1", 000) = 0 [pid 5408] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 1 [pid 5408] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5408] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 1 [pid 5408] chdir("./bus") = 0 [pid 5408] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] link("./file1", "./bus" [pid 5407] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5407] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5408] <... link resumed>) = 0 [pid 5407] <... mprotect resumed>) = 0 [pid 5407] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5409 attached , parent_tid=[5409], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5409 [pid 5407] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5409] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [ 60.704588][ T5408] loop0: detected capacity change from 0 to 264192 [pid 5409] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] exit_group(0 [pid 5408] <... futex resumed>) = ? [pid 5407] <... exit_group resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5409] <... futex resumed>) = ? [pid 5409] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5407, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./56/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./56/file1/file1") = 0 umount2("./56/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./56/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./56/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./56/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./56/bus/index") = 0 umount2("./56/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./56/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./56/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x555556b175e0, 24) = 0 [pid 5410] chdir("./57") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5410] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x7f9f27b009e0, 24 [pid 5410] <... clone resumed>, parent_tid=[5411], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5411 [pid 5411] <... set_robust_list resumed>) = 0 [pid 5410] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] mkdir("./bus", 000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... mkdir resumed>) = 0 [pid 5411] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5411] memfd_create("syzkaller", 0) = 3 [pid 5411] ftruncate(3, 135266304) = 0 [pid 5411] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [pid 5411] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] close(3) = 0 [pid 5411] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] mkdir("./file1", 000) = 0 [pid 5411] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5411] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] chdir("./bus") = 0 [pid 5411] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5410] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5412], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5412 [pid 5410] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] link("./file1", "./bus"./strace-static-x86_64: Process 5412 attached [pid 5412] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5412] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5412] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5412] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] <... link resumed>) = 0 [pid 5411] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] exit_group(0 [pid 5412] <... futex resumed>) = ? [pid 5410] <... exit_group resumed>) = ? [pid 5412] +++ exited with 0 +++ [pid 5411] <... futex resumed>) = ? [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 [ 60.843265][ T5411] loop0: detected capacity change from 0 to 264192 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./57/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./57/file1/file1") = 0 umount2("./57/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./57/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./57/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./57/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./57/bus/index") = 0 umount2("./57/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./57/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./57/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5413 ./strace-static-x86_64: Process 5413 attached [pid 5413] set_robust_list(0x555556b175e0, 24) = 0 [pid 5413] chdir("./58") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5413] write(3, "1000", 4) = 4 [pid 5413] close(3) = 0 [pid 5413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5413] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5413] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5414], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5414 [pid 5413] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5414 attached [pid 5414] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5414] mkdir("./bus", 000) = 0 [pid 5414] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5414] <... futex resumed>) = 1 [pid 5414] memfd_create("syzkaller", 0) = 3 [pid 5414] ftruncate(3, 135266304) = 0 [pid 5414] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5414] mkdir("./file0", 0777) = 0 [pid 5414] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5414] ioctl(4, LOOP_CLR_FD) = 0 [pid 5414] close(4) = 0 [pid 5414] close(3) = 0 [pid 5414] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] mkdir("./file1", 000) = 0 [pid 5414] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5414] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] chdir("./bus") = 0 [pid 5414] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5413] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5415 attached [pid 5414] link("./file1", "./bus" [pid 5415] set_robust_list(0x7f9f27adf9e0, 24 [pid 5413] <... clone resumed>, parent_tid=[5415], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5415 [pid 5415] <... set_robust_list resumed>) = 0 [pid 5413] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5415] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5415] <... futex resumed>) = 1 [pid 5415] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5414] <... link resumed>) = 0 [pid 5414] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] exit_group(0) = ? [pid 5415] <... futex resumed>) = ? [pid 5415] +++ exited with 0 +++ [pid 5414] <... futex resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 60.959185][ T5414] loop0: detected capacity change from 0 to 264192 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./58/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./58/file1/file1") = 0 umount2("./58/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./58/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./58/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./58/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./58/bus/index") = 0 umount2("./58/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./58/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./58/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5416 ./strace-static-x86_64: Process 5416 attached [pid 5416] set_robust_list(0x555556b175e0, 24) = 0 [pid 5416] chdir("./59") = 0 [pid 5416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5416] setpgid(0, 0) = 0 [pid 5416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5416] write(3, "1000", 4) = 4 [pid 5416] close(3) = 0 [pid 5416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5416] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5416] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5416] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5417], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5417 [pid 5416] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5417 attached [pid 5417] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5417] mkdir("./bus", 000) = 0 [pid 5417] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5417] <... futex resumed>) = 1 [pid 5417] memfd_create("syzkaller", 0) = 3 [pid 5417] ftruncate(3, 135266304) = 0 [pid 5417] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5417] mkdir("./file0", 0777) = 0 [pid 5417] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5417] ioctl(4, LOOP_CLR_FD) = 0 [pid 5417] close(4) = 0 [pid 5417] close(3) = 0 [pid 5417] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5416] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] mkdir("./file1", 000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... mkdir resumed>) = 0 [pid 5417] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5416] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... mount resumed>) = 0 [pid 5417] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5417] chdir("./bus" [pid 5416] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... chdir resumed>) = 0 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... futex resumed>) = 0 [pid 5416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] link("./file1", "./bus" [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5416] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5416] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5418], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5418 [pid 5416] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5418 attached [pid 5417] <... link resumed>) = 0 [pid 5418] set_robust_list(0x7f9f27adf9e0, 24 [pid 5417] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5418] <... set_robust_list resumed>) = 0 [pid 5417] <... futex resumed>) = 0 [pid 5418] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5417] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5418] <... open resumed>) = 3 [pid 5418] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5418] <... futex resumed>) = 1 [pid 5416] exit_group(0 [pid 5417] <... futex resumed>) = ? [pid 5416] <... exit_group resumed>) = ? [pid 5417] +++ exited with 0 +++ [pid 5418] +++ exited with 0 +++ [pid 5416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5416, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./59/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./59/file1/file1") = 0 umount2("./59/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./59/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 61.092441][ T5417] loop0: detected capacity change from 0 to 264192 rmdir("./59/file1") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./59/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./59/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./59/bus/index") = 0 umount2("./59/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./59/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./59/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5419 ./strace-static-x86_64: Process 5419 attached [pid 5419] set_robust_list(0x555556b175e0, 24) = 0 [pid 5419] chdir("./60") = 0 [pid 5419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5419] setpgid(0, 0) = 0 [pid 5419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5419] write(3, "1000", 4) = 4 [pid 5419] close(3) = 0 [pid 5419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5419] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5419] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5420 attached , parent_tid=[5420], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5420 [pid 5419] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5420] mkdir("./bus", 000) = 0 [pid 5420] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5420] memfd_create("syzkaller", 0) = 3 [pid 5420] ftruncate(3, 135266304) = 0 [pid 5420] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5420] mkdir("./file0", 0777) = 0 [pid 5420] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5420] ioctl(4, LOOP_CLR_FD) = 0 [pid 5420] close(4) = 0 [pid 5420] close(3) = 0 [pid 5420] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5420] mkdir("./file1", 000) = 0 [pid 5419] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5420] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... futex resumed>) = 1 [pid 5420] chdir("./bus") = 0 [pid 5420] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5419] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5421], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5421 [pid 5419] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... futex resumed>) = 1 [pid 5420] link("./file1", "./bus"./strace-static-x86_64: Process 5421 attached [pid 5421] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5421] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5421] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5421] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] <... link resumed>) = 0 [pid 5420] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.224663][ T5420] loop0: detected capacity change from 0 to 264192 [pid 5420] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] exit_group(0 [pid 5421] <... futex resumed>) = ? [pid 5419] <... exit_group resumed>) = ? [pid 5421] +++ exited with 0 +++ [pid 5420] <... futex resumed>) = ? [pid 5420] +++ exited with 0 +++ [pid 5419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5419, si_uid=0, si_status=0, si_utime=2, si_stime=2} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./60/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./60/file1/file1") = 0 umount2("./60/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./60/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./60/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./60/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./60/bus/index") = 0 umount2("./60/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./60/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./60/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5422 ./strace-static-x86_64: Process 5422 attached [pid 5422] set_robust_list(0x555556b175e0, 24) = 0 [pid 5422] chdir("./61") = 0 [pid 5422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5422] setpgid(0, 0) = 0 [pid 5422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5422] write(3, "1000", 4) = 4 [pid 5422] close(3) = 0 [pid 5422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5422] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5422] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5423], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5423 [pid 5422] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5423 attached [pid 5423] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5423] mkdir("./bus", 000) = 0 [pid 5423] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] memfd_create("syzkaller", 0) = 3 [pid 5423] ftruncate(3, 135266304) = 0 [pid 5423] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5423] mkdir("./file0", 0777) = 0 [pid 5423] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5423] ioctl(4, LOOP_CLR_FD) = 0 [pid 5423] close(4) = 0 [pid 5423] close(3) = 0 [pid 5423] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] mkdir("./file1", 000) = 0 [pid 5423] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5423] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] chdir("./bus") = 0 [pid 5423] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5422] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5424 attached , parent_tid=[5424], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5424 [pid 5422] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] link("./file1", "./bus" [pid 5424] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5424] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5423] <... link resumed>) = 0 [pid 5423] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... open resumed>) = 3 [pid 5424] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5422] exit_group(0) = ? [pid 5424] +++ exited with 0 +++ [pid 5423] <... futex resumed>) = ? [pid 5423] +++ exited with 0 +++ [pid 5422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5422, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./61/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./61/file1/file1") = 0 umount2("./61/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 [ 61.343229][ T5423] loop0: detected capacity change from 0 to 264192 unlink("./61/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./61/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./61/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./61/bus/index") = 0 umount2("./61/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./61/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./61/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5425 ./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x555556b175e0, 24) = 0 [pid 5425] chdir("./62") = 0 [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5425] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5425] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5426], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5426 [pid 5425] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5426 attached [pid 5426] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5426] mkdir("./bus", 000) = 0 [pid 5426] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5426] <... futex resumed>) = 1 [pid 5426] memfd_create("syzkaller", 0) = 3 [pid 5426] ftruncate(3, 135266304) = 0 [pid 5426] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5426] mkdir("./file0", 0777) = 0 [pid 5426] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5426] ioctl(4, LOOP_CLR_FD) = 0 [pid 5426] close(4) = 0 [pid 5426] close(3) = 0 [pid 5426] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... futex resumed>) = 1 [pid 5426] mkdir("./file1", 000) = 0 [pid 5426] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... futex resumed>) = 1 [pid 5426] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5426] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5426] chdir("./bus" [pid 5425] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... chdir resumed>) = 0 [pid 5426] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5425] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5427], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5427 [pid 5426] link("./file1", "./bus" [pid 5425] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... link resumed>) = 0 ./strace-static-x86_64: Process 5427 attached [pid 5426] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] set_robust_list(0x7f9f27adf9e0, 24 [pid 5426] <... futex resumed>) = 0 [pid 5427] <... set_robust_list resumed>) = 0 [pid 5427] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5426] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... open resumed>) = 3 [pid 5427] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] exit_group(0) = ? [pid 5426] <... futex resumed>) = ? [pid 5427] <... futex resumed>) = ? [pid 5427] +++ exited with 0 +++ [pid 5426] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 [ 61.459287][ T5426] loop0: detected capacity change from 0 to 264192 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./62/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./62/file1/file1") = 0 umount2("./62/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./62/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./62/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./62/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./62/bus/index") = 0 umount2("./62/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./62/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./62/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5428 ./strace-static-x86_64: Process 5428 attached [pid 5428] set_robust_list(0x555556b175e0, 24) = 0 [pid 5428] chdir("./63") = 0 [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5428] setpgid(0, 0) = 0 [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5428] write(3, "1000", 4) = 4 [pid 5428] close(3) = 0 [pid 5428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5428] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5428] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5428] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5429 attached , parent_tid=[5429], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5429 [pid 5429] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5428] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] mkdir("./bus", 000 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... mkdir resumed>) = 0 [pid 5429] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5428] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] memfd_create("syzkaller", 0 [pid 5428] <... futex resumed>) = 0 [pid 5429] <... memfd_create resumed>) = 3 [pid 5428] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5429] ftruncate(3, 135266304) = 0 [pid 5429] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5429] mkdir("./file0", 0777) = 0 [pid 5429] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5429] ioctl(4, LOOP_CLR_FD) = 0 [pid 5429] close(4) = 0 [pid 5429] close(3) = 0 [pid 5429] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] mkdir("./file1", 000 [pid 5428] <... futex resumed>) = 0 [pid 5429] <... mkdir resumed>) = 0 [pid 5428] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... mount resumed>) = 0 [pid 5429] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5429] chdir("./bus" [pid 5428] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... chdir resumed>) = 0 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] <... futex resumed>) = 0 [pid 5428] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] link("./file1", "./bus" [pid 5428] <... futex resumed>) = 0 [pid 5428] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5428] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5428] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5430], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5430 [pid 5428] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5430 attached [pid 5430] set_robust_list(0x7f9f27adf9e0, 24 [pid 5429] <... link resumed>) = 0 [pid 5429] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5429] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5430] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5428] exit_group(0 [pid 5429] <... futex resumed>) = ? [pid 5428] <... exit_group resumed>) = ? [pid 5429] +++ exited with 0 +++ [pid 5430] <... futex resumed>) = ? [pid 5430] +++ exited with 0 +++ [pid 5428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5428, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 61.589532][ T5429] loop0: detected capacity change from 0 to 264192 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./63/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./63/file1/file1") = 0 umount2("./63/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./63/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./63/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./63/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./63/bus/index") = 0 umount2("./63/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./63/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./63/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x555556b175e0, 24) = 0 [pid 5431] chdir("./64") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5431] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5432], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5432 [pid 5431] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5432 attached [pid 5432] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5432] mkdir("./bus", 000) = 0 [pid 5432] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5432] memfd_create("syzkaller", 0 [pid 5431] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5432] <... memfd_create resumed>) = 3 [pid 5432] ftruncate(3, 135266304) = 0 [pid 5432] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] mkdir("./file0", 0777) = 0 [pid 5432] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] close(3) = 0 [pid 5432] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] mkdir("./file1", 000) = 0 [pid 5432] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5432] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] chdir("./bus") = 0 [pid 5432] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5431] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5432] <... futex resumed>) = 1 [pid 5431] <... mprotect resumed>) = 0 [pid 5431] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5432] link("./file1", "./bus" [pid 5431] <... clone resumed>, parent_tid=[5433], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5433 [pid 5431] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5433 attached [pid 5433] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5433] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5433] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5433] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... link resumed>) = 0 [ 61.730475][ T5432] loop0: detected capacity change from 0 to 264192 [pid 5432] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] exit_group(0 [pid 5432] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... exit_group resumed>) = ? [pid 5433] <... futex resumed>) = ? [pid 5432] <... futex resumed>) = ? [pid 5433] +++ exited with 0 +++ [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./64/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./64/file1/file1") = 0 umount2("./64/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./64/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./64/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./64/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./64/bus/index") = 0 umount2("./64/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./64/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./64/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5434 ./strace-static-x86_64: Process 5434 attached [pid 5434] set_robust_list(0x555556b175e0, 24) = 0 [pid 5434] chdir("./65") = 0 [pid 5434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5434] setpgid(0, 0) = 0 [pid 5434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5434] write(3, "1000", 4) = 4 [pid 5434] close(3) = 0 [pid 5434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5434] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5434] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5434] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5435 attached , parent_tid=[5435], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5435 [pid 5434] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5435] mkdir("./bus", 000) = 0 [pid 5435] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5435] memfd_create("syzkaller", 0) = 3 [pid 5435] ftruncate(3, 135266304) = 0 [pid 5435] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5435] mkdir("./file0", 0777) = 0 [pid 5435] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5435] ioctl(4, LOOP_CLR_FD) = 0 [pid 5435] close(4) = 0 [pid 5435] close(3) = 0 [pid 5435] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] mkdir("./file1", 000) = 0 [pid 5435] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5435] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] chdir("./bus") = 0 [pid 5435] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5435] <... futex resumed>) = 1 [pid 5434] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE [pid 5435] link("./file1", "./bus" [pid 5434] <... mprotect resumed>) = 0 [pid 5434] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5436 attached , parent_tid=[5436], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5436 [pid 5436] set_robust_list(0x7f9f27adf9e0, 24 [pid 5434] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... set_robust_list resumed>) = 0 [pid 5436] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5436] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5436] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... link resumed>) = 0 [pid 5435] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5434] exit_group(0 [pid 5436] <... futex resumed>) = ? [pid 5434] <... exit_group resumed>) = ? [pid 5436] +++ exited with 0 +++ [pid 5435] <... futex resumed>) = ? [pid 5435] +++ exited with 0 +++ [pid 5434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5434, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./65/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./65/file1/file1") = 0 umount2("./65/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./65/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 [ 61.866023][ T5435] loop0: detected capacity change from 0 to 264192 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./65/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./65/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./65/bus/index") = 0 umount2("./65/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./65/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./65/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5437 ./strace-static-x86_64: Process 5437 attached [pid 5437] set_robust_list(0x555556b175e0, 24) = 0 [pid 5437] chdir("./66") = 0 [pid 5437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5437] setpgid(0, 0) = 0 [pid 5437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5437] write(3, "1000", 4) = 4 [pid 5437] close(3) = 0 [pid 5437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5437] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5437] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5437] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5438], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5438 [pid 5437] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5438 attached [pid 5438] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5438] mkdir("./bus", 000) = 0 [pid 5438] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5438] memfd_create("syzkaller", 0) = 3 [pid 5438] ftruncate(3, 135266304) = 0 [pid 5438] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5438] mkdir("./file0", 0777) = 0 [pid 5438] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5438] ioctl(4, LOOP_CLR_FD) = 0 [pid 5438] close(4) = 0 [pid 5438] close(3) = 0 [pid 5438] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5438] mkdir("./file1", 000 [pid 5437] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... mkdir resumed>) = 0 [pid 5438] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5438] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] chdir("./bus") = 0 [pid 5438] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5437] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5437] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5439 attached [pid 5439] set_robust_list(0x7f9f27adf9e0, 24 [pid 5437] <... clone resumed>, parent_tid=[5439], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5439 [pid 5439] <... set_robust_list resumed>) = 0 [pid 5439] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5437] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5438] <... futex resumed>) = 1 [pid 5439] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5439] <... futex resumed>) = 1 [pid 5439] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] link("./file1", "./bus") = 0 [ 62.000550][ T5438] loop0: detected capacity change from 0 to 264192 [pid 5438] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] exit_group(0) = ? [pid 5439] <... futex resumed>) = ? [pid 5439] +++ exited with 0 +++ [pid 5438] <... futex resumed>) = ? [pid 5438] +++ exited with 0 +++ [pid 5437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5437, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./66/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./66/file1/file1") = 0 umount2("./66/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./66/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./66/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./66/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./66/bus/index") = 0 umount2("./66/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./66/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./66/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5440 ./strace-static-x86_64: Process 5440 attached [pid 5440] set_robust_list(0x555556b175e0, 24) = 0 [pid 5440] chdir("./67") = 0 [pid 5440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5440] setpgid(0, 0) = 0 [pid 5440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5440] write(3, "1000", 4) = 4 [pid 5440] close(3) = 0 [pid 5440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5440] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5440] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5440] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5441 attached , parent_tid=[5441], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5441 [pid 5440] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] mkdir("./bus", 000) = 0 [pid 5441] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5441] memfd_create("syzkaller", 0) = 3 [pid 5441] ftruncate(3, 135266304) = 0 [pid 5441] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5441] mkdir("./file0", 0777) = 0 [pid 5441] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5441] ioctl(4, LOOP_CLR_FD) = 0 [pid 5441] close(4) = 0 [pid 5441] close(3) = 0 [pid 5441] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] mkdir("./file1", 000) = 0 [pid 5441] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5441] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5441] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5440] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5440] <... futex resumed>) = 0 [pid 5441] chdir("./bus" [pid 5440] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... chdir resumed>) = 0 [pid 5441] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5441] link("./file1", "./bus" [pid 5440] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5440] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5440] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5442], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5442 [pid 5440] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5442 attached [pid 5442] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5442] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5442] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5442] <... futex resumed>) = 1 [pid 5442] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] <... link resumed>) = 0 [pid 5441] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] exit_group(0) = ? [pid 5441] +++ exited with 0 +++ [ 62.144487][ T5441] loop0: detected capacity change from 0 to 264192 [pid 5442] <... futex resumed>) = ? [pid 5442] +++ exited with 0 +++ [pid 5440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5440, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./67/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./67/file1/file1") = 0 umount2("./67/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./67/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./67/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./67/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./67/bus/index") = 0 umount2("./67/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./67/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./67/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5443 ./strace-static-x86_64: Process 5443 attached [pid 5443] set_robust_list(0x555556b175e0, 24) = 0 [pid 5443] chdir("./68") = 0 [pid 5443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5443] setpgid(0, 0) = 0 [pid 5443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5443] write(3, "1000", 4) = 4 [pid 5443] close(3) = 0 [pid 5443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5443] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5443] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5444 attached , parent_tid=[5444], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5444 [pid 5443] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5444] mkdir("./bus", 000) = 0 [pid 5444] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5444] memfd_create("syzkaller", 0) = 3 [pid 5444] ftruncate(3, 135266304) = 0 [pid 5444] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] mkdir("./file0", 0777) = 0 [pid 5444] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5444] ioctl(4, LOOP_CLR_FD) = 0 [pid 5444] close(4) = 0 [pid 5444] close(3) = 0 [pid 5444] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... futex resumed>) = 1 [pid 5444] mkdir("./file1", 000) = 0 [pid 5444] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... futex resumed>) = 1 [pid 5444] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5444] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... futex resumed>) = 1 [pid 5444] chdir("./bus") = 0 [pid 5444] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5443] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5445], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5445 [pid 5443] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... futex resumed>) = 1 [pid 5444] link("./file1", "./bus") = 0 [pid 5444] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5445 attached [pid 5445] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5445] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5445] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5443] exit_group(0) = ? [pid 5444] <... futex resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5445] <... futex resumed>) = ? [pid 5445] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5443, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 62.299274][ T5444] loop0: detected capacity change from 0 to 264192 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./68/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./68/file1/file1") = 0 umount2("./68/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./68/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./68/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./68/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./68/bus/index") = 0 umount2("./68/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./68/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./68/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5446 attached , child_tidptr=0x555556b175d0) = 5446 [pid 5446] set_robust_list(0x555556b175e0, 24) = 0 [pid 5446] chdir("./69") = 0 [pid 5446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5446] setpgid(0, 0) = 0 [pid 5446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5446] write(3, "1000", 4) = 4 [pid 5446] close(3) = 0 [pid 5446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5446] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5446] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5447 attached , parent_tid=[5447], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5447 [pid 5446] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5447] mkdir("./bus", 000) = 0 [pid 5447] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5447] memfd_create("syzkaller", 0) = 3 [pid 5447] ftruncate(3, 135266304) = 0 [pid 5447] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5447] mkdir("./file0", 0777) = 0 [pid 5447] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5447] ioctl(4, LOOP_CLR_FD) = 0 [pid 5447] close(4) = 0 [pid 5447] close(3) = 0 [pid 5447] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... futex resumed>) = 0 [pid 5446] <... futex resumed>) = 1 [pid 5447] mkdir("./file1", 000 [pid 5446] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... mkdir resumed>) = 0 [pid 5447] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5447] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5446] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... mount resumed>) = 0 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] chdir("./bus" [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... chdir resumed>) = 0 [pid 5447] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5447] link("./file1", "./bus" [pid 5446] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5446] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5448], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5448 [pid 5446] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5448] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5448] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5448] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] <... link resumed>) = 0 [pid 5447] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] exit_group(0) = ? [pid 5448] <... futex resumed>) = ? [pid 5448] +++ exited with 0 +++ [pid 5447] +++ exited with 0 +++ [pid 5446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5446, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 62.426939][ T5447] loop0: detected capacity change from 0 to 264192 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./69/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./69/file1/file1") = 0 umount2("./69/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./69/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./69/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./69/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./69/bus/index") = 0 umount2("./69/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./69/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./69/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5449 ./strace-static-x86_64: Process 5449 attached [pid 5449] set_robust_list(0x555556b175e0, 24) = 0 [pid 5449] chdir("./70") = 0 [pid 5449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5449] setpgid(0, 0) = 0 [pid 5449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5449] write(3, "1000", 4) = 4 [pid 5449] close(3) = 0 [pid 5449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5449] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5449] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5449] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5450], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5450 [pid 5449] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5450 attached [pid 5450] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5450] mkdir("./bus", 000) = 0 [pid 5450] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] memfd_create("syzkaller", 0) = 3 [pid 5450] ftruncate(3, 135266304) = 0 [pid 5450] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5450] mkdir("./file0", 0777) = 0 [pid 5450] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5450] ioctl(4, LOOP_CLR_FD) = 0 [pid 5450] close(4) = 0 [pid 5450] close(3) = 0 [pid 5450] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] mkdir("./file1", 000) = 0 [pid 5450] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5450] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] chdir("./bus") = 0 [pid 5450] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5449] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5449] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5451], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5451 [pid 5449] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 1 [pid 5450] link("./file1", "./bus"./strace-static-x86_64: Process 5451 attached [pid 5451] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5451] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5450] <... link resumed>) = 0 [pid 5450] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] <... open resumed>) = 3 [pid 5451] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5449] exit_group(0) = ? [pid 5451] +++ exited with 0 +++ [pid 5450] <... futex resumed>) = ? [pid 5450] +++ exited with 0 +++ [pid 5449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5449, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 62.542882][ T5450] loop0: detected capacity change from 0 to 264192 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./70/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./70/file1/file1") = 0 umount2("./70/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./70/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./70/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./70/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./70/bus/index") = 0 umount2("./70/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./70/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./70/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5452 attached , child_tidptr=0x555556b175d0) = 5452 [pid 5452] set_robust_list(0x555556b175e0, 24) = 0 [pid 5452] chdir("./71") = 0 [pid 5452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5452] setpgid(0, 0) = 0 [pid 5452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5452] write(3, "1000", 4) = 4 [pid 5452] close(3) = 0 [pid 5452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5452] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5452] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5452] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5453], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5453 [pid 5452] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5453 attached [pid 5453] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5453] mkdir("./bus", 000) = 0 [pid 5453] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5453] <... futex resumed>) = 1 [pid 5453] memfd_create("syzkaller", 0) = 3 [pid 5453] ftruncate(3, 135266304) = 0 [pid 5453] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5453] mkdir("./file0", 0777) = 0 [pid 5453] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5453] ioctl(4, LOOP_CLR_FD) = 0 [pid 5453] close(4) = 0 [pid 5453] close(3) = 0 [pid 5453] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] mkdir("./file1", 000 [pid 5452] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] <... mkdir resumed>) = 0 [pid 5452] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... mount resumed>) = 0 [pid 5453] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5453] <... futex resumed>) = 1 [pid 5452] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] chdir("./bus" [pid 5452] <... futex resumed>) = 0 [pid 5453] <... chdir resumed>) = 0 [pid 5452] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5452] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] link("./file1", "./bus" [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5452] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5452] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5454], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5454 [pid 5452] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... link resumed>) = 0 ./strace-static-x86_64: Process 5454 attached [pid 5453] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 0 [pid 5454] set_robust_list(0x7f9f27adf9e0, 24 [pid 5453] <... futex resumed>) = 0 [pid 5452] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... set_robust_list resumed>) = 0 [pid 5453] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5454] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5454] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] exit_group(0 [pid 5454] <... futex resumed>) = ? [pid 5453] <... futex resumed>) = ? [pid 5452] <... exit_group resumed>) = ? [pid 5453] +++ exited with 0 +++ [pid 5454] +++ exited with 0 +++ [pid 5452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5452, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 62.673419][ T5453] loop0: detected capacity change from 0 to 264192 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./71/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./71/file1/file1") = 0 umount2("./71/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./71/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./71/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./71/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./71/bus/index") = 0 umount2("./71/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./71/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./71/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5455 ./strace-static-x86_64: Process 5455 attached [pid 5455] set_robust_list(0x555556b175e0, 24) = 0 [pid 5455] chdir("./72") = 0 [pid 5455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5455] setpgid(0, 0) = 0 [pid 5455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5455] write(3, "1000", 4) = 4 [pid 5455] close(3) = 0 [pid 5455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5455] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5455] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5455] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5456 attached [pid 5456] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5456] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] <... clone resumed>, parent_tid=[5456], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5456 [pid 5455] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5456] mkdir("./bus", 000 [pid 5455] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... mkdir resumed>) = 0 [pid 5456] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] <... futex resumed>) = 0 [pid 5455] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] <... futex resumed>) = 0 [pid 5456] memfd_create("syzkaller", 0) = 3 [pid 5455] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5456] ftruncate(3, 135266304) = 0 [pid 5456] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5456] mkdir("./file0", 0777) = 0 [pid 5456] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5456] ioctl(4, LOOP_CLR_FD) = 0 [pid 5456] close(4) = 0 [pid 5456] close(3) = 0 [pid 5456] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5456] mkdir("./file1", 000 [pid 5455] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... mkdir resumed>) = 0 [pid 5455] <... futex resumed>) = 0 [pid 5455] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5456] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5455] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... mount resumed>) = 0 [pid 5455] <... futex resumed>) = 0 [pid 5455] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5455] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] chdir("./bus" [pid 5455] <... futex resumed>) = 0 [pid 5456] <... chdir resumed>) = 0 [pid 5455] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5455] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] link("./file1", "./bus" [pid 5455] <... futex resumed>) = 0 [pid 5455] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5455] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] <... link resumed>) = 0 [pid 5455] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5456] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] <... clone resumed>, parent_tid=[5457], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5457 [pid 5456] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5457 attached ) = 0 [pid 5457] set_robust_list(0x7f9f27adf9e0, 24 [pid 5455] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... set_robust_list resumed>) = 0 [pid 5457] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5457] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5455] exit_group(0 [pid 5456] <... futex resumed>) = ? [pid 5455] <... exit_group resumed>) = ? [pid 5456] +++ exited with 0 +++ [ 62.815299][ T5456] loop0: detected capacity change from 0 to 264192 [pid 5457] +++ exited with 0 +++ [pid 5455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5455, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./72/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./72/file1/file1") = 0 umount2("./72/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./72/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./72/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./72/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./72/bus/index") = 0 umount2("./72/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./72/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./72/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5458 ./strace-static-x86_64: Process 5458 attached [pid 5458] set_robust_list(0x555556b175e0, 24) = 0 [pid 5458] chdir("./73") = 0 [pid 5458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5458] setpgid(0, 0) = 0 [pid 5458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5458] write(3, "1000", 4) = 4 [pid 5458] close(3) = 0 [pid 5458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5458] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5458] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5458] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5459], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5459 [pid 5458] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5459 attached [pid 5459] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5459] mkdir("./bus", 000) = 0 [pid 5459] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] <... futex resumed>) = 0 [pid 5459] memfd_create("syzkaller", 0 [pid 5458] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5459] <... memfd_create resumed>) = 3 [pid 5459] ftruncate(3, 135266304) = 0 [pid 5459] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5459] mkdir("./file0", 0777) = 0 [pid 5459] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5459] ioctl(4, LOOP_CLR_FD) = 0 [pid 5459] close(4) = 0 [pid 5459] close(3) = 0 [pid 5459] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... futex resumed>) = 0 [pid 5459] mkdir("./file1", 000) = 0 [pid 5459] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... futex resumed>) = 1 [pid 5459] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5459] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] <... futex resumed>) = 0 [pid 5459] chdir("./bus" [pid 5458] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... chdir resumed>) = 0 [pid 5459] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] <... futex resumed>) = 0 [pid 5459] link("./file1", "./bus" [pid 5458] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5458] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5458] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5460], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5460 [pid 5458] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5460 attached [pid 5459] <... link resumed>) = 0 [pid 5458] <... futex resumed>) = 0 [pid 5460] set_robust_list(0x7f9f27adf9e0, 24 [pid 5459] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5460] <... set_robust_list resumed>) = 0 [pid 5459] <... futex resumed>) = 0 [pid 5460] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5459] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... open resumed>) = 3 [pid 5460] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5460] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] exit_group(0 [pid 5460] <... futex resumed>) = ? [pid 5459] <... futex resumed>) = ? [pid 5458] <... exit_group resumed>) = ? [pid 5459] +++ exited with 0 +++ [pid 5460] +++ exited with 0 +++ [pid 5458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5458, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./73/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 [ 62.955671][ T5459] loop0: detected capacity change from 0 to 264192 unlink("./73/file1/file1") = 0 umount2("./73/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./73/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./73/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./73/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./73/bus/index") = 0 umount2("./73/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./73/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./73/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5461 ./strace-static-x86_64: Process 5461 attached [pid 5461] set_robust_list(0x555556b175e0, 24) = 0 [pid 5461] chdir("./74") = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5461] setpgid(0, 0) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] write(3, "1000", 4) = 4 [pid 5461] close(3) = 0 [pid 5461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5461] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5461] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5461] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5462 attached [pid 5462] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5461] <... clone resumed>, parent_tid=[5462], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5462 [pid 5462] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5461] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] mkdir("./bus", 000) = 0 [pid 5462] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] memfd_create("syzkaller", 0) = 3 [pid 5462] ftruncate(3, 135266304 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5462] <... ftruncate resumed>) = 0 [pid 5462] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5462] mkdir("./file0", 0777) = 0 [pid 5462] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5462] ioctl(4, LOOP_CLR_FD) = 0 [pid 5462] close(4) = 0 [pid 5462] close(3) = 0 [pid 5462] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] mkdir("./file1", 000) = 0 [pid 5462] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5462] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] chdir("./bus") = 0 [pid 5462] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5461] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5461] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5463 attached , parent_tid=[5463], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5463 [pid 5461] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] link("./file1", "./bus" [pid 5463] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5463] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5463] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5463] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] <... link resumed>) = 0 [pid 5462] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] exit_group(0 [pid 5463] <... futex resumed>) = ? [pid 5461] <... exit_group resumed>) = ? [pid 5463] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ [pid 5461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 63.094938][ T5462] loop0: detected capacity change from 0 to 264192 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./74/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./74/file1/file1") = 0 umount2("./74/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./74/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./74/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./74/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./74/bus/index") = 0 umount2("./74/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./74/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./74/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5464 ./strace-static-x86_64: Process 5464 attached [pid 5464] set_robust_list(0x555556b175e0, 24) = 0 [pid 5464] chdir("./75") = 0 [pid 5464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5464] setpgid(0, 0) = 0 [pid 5464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5464] write(3, "1000", 4) = 4 [pid 5464] close(3) = 0 [pid 5464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5464] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5464] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5464] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5465], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5465 ./strace-static-x86_64: Process 5465 attached [pid 5465] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5465] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 0 [pid 5465] mkdir("./bus", 000) = 0 [pid 5464] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5464] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 0 [pid 5465] memfd_create("syzkaller", 0) = 3 [pid 5465] ftruncate(3, 135266304) = 0 [pid 5465] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5464] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5465] mkdir("./file0", 0777) = 0 [pid 5465] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5465] ioctl(4, LOOP_CLR_FD) = 0 [pid 5465] close(4) = 0 [pid 5465] close(3) = 0 [pid 5465] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5465] mkdir("./file1", 000 [pid 5464] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... mkdir resumed>) = 0 [pid 5464] <... futex resumed>) = 0 [pid 5465] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 0 [pid 5464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5465] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5464] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... mount resumed>) = 0 [pid 5465] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [pid 5465] chdir("./bus") = 0 [pid 5465] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5465] link("./file1", "./bus" [pid 5464] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5464] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5464] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5466], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5466 [pid 5464] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... link resumed>) = 0 [pid 5465] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5466 attached [pid 5466] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5466] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = 3 [pid 5466] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] exit_group(0 [pid 5465] <... futex resumed>) = ? [pid 5464] <... exit_group resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5466] <... futex resumed>) = ? [pid 5466] +++ exited with 0 +++ [pid 5464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5464, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 [ 63.231333][ T5465] loop0: detected capacity change from 0 to 264192 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./75/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./75/file1/file1") = 0 umount2("./75/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./75/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./75/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./75/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./75/bus/index") = 0 umount2("./75/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./75/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./75/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5467 ./strace-static-x86_64: Process 5467 attached [pid 5467] set_robust_list(0x555556b175e0, 24) = 0 [pid 5467] chdir("./76") = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5467] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5467] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5467] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5468 attached , parent_tid=[5468], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5468 [pid 5468] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5468] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5467] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] mkdir("./bus", 000) = 0 [pid 5468] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5468] <... futex resumed>) = 0 [pid 5468] memfd_create("syzkaller", 0) = 3 [pid 5468] ftruncate(3, 135266304) = 0 [pid 5468] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5468] mkdir("./file0", 0777) = 0 [pid 5468] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5468] ioctl(4, LOOP_CLR_FD) = 0 [pid 5468] close(4) = 0 [pid 5468] close(3) = 0 [pid 5468] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 1 [pid 5468] mkdir("./file1", 000) = 0 [pid 5468] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 1 [pid 5468] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5468] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 1 [pid 5468] chdir("./bus") = 0 [pid 5468] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5467] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5467] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5469], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5469 [pid 5467] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 1 [pid 5468] link("./file1", "./bus"./strace-static-x86_64: Process 5469 attached [pid 5469] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5469] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5469] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... link resumed>) = 0 [pid 5468] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... futex resumed>) = 0 [pid 5467] exit_group(0) = ? [pid 5468] <... futex resumed>) = ? [pid 5469] <... futex resumed>) = ? [pid 5469] +++ exited with 0 +++ [pid 5468] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./76/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./76/file1/file1") = 0 umount2("./76/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./76/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 63.366581][ T5468] loop0: detected capacity change from 0 to 264192 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./76/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./76/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./76/bus/index") = 0 umount2("./76/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./76/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./76/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5470 ./strace-static-x86_64: Process 5470 attached [pid 5470] set_robust_list(0x555556b175e0, 24) = 0 [pid 5470] chdir("./77") = 0 [pid 5470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5470] setpgid(0, 0) = 0 [pid 5470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5470] write(3, "1000", 4) = 4 [pid 5470] close(3) = 0 [pid 5470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5470] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5470] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5471 attached [pid 5471] set_robust_list(0x7f9f27b009e0, 24 [pid 5470] <... clone resumed>, parent_tid=[5471], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5471 [pid 5471] <... set_robust_list resumed>) = 0 [pid 5470] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] mkdir("./bus", 000 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... mkdir resumed>) = 0 [pid 5471] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5471] <... futex resumed>) = 1 [pid 5471] memfd_create("syzkaller", 0) = 3 [pid 5471] ftruncate(3, 135266304) = 0 [pid 5471] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5471] mkdir("./file0", 0777) = 0 [pid 5471] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5471] ioctl(4, LOOP_CLR_FD) = 0 [pid 5471] close(4) = 0 [pid 5471] close(3) = 0 [pid 5471] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] mkdir("./file1", 000 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... mkdir resumed>) = 0 [pid 5471] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5471] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5470] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... mount resumed>) = 0 [pid 5471] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] chdir("./bus") = 0 [pid 5471] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5470] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5472], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5472 [pid 5470] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] link("./file1", "./bus"./strace-static-x86_64: Process 5472 attached [pid 5472] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5471] <... link resumed>) = 0 [pid 5472] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5471] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5472] <... open resumed>) = 3 [pid 5472] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5472] <... futex resumed>) = 1 [pid 5470] exit_group(0) = ? [pid 5472] +++ exited with 0 +++ [pid 5471] <... futex resumed>) = ? [ 63.478051][ T5471] loop0: detected capacity change from 0 to 264192 [pid 5471] +++ exited with 0 +++ [pid 5470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5470, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./77/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./77/file1/file1") = 0 umount2("./77/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./77/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./77/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./77/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./77/bus/index") = 0 umount2("./77/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./77/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./77/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5473 ./strace-static-x86_64: Process 5473 attached [pid 5473] set_robust_list(0x555556b175e0, 24) = 0 [pid 5473] chdir("./78") = 0 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5473] setpgid(0, 0) = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3) = 0 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5473] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5473] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5474 attached , parent_tid=[5474], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5474 [pid 5474] set_robust_list(0x7f9f27b009e0, 24 [pid 5473] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... set_robust_list resumed>) = 0 [pid 5473] <... futex resumed>) = 0 [pid 5474] mkdir("./bus", 000 [pid 5473] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... mkdir resumed>) = 0 [pid 5474] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5474] memfd_create("syzkaller", 0) = 3 [pid 5474] ftruncate(3, 135266304) = 0 [pid 5474] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5474] mkdir("./file0", 0777) = 0 [pid 5474] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5474] ioctl(4, LOOP_CLR_FD) = 0 [pid 5474] close(4) = 0 [pid 5474] close(3) = 0 [pid 5474] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5474] mkdir("./file1", 000 [pid 5473] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... mkdir resumed>) = 0 [pid 5474] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5473] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... mount resumed>) = 0 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] chdir("./bus") = 0 [pid 5474] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] <... futex resumed>) = 0 [pid 5474] link("./file1", "./bus" [pid 5473] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5473] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5475 attached [pid 5475] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5475] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... link resumed>) = 0 [pid 5473] <... clone resumed>, parent_tid=[5475], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5475 [pid 5474] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5475] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5474] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... open resumed>) = 3 [pid 5475] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = 0 [pid 5473] exit_group(0) = ? [pid 5474] <... futex resumed>) = ? [pid 5475] <... futex resumed>) = ? [pid 5475] +++ exited with 0 +++ [pid 5474] +++ exited with 0 +++ [pid 5473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 63.617857][ T5474] loop0: detected capacity change from 0 to 264192 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./78/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./78/file1/file1") = 0 umount2("./78/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./78/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./78/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./78/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./78/bus/index") = 0 umount2("./78/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./78/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./78/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5476 ./strace-static-x86_64: Process 5476 attached [pid 5476] set_robust_list(0x555556b175e0, 24) = 0 [pid 5476] chdir("./79") = 0 [pid 5476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5476] setpgid(0, 0) = 0 [pid 5476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5476] write(3, "1000", 4) = 4 [pid 5476] close(3) = 0 [pid 5476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5476] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5476] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5476] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5477 attached [pid 5477] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5477] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] <... clone resumed>, parent_tid=[5477], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5477 [pid 5476] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5477] mkdir("./bus", 000 [pid 5476] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... mkdir resumed>) = 0 [pid 5477] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5477] <... futex resumed>) = 0 [pid 5477] memfd_create("syzkaller", 0 [pid 5476] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5477] <... memfd_create resumed>) = 3 [pid 5477] ftruncate(3, 135266304) = 0 [pid 5477] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5477] mkdir("./file0", 0777) = 0 [pid 5477] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5477] ioctl(4, LOOP_CLR_FD) = 0 [pid 5477] close(4) = 0 [pid 5477] close(3) = 0 [pid 5477] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... futex resumed>) = 1 [pid 5477] mkdir("./file1", 000) = 0 [pid 5477] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... futex resumed>) = 1 [pid 5477] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5477] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... futex resumed>) = 1 [pid 5477] chdir("./bus") = 0 [pid 5477] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5476] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5476] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5478], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5478 [pid 5476] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... futex resumed>) = 1 [pid 5477] link("./file1", "./bus"./strace-static-x86_64: Process 5478 attached [pid 5478] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5478] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5478] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5478] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... link resumed>) = 0 [pid 5477] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] exit_group(0 [pid 5478] <... futex resumed>) = ? [pid 5476] <... exit_group resumed>) = ? [pid 5478] +++ exited with 0 +++ [pid 5477] <... futex resumed>) = ? [pid 5477] +++ exited with 0 +++ [pid 5476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5476, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 63.745829][ T5477] loop0: detected capacity change from 0 to 264192 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./79/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./79/file1/file1") = 0 umount2("./79/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./79/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./79/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./79/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./79/bus/index") = 0 umount2("./79/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./79/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./79/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5479 ./strace-static-x86_64: Process 5479 attached [pid 5479] set_robust_list(0x555556b175e0, 24) = 0 [pid 5479] chdir("./80") = 0 [pid 5479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5479] setpgid(0, 0) = 0 [pid 5479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5479] write(3, "1000", 4) = 4 [pid 5479] close(3) = 0 [pid 5479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5479] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5479] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5479] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5480 attached [pid 5480] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5480] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] <... clone resumed>, parent_tid=[5480], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5480 [pid 5479] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5480] mkdir("./bus", 000 [pid 5479] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... mkdir resumed>) = 0 [pid 5480] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5480] memfd_create("syzkaller", 0) = 3 [pid 5480] ftruncate(3, 135266304) = 0 [pid 5480] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5480] mkdir("./file0", 0777) = 0 [pid 5480] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5480] ioctl(4, LOOP_CLR_FD) = 0 [pid 5480] close(4) = 0 [pid 5480] close(3) = 0 [pid 5480] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... futex resumed>) = 1 [pid 5480] mkdir("./file1", 000) = 0 [pid 5480] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... futex resumed>) = 1 [pid 5480] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5480] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] chdir("./bus") = 0 [pid 5480] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5479] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5479] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5480] link("./file1", "./bus" [pid 5479] <... clone resumed>, parent_tid=[5481], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5481 [pid 5479] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5481 attached [pid 5481] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5481] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC) = -1 ENOENT (No such file or directory) [pid 5481] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5481] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] <... link resumed>) = 0 [ 63.888867][ T5480] loop0: detected capacity change from 0 to 264192 [pid 5480] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] exit_group(0 [pid 5481] <... futex resumed>) = ? [pid 5479] <... exit_group resumed>) = ? [pid 5481] +++ exited with 0 +++ [pid 5480] <... futex resumed>) = ? [pid 5480] +++ exited with 0 +++ [pid 5479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5479, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./80/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./80/file1/file1") = 0 umount2("./80/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file1/bus", {st_mode=S_IFREG|0755, st_size=10, ...}) = 0 unlink("./80/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./80/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./80/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./80/bus/index") = 0 umount2("./80/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./80/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./80/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5482 ./strace-static-x86_64: Process 5482 attached [pid 5482] set_robust_list(0x555556b175e0, 24) = 0 [pid 5482] chdir("./81") = 0 [pid 5482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5482] setpgid(0, 0) = 0 [pid 5482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5482] write(3, "1000", 4) = 4 [pid 5482] close(3) = 0 [pid 5482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5482] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5482] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5482] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5483 attached , parent_tid=[5483], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5483 [pid 5483] set_robust_list(0x7f9f27b009e0, 24) = 0 [pid 5483] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5482] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] mkdir("./bus", 000) = 0 [pid 5483] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5482] <... futex resumed>) = 0 [pid 5483] memfd_create("syzkaller", 0 [pid 5482] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5483] <... memfd_create resumed>) = 3 [pid 5483] ftruncate(3, 135266304) = 0 [pid 5483] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5483] mkdir("./file0", 0777) = 0 [pid 5483] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5483] ioctl(4, LOOP_CLR_FD) = 0 [pid 5483] close(4) = 0 [pid 5483] close(3) = 0 [pid 5483] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] mkdir("./file1", 000 [pid 5482] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... mkdir resumed>) = 0 [pid 5483] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on" [pid 5482] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... mount resumed>) = 0 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... futex resumed>) = 1 [pid 5483] chdir("./bus") = 0 [pid 5483] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] link("./file1", "./bus" [pid 5482] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5482] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5482] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5484], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5484 [pid 5482] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5484 attached [pid 5483] <... link resumed>) = 0 [pid 5484] set_robust_list(0x7f9f27adf9e0, 24 [pid 5483] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... set_robust_list resumed>) = 0 [pid 5483] <... futex resumed>) = 0 [pid 5484] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5483] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] <... open resumed>) = 3 [pid 5484] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5484] futex(0x7f9f27bd84b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] exit_group(0 [pid 5484] <... futex resumed>) = ? [pid 5483] <... futex resumed>) = ? [pid 5482] <... exit_group resumed>) = ? [pid 5483] +++ exited with 0 +++ [pid 5484] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5482, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 64.034049][ T5483] loop0: detected capacity change from 0 to 264192 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b18620 /* 6 entries */, 32768) = 168 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file1", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./81/file1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file1/file1", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./81/file1/file1") = 0 umount2("./81/file1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file1/bus", {st_mode=S_IFREG|0755, st_size=0, ...}) = 0 unlink("./81/file1/bus") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/bus", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(4, 0x555556b20660 /* 4 entries */, 32768) = 104 umount2("./81/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/bus/index", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./81/bus/index", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus/index", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./81/bus/index") = 0 umount2("./81/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/bus/work", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 umount2("./81/bus/work", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus/work", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 getdents64(5, 0x555556b286a0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556b286a0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./81/bus/work") = 0 getdents64(4, 0x555556b20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 getdents64(3, 0x555556b18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b175d0) = 5485 ./strace-static-x86_64: Process 5485 attached [pid 5485] set_robust_list(0x555556b175e0, 24) = 0 [pid 5485] chdir("./82") = 0 [pid 5485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5485] setpgid(0, 0) = 0 [pid 5485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5485] write(3, "1000", 4) = 4 [pid 5485] close(3) = 0 [pid 5485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5485] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27ae0000 [pid 5485] mprotect(0x7f9f27ae1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5485] clone(child_stack=0x7f9f27b003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5486 attached [pid 5486] set_robust_list(0x7f9f27b009e0, 24 [pid 5485] <... clone resumed>, parent_tid=[5486], tls=0x7f9f27b00700, child_tidptr=0x7f9f27b009d0) = 5486 [pid 5486] <... set_robust_list resumed>) = 0 [pid 5485] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] mkdir("./bus", 000 [pid 5485] <... futex resumed>) = 0 [pid 5485] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] <... mkdir resumed>) = 0 [pid 5486] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] <... futex resumed>) = 0 [pid 5486] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5485] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 5486] memfd_create("syzkaller", 0) = 3 [pid 5486] ftruncate(3, 135266304) = 0 [pid 5486] pwrite64(3, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x02\x00\x04\x00\x00\x00\x26\x01\x00\x00\x00\x00\x00\x00\x06\x02\x00\x00\x00\x00\x00\x00\xb5\x01\x00\x00\x00\x00\x00\x00\xee\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3e\x01\x00\x00\x00\x00\x00\x00\x85\x01\x00\x00\x00\x00\x00\x00\xa3\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 512, 0) = 512 [pid 5486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5486] mkdir("./file0", 0777) = 0 [pid 5486] mount("/dev/loop0", "./file0", "squashfs", 0, "") = 0 [pid 5486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 5486] ioctl(4, LOOP_CLR_FD) = 0 [pid 5486] close(4) = 0 [pid 5486] close(3) = 0 [pid 5486] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] <... futex resumed>) = 0 [pid 5485] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] <... futex resumed>) = 0 [pid 5486] mkdir("./file1", 000) = 0 [pid 5486] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] <... futex resumed>) = 0 [pid 5485] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] mount(NULL, "./bus", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1,metacopy=on") = 0 [pid 5486] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] <... futex resumed>) = 0 [pid 5486] chdir("./bus" [pid 5485] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f9f27bd84ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] <... chdir resumed>) = 0 [pid 5486] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = 0 [pid 5485] futex(0x7f9f27bd84a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f9f27bd84bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9f27abf000 [pid 5485] mprotect(0x7f9f27ac0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5485] clone(child_stack=0x7f9f27adf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5487], tls=0x7f9f27adf700, child_tidptr=0x7f9f27adf9d0) = 5487 [pid 5485] futex(0x7f9f27bd84b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f9f27bd84bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] <... futex resumed>) = 1 [pid 5486] link("./file1", "./bus"./strace-static-x86_64: Process 5487 attached [pid 5487] set_robust_list(0x7f9f27adf9e0, 24) = 0 [pid 5487] open("./bus", O_RDONLY|O_NOCTTY|O_TRUNC [pid 5486] <... link resumed>) = 0 [pid 5486] futex(0x7f9f27bd84ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.157739][ T5486] loop0: detected capacity change from 0 to 264192 [ 64.204063][ T5487] general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN [ 64.215808][ T5487] KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] [ 64.224200][ T5487] CPU: 0 PID: 5487 Comm: syz-executor315 Not tainted 6.1.0-rc4-next-20221111-syzkaller #0 [ 64.234071][ T5487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 64.244109][ T5487] RIP: 0010:security_inode_getattr+0x46/0x140 [ 64.250188][ T5487] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b [ 64.269791][ T5487] RSP: 0018:ffffc900047c7538 EFLAGS: 00010202 [ 64.275852][ T5487] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 64.283809][ T5487] RDX: 000000000000000d RSI: ffffffff83c3eade RDI: 0000000000000068 [ 64.291764][ T5487] RBP: ffffc900047c7748 R08: 0000000000000005 R09: 0000000000000000 [ 64.299726][ T5487] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888073266178 [ 64.307706][ T5487] R13: ffffc900047c7748 R14: 00000000000007ff R15: 0000000000000000 [ 64.315674][ T5487] FS: 00007f9f27adf700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 64.324603][ T5487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.331183][ T5487] CR2: 00007f9f27adf718 CR3: 00000000261b3000 CR4: 00000000003506f0 [ 64.339154][ T5487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.347122][ T5487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.355088][ T5487] Call Trace: [ 64.358363][ T5487] [ 64.361290][ T5487] vfs_getattr+0x22/0x60 [ 64.365552][ T5487] ovl_copy_up_one+0x13a/0x2910 [ 64.370411][ T5487] ? lock_chain_count+0x20/0x20 [ 64.375267][ T5487] ? mark_lock.part.0+0xee/0x1910 [ 64.380303][ T5487] ? lock_chain_count+0x20/0x20 [ 64.385161][ T5487] ? find_held_lock+0x2d/0x110 [ 64.389938][ T5487] ? lock_chain_count+0x20/0x20 [ 64.394786][ T5487] ? debug_check_no_obj_freed+0x20c/0x420 [ 64.400523][ T5487] ? ovl_copy_up_metadata+0x890/0x890 [ 64.405893][ T5487] ? __lock_acquire+0x166e/0x56d0 [ 64.410919][ T5487] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 64.416917][ T5487] ? do_raw_spin_unlock+0x171/0x230 [ 64.422119][ T5487] ? dget_parent+0x14f/0x540 [ 64.426705][ T5487] ovl_copy_up_flags+0x150/0x1d0 [ 64.431642][ T5487] ovl_maybe_copy_up+0x140/0x190 [ 64.436575][ T5487] ovl_open+0xf1/0x2d0 [ 64.440637][ T5487] ? ovl_llseek+0x340/0x340 [ 64.445132][ T5487] ? fsnotify_perm.part.0+0x221/0x610 [ 64.450510][ T5487] do_dentry_open+0x6cc/0x13f0 [ 64.455272][ T5487] ? ovl_llseek+0x340/0x340 [ 64.459767][ T5487] ? may_open+0x1f6/0x420 [ 64.464093][ T5487] path_openat+0x1bbc/0x2a50 [ 64.468684][ T5487] ? path_lookupat+0x840/0x840 [ 64.473450][ T5487] do_filp_open+0x1b6/0x400 [ 64.477952][ T5487] ? may_open_dev+0xf0/0xf0 [ 64.482454][ T5487] ? find_held_lock+0x2d/0x110 [ 64.487223][ T5487] ? do_raw_spin_lock+0x120/0x2a0 [ 64.492246][ T5487] ? rwlock_bug.part.0+0x90/0x90 [ 64.497183][ T5487] ? _raw_spin_unlock+0x24/0x40 [ 64.502026][ T5487] ? alloc_fd+0x2d8/0x6d0 [ 64.506360][ T5487] do_sys_openat2+0x16d/0x4c0 [ 64.511040][ T5487] ? build_open_flags+0x6f0/0x6f0 [ 64.516067][ T5487] ? ptrace_notify+0xfa/0x140 [ 64.520741][ T5487] ? lock_downgrade+0x6e0/0x6e0 [ 64.525589][ T5487] __x64_sys_open+0x119/0x1c0 [ 64.530268][ T5487] ? do_sys_open+0x140/0x140 [ 64.534859][ T5487] ? _raw_spin_unlock_irq+0x2a/0x40 [ 64.540050][ T5487] ? ptrace_notify+0xfa/0x140 [ 64.544723][ T5487] do_syscall_64+0x35/0xb0 [ 64.549142][ T5487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.555045][ T5487] RIP: 0033:0x7f9f27b53b49 [ 64.559454][ T5487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.579053][ T5487] RSP: 002b:00007f9f27adf2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 64.587459][ T5487] RAX: ffffffffffffffda RBX: 00007f9f27bd84b0 RCX: 00007f9f27b53b49 [ 64.595423][ T5487] RDX: 0000000000000000 RSI: 0000000000000300 RDI: 0000000020000140 [pid 5486] futex(0x7f9f27bd84a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 64.603384][ T5487] RBP: 00007f9f27ba52ac R08: 00007f9f27adf700 R09: 0000000000000000 [ 64.611347][ T5487] R10: 00007f9f27adf700 R11: 0000000000000246 R12: 0031656c69662f2e [ 64.619313][ T5487] R13: 79706f636174656d R14: 0079616c7265766f R15: 00007f9f27bd84b8 [ 64.627282][ T5487] [ 64.630295][ T5487] Modules linked in: [ 64.636981][ T5487] ---[ end trace 0000000000000000 ]--- [ 64.642645][ T5487] RIP: 0010:security_inode_getattr+0x46/0x140 [ 64.648753][ T5487] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b [ 64.668731][ T5487] RSP: 0018:ffffc900047c7538 EFLAGS: 00010202 [ 64.674876][ T5487] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 64.682878][ T5487] RDX: 000000000000000d RSI: ffffffff83c3eade RDI: 0000000000000068 [ 64.690845][ T5487] RBP: ffffc900047c7748 R08: 0000000000000005 R09: 0000000000000000 [ 64.699011][ T5487] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888073266178 [ 64.707178][ T5487] R13: ffffc900047c7748 R14: 00000000000007ff R15: 0000000000000000 [ 64.715287][ T5487] FS: 00007f9f27adf700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 64.724366][ T5487] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.730942][ T5487] CR2: 00007f9f27b95220 CR3: 00000000261b3000 CR4: 00000000003506f0 [ 64.739156][ T5487] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.747278][ T5487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.755395][ T5487] Kernel panic - not syncing: Fatal exception [ 64.761616][ T5487] Kernel Offset: disabled [ 64.765931][ T5487] Rebooting in 86400 seconds..