./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor533814396 <...> Warning: Permanently added '10.128.0.12' (ED25519) to the list of known hosts. execve("./syz-executor533814396", ["./syz-executor533814396"], 0x7fff24a78f70 /* 10 vars */) = 0 brk(NULL) = 0x55555595f000 brk(0x55555595fd00) = 0x55555595fd00 arch_prctl(ARCH_SET_FS, 0x55555595f380) = 0 set_tid_address(0x55555595f650) = 5064 set_robust_list(0x55555595f660, 24) = 0 rseq(0x55555595fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor533814396", 4096) = 27 getrandom("\x3e\x07\xe0\x4c\x63\xdd\x18\x10", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555595fd00 brk(0x555555980d00) = 0x555555980d00 brk(0x555555981000) = 0x555555981000 mprotect(0x7fe7ef380000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.PVbgmB", 0700) = 0 chmod("./syzkaller.PVbgmB", 0777) = 0 chdir("./syzkaller.PVbgmB") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x55555595f650) = 5066 [pid 5066] set_robust_list(0x55555595f660, 24) = 0 [pid 5066] chdir("./0") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] memfd_create("syzkaller", 0) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5066] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./file1", 0777) = 0 [pid 5066] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./file1") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5066] creat("./file1", 010) = 4 [ 53.496790][ T5066] loop0: detected capacity change from 0 to 512 [ 53.506817][ T5066] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.523698][ T5066] EXT4-fs (loop0): 1 truncate cleaned up [ 53.529324][ T5066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5066] exit_group(0) = ? [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 53.610183][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x55555595f660, 24) = 0 [pid 5069] chdir("./1") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5069 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5069] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file1", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5069] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file1") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5069] creat("./file1", 010) = 4 [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 53.714572][ T5069] loop0: detected capacity change from 0 to 512 [ 53.729392][ T5069] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.744504][ T5069] EXT4-fs (loop0): 1 truncate cleaned up [ 53.750128][ T5069] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 53.821460][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5071 ./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x55555595f660, 24) = 0 [pid 5071] chdir("./2") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5071] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file1", 0777) = 0 [ 53.901851][ T5071] loop0: detected capacity change from 0 to 512 [ 53.921700][ T5071] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.936605][ T5071] EXT4-fs (loop0): 1 truncate cleaned up [pid 5071] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file1") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5071] creat("./file1", 010) = 4 [pid 5071] exit_group(0) = ? [ 53.942300][ T5071] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x55555595f650) = 5073 [ 54.017927][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5073] set_robust_list(0x55555595f660, 24) = 0 [pid 5073] chdir("./3") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5073] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file1", 0777) = 0 [pid 5073] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5073] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file1") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5073] creat("./file1", 010) = 4 [ 54.146755][ T5073] loop0: detected capacity change from 0 to 512 [ 54.161665][ T5073] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.176455][ T5073] EXT4-fs (loop0): 1 truncate cleaned up [ 54.182151][ T5073] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x55555595f660, 24) = 0 [ 54.240361][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5075] chdir("./4") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5075] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file1", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file1") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5075] creat("./file1", 010) = 4 [pid 5075] exit_group(0) = ? [ 54.343708][ T5075] loop0: detected capacity change from 0 to 512 [ 54.353444][ T5075] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.367682][ T5075] EXT4-fs (loop0): 1 truncate cleaned up [ 54.373471][ T5075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 [ 54.444387][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x55555595f660, 24) = 0 [pid 5077] chdir("./5" [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5077 [pid 5077] <... chdir resumed>) = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5077] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] mkdir("./file1", 0777) = 0 [pid 5077] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5077] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file1") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [ 54.563823][ T5077] loop0: detected capacity change from 0 to 512 [ 54.579060][ T5077] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.593993][ T5077] EXT4-fs (loop0): 1 truncate cleaned up [ 54.599621][ T5077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5077] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5077] creat("./file1", 010) = 4 [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 54.682570][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x55555595f660, 24) = 0 [pid 5079] chdir("./6") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5079] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file1", 0777) = 0 [ 54.802221][ T5079] loop0: detected capacity change from 0 to 512 [ 54.826767][ T5079] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.841266][ T5079] EXT4-fs (loop0): 1 truncate cleaned up [pid 5079] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5079] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file1") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5079] creat("./file1", 010) = 4 [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 54.846898][ T5079] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x55555595f660, 24) = 0 [pid 5081] chdir("./7") = 0 [ 54.965835][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5081 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5081] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file1", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5081] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file1") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5081] creat("./file1", 010) = 4 [ 55.066349][ T5081] loop0: detected capacity change from 0 to 512 [ 55.082548][ T5081] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.097030][ T5081] EXT4-fs (loop0): 1 truncate cleaned up [ 55.102709][ T5081] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 55.202008][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x55555595f660, 24) = 0 [pid 5083] chdir("./8") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5083 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5083] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file1", 0777) = 0 [pid 5083] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file1") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [ 55.358189][ T5083] loop0: detected capacity change from 0 to 512 [ 55.372417][ T5083] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.386659][ T5083] EXT4-fs (loop0): 1 truncate cleaned up [ 55.392343][ T5083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5083] creat("./file1", 010) = 4 [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 55.462313][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x55555595f660, 24) = 0 [pid 5085] chdir("./9") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5085 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5085] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file1", 0777) = 0 [ 55.577239][ T5085] loop0: detected capacity change from 0 to 512 [ 55.602126][ T5085] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.616800][ T5085] EXT4-fs (loop0): 1 truncate cleaned up [pid 5085] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5085] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file1") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5085] creat("./file1", 010) = 4 [pid 5085] exit_group(0) = ? [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 55.622484][ T5085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 [ 55.694250][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached , child_tidptr=0x55555595f650) = 5087 [pid 5087] set_robust_list(0x55555595f660, 24) = 0 [pid 5087] chdir("./10") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5087] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file1", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5087] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file1") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5087] creat("./file1", 010) = 4 [ 55.835559][ T5087] loop0: detected capacity change from 0 to 512 [ 55.850228][ T5087] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.864602][ T5087] EXT4-fs (loop0): 1 truncate cleaned up [ 55.870222][ T5087] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5087] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 55.950155][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x55555595f660, 24) = 0 [pid 5089] chdir("./11") = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5089 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5089] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./file1", 0777) = 0 [pid 5089] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file1") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [pid 5089] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5089] creat("./file1", 010) = 4 [ 56.038783][ T5089] loop0: detected capacity change from 0 to 512 [ 56.047798][ T5089] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.062633][ T5089] EXT4-fs (loop0): 1 truncate cleaned up [ 56.068257][ T5089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5089] exit_group(0) = ? [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 [ 56.132312][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x55555595f660, 24) = 0 [pid 5091] chdir("./12") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5091 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5091] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file1", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file1") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5091] creat("./file1", 010) = 4 [pid 5091] exit_group(0) = ? [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 56.259494][ T5091] loop0: detected capacity change from 0 to 512 [ 56.273818][ T5091] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.288221][ T5091] EXT4-fs (loop0): 1 truncate cleaned up [ 56.293975][ T5091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x55555595f660, 24) = 0 [pid 5093] chdir("./13") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [ 56.345911][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5093] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file1", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5093] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file1") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [ 56.425249][ T5093] loop0: detected capacity change from 0 to 512 [ 56.441590][ T5093] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.456707][ T5093] EXT4-fs (loop0): 1 truncate cleaned up [ 56.462425][ T5093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5093] close(4) = 0 [pid 5093] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5093] creat("./file1", 010) = 4 [pid 5093] exit_group(0) = ? [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 [ 56.591111][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x55555595f660, 24) = 0 [pid 5096] chdir("./14") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5096 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5096] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file1") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5096] creat("./file1", 010) = 4 [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 56.721364][ T5096] loop0: detected capacity change from 0 to 512 [ 56.734709][ T5096] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.749621][ T5096] EXT4-fs (loop0): 1 truncate cleaned up [ 56.755282][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 [ 56.857022][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x55555595f650) = 5099 [pid 5099] set_robust_list(0x55555595f660, 24) = 0 [pid 5099] chdir("./15") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5099] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file1", 0777) = 0 [pid 5099] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5099] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file1") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5099] creat("./file1", 010) = 4 [ 57.012826][ T5099] loop0: detected capacity change from 0 to 512 [ 57.027019][ T5099] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.042055][ T5099] EXT4-fs (loop0): 1 truncate cleaned up [ 57.047677][ T5099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5099] exit_group(0) = ? [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 57.148339][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached , child_tidptr=0x55555595f650) = 5101 [pid 5101] set_robust_list(0x55555595f660, 24) = 0 [pid 5101] chdir("./16") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5101] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file1", 0777) = 0 [ 57.256376][ T5101] loop0: detected capacity change from 0 to 512 [ 57.280436][ T5101] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.294807][ T5101] EXT4-fs (loop0): 1 truncate cleaned up [pid 5101] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5101] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file1") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5101] creat("./file1", 010) = 4 [pid 5101] exit_group(0) = ? [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 57.300433][ T5101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5103 ./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x55555595f660, 24) = 0 [pid 5103] chdir("./17") = 0 [ 57.361831][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5103] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file1", 0777) = 0 [pid 5103] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5103] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file1") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5103] creat("./file1", 010) = 4 [pid 5103] exit_group(0) = ? [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 57.501896][ T5103] loop0: detected capacity change from 0 to 512 [ 57.517790][ T5103] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.532367][ T5103] EXT4-fs (loop0): 1 truncate cleaned up [ 57.537993][ T5103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached [ 57.590536][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. , child_tidptr=0x55555595f650) = 5105 [pid 5105] set_robust_list(0x55555595f660, 24) = 0 [pid 5105] chdir("./18") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5105] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file1", 0777) = 0 [ 57.706675][ T5105] loop0: detected capacity change from 0 to 512 [ 57.725942][ T5105] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.740147][ T5105] EXT4-fs (loop0): 1 truncate cleaned up [pid 5105] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file1") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5105] creat("./file1", 010) = 4 [ 57.745900][ T5105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5105] exit_group(0) = ? [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 [ 57.807485][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached , child_tidptr=0x55555595f650) = 5107 [pid 5107] set_robust_list(0x55555595f660, 24) = 0 [pid 5107] chdir("./19") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] memfd_create("syzkaller", 0) = 3 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5107] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5107] close(3) = 0 [pid 5107] mkdir("./file1", 0777) = 0 [pid 5107] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5107] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5107] chdir("./file1") = 0 [pid 5107] ioctl(4, LOOP_CLR_FD) = 0 [pid 5107] close(4) = 0 [ 57.933355][ T5107] loop0: detected capacity change from 0 to 512 [ 57.948162][ T5107] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.962750][ T5107] EXT4-fs (loop0): 1 truncate cleaned up [ 57.968368][ T5107] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5107] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5107] creat("./file1", 010) = 4 [pid 5107] exit_group(0) = ? [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 58.044912][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached , child_tidptr=0x55555595f650) = 5109 [pid 5109] set_robust_list(0x55555595f660, 24) = 0 [pid 5109] chdir("./20") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5109] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file1", 0777) = 0 [pid 5109] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5109] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file1") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [ 58.198400][ T5109] loop0: detected capacity change from 0 to 512 [ 58.213681][ T5109] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.228419][ T5109] EXT4-fs (loop0): 1 truncate cleaned up [ 58.234087][ T5109] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5109] creat("./file1", 010) = 4 [pid 5109] exit_group(0) = ? [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 58.326101][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./20/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x55555595f650) = 5111 [pid 5111] set_robust_list(0x55555595f660, 24) = 0 [pid 5111] chdir("./21") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5111] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file1", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file1") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [ 58.457264][ T5111] loop0: detected capacity change from 0 to 512 [ 58.473207][ T5111] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.487496][ T5111] EXT4-fs (loop0): 1 truncate cleaned up [ 58.493262][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5111] close(4) = 0 [pid 5111] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5111] creat("./file1", 010) = 4 [pid 5111] exit_group(0) = ? [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x55555595f650) = 5113 [pid 5113] set_robust_list(0x55555595f660, 24) = 0 [pid 5113] chdir("./22") = 0 [ 58.593431][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] memfd_create("syzkaller", 0) = 3 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5113] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5113] close(3) = 0 [pid 5113] mkdir("./file1", 0777) = 0 [pid 5113] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5113] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5113] chdir("./file1") = 0 [ 58.678714][ T5113] loop0: detected capacity change from 0 to 512 [ 58.694487][ T5113] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.708787][ T5113] EXT4-fs (loop0): 1 truncate cleaned up [ 58.714470][ T5113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5113] ioctl(4, LOOP_CLR_FD) = 0 [pid 5113] close(4) = 0 [pid 5113] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5113] creat("./file1", 010) = 4 [pid 5113] exit_group(0) = ? [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x55555595f660, 24) = 0 [ 58.815230][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5115] chdir("./23") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5115 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5115] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./file1", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5115] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file1") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5115] creat("./file1", 010) = 4 [pid 5115] exit_group(0) = ? [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 58.896892][ T5115] loop0: detected capacity change from 0 to 512 [ 58.911587][ T5115] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.926203][ T5115] EXT4-fs (loop0): 1 truncate cleaned up [ 58.931982][ T5115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached , child_tidptr=0x55555595f650) = 5117 [pid 5117] set_robust_list(0x55555595f660, 24) = 0 [pid 5117] chdir("./24") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 58.985040][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5117] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file1", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5117] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file1") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [ 59.095320][ T5117] loop0: detected capacity change from 0 to 512 [ 59.110204][ T5117] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.124518][ T5117] EXT4-fs (loop0): 1 truncate cleaned up [ 59.130140][ T5117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5117] creat("./file1", 010) = 4 [pid 5117] exit_group(0) = ? [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x55555595f660, 24) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5119 [pid 5119] chdir("./25") = 0 [ 59.237857][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] memfd_create("syzkaller", 0) = 3 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5119] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5119] close(3) = 0 [pid 5119] mkdir("./file1", 0777) = 0 [pid 5119] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5119] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5119] chdir("./file1") = 0 [pid 5119] ioctl(4, LOOP_CLR_FD) = 0 [pid 5119] close(4) = 0 [ 59.336237][ T5119] loop0: detected capacity change from 0 to 512 [ 59.350802][ T5119] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.365505][ T5119] EXT4-fs (loop0): 1 truncate cleaned up [ 59.371230][ T5119] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5119] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5119] creat("./file1", 010) = 4 [pid 5119] exit_group(0) = ? [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 59.459943][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x55555595f660, 24) = 0 [pid 5122] chdir("./26") = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5122 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5122] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file1", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file1") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5122] creat("./file1", 010) = 4 [pid 5122] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 59.550246][ T5122] loop0: detected capacity change from 0 to 512 [ 59.564558][ T5122] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.578937][ T5122] EXT4-fs (loop0): 1 truncate cleaned up [ 59.584617][ T5122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached , child_tidptr=0x55555595f650) = 5124 [pid 5124] set_robust_list(0x55555595f660, 24) = 0 [pid 5124] chdir("./27") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [ 59.636437][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5124] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file1", 0777) = 0 [ 59.707579][ T5124] loop0: detected capacity change from 0 to 512 [ 59.733047][ T5124] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.747813][ T5124] EXT4-fs (loop0): 1 truncate cleaned up [pid 5124] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file1") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5124] creat("./file1", 010) = 4 [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 59.753485][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached , child_tidptr=0x55555595f650) = 5126 [pid 5126] set_robust_list(0x55555595f660, 24) = 0 [pid 5126] chdir("./28") = 0 [ 59.824777][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5126] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file1", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5126] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file1") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5126] creat("./file1", 010) = 4 [ 59.938209][ T5126] loop0: detected capacity change from 0 to 512 [ 59.946938][ T5126] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.961634][ T5126] EXT4-fs (loop0): 1 truncate cleaned up [ 59.967256][ T5126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5126] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 60.044171][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x55555595f660, 24) = 0 [pid 5128] chdir("./29") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5128 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] memfd_create("syzkaller", 0) = 3 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5128] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5128] close(3) = 0 [pid 5128] mkdir("./file1", 0777) = 0 [pid 5128] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5128] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5128] chdir("./file1") = 0 [pid 5128] ioctl(4, LOOP_CLR_FD) = 0 [pid 5128] close(4) = 0 [pid 5128] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5128] creat("./file1", 010) = 4 [ 60.183465][ T5128] loop0: detected capacity change from 0 to 512 [ 60.199409][ T5128] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.214445][ T5128] EXT4-fs (loop0): 1 truncate cleaned up [ 60.220074][ T5128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5128] exit_group(0) = ? [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 60.277275][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x55555595f650) = 5131 [pid 5131] set_robust_list(0x55555595f660, 24) = 0 [pid 5131] chdir("./30") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5131] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file1", 0777) = 0 [pid 5131] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] chdir("./file1") = 0 [pid 5131] ioctl(4, LOOP_CLR_FD) = 0 [pid 5131] close(4) = 0 [pid 5131] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5131] creat("./file1", 010) = 4 [ 60.397394][ T5131] loop0: detected capacity change from 0 to 512 [ 60.406303][ T5131] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.420931][ T5131] EXT4-fs (loop0): 1 truncate cleaned up [ 60.426565][ T5131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5131] exit_group(0) = ? [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 [ 60.508573][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x55555595f660, 24) = 0 [pid 5133] chdir("./31") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5133 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5133] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./file1", 0777) = 0 [ 60.659006][ T5133] loop0: detected capacity change from 0 to 512 [ 60.683925][ T5133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.698748][ T5133] EXT4-fs (loop0): 1 truncate cleaned up [pid 5133] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./file1") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5133] creat("./file1", 010) = 4 [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 60.704415][ T5133] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 60.786193][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./31/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x55555595f650) = 5135 [pid 5135] set_robust_list(0x55555595f660, 24) = 0 [pid 5135] chdir("./32") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5135] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file1", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file1") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5135] creat("./file1", 010) = 4 [pid 5135] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 [ 60.908367][ T5135] loop0: detected capacity change from 0 to 512 [ 60.932370][ T5135] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.946770][ T5135] EXT4-fs (loop0): 1 truncate cleaned up umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x55555595f660, 24) = 0 [pid 5137] chdir("./33") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5137 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5137] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] mkdir("./file1", 0777) = 0 [pid 5137] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file1") = 0 [pid 5137] ioctl(4, LOOP_CLR_FD) = 0 [pid 5137] close(4) = 0 [pid 5137] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5137] creat("./file1", 010) = 4 [pid 5137] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 61.125736][ T5137] loop0: detected capacity change from 0 to 512 [ 61.141434][ T5137] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.155696][ T5137] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached , child_tidptr=0x55555595f650) = 5139 [pid 5139] set_robust_list(0x55555595f660, 24) = 0 [pid 5139] chdir("./34") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5139] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./file1", 0777) = 0 [pid 5139] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./file1") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5139] creat("./file1", 010) = 4 [pid 5139] exit_group(0) = ? [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 61.382828][ T5139] loop0: detected capacity change from 0 to 512 [ 61.398037][ T5139] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.412637][ T5139] EXT4-fs (loop0): 1 truncate cleaned up unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x55555595f660, 24) = 0 [pid 5141] chdir("./35") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5141 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5141] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file1", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file1") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5141] creat("./file1", 010) = 4 [ 61.553223][ T5141] loop0: detected capacity change from 0 to 512 [ 61.567080][ T5141] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.581999][ T5141] EXT4-fs (loop0): 1 truncate cleaned up [pid 5141] exit_group(0) = ? [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x55555595f660, 24) = 0 [pid 5143] chdir("./36" [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5143 [pid 5143] <... chdir resumed>) = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5143] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file1", 0777) = 0 [pid 5143] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file1") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5143] creat("./file1", 010) = 4 [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 61.771208][ T5143] loop0: detected capacity change from 0 to 512 [ 61.786461][ T5143] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.800869][ T5143] EXT4-fs (loop0): 1 truncate cleaned up umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x55555595f660, 24) = 0 [pid 5145] chdir("./37" [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5145 [pid 5145] <... chdir resumed>) = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5145] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file1", 0777) = 0 [pid 5145] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file1") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5145] creat("./file1", 010) = 4 [pid 5145] exit_group(0) = ? [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 61.984238][ T5145] loop0: detected capacity change from 0 to 512 [ 61.998341][ T5145] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.013128][ T5145] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x55555595f650) = 5147 [pid 5147] set_robust_list(0x55555595f660, 24) = 0 [pid 5147] chdir("./38") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5147] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file1", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5147] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file1") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5147] creat("./file1", 010) = 4 [pid 5147] exit_group(0) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 62.204842][ T5147] loop0: detected capacity change from 0 to 512 [ 62.218925][ T5147] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.233405][ T5147] EXT4-fs (loop0): 1 truncate cleaned up getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x55555595f650) = 5149 [pid 5149] set_robust_list(0x55555595f660, 24) = 0 [pid 5149] chdir("./39") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5149] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./file1", 0777) = 0 [pid 5149] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./file1") = 0 [pid 5149] ioctl(4, LOOP_CLR_FD) = 0 [pid 5149] close(4) = 0 [pid 5149] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5149] creat("./file1", 010) = 4 [pid 5149] exit_group(0) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.394747][ T5149] loop0: detected capacity change from 0 to 512 [ 62.409565][ T5149] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.423968][ T5149] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x55555595f650) = 5151 [pid 5151] set_robust_list(0x55555595f660, 24) = 0 [pid 5151] chdir("./40") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5151] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./file1", 0777) = 0 [pid 5151] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file1") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5151] creat("./file1", 010) = 4 [pid 5151] exit_group(0) = ? [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 62.664270][ T5151] loop0: detected capacity change from 0 to 512 [ 62.680477][ T5151] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.694866][ T5151] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached , child_tidptr=0x55555595f650) = 5153 [pid 5153] set_robust_list(0x55555595f660, 24) = 0 [pid 5153] chdir("./41") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5153] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file1", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5153] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file1") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5153] creat("./file1", 010) = 4 [pid 5153] exit_group(0) = ? [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 62.902981][ T5153] loop0: detected capacity change from 0 to 512 [ 62.916077][ T5153] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.930642][ T5153] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached , child_tidptr=0x55555595f650) = 5156 [pid 5156] set_robust_list(0x55555595f660, 24) = 0 [pid 5156] chdir("./42") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5156] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file1", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5156] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file1") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5156] creat("./file1", 010) = 4 [pid 5156] exit_group(0) = ? [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 63.113965][ T5156] loop0: detected capacity change from 0 to 512 [ 63.129603][ T5156] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.143914][ T5156] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached , child_tidptr=0x55555595f650) = 5158 [pid 5158] set_robust_list(0x55555595f660, 24) = 0 [pid 5158] chdir("./43") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] memfd_create("syzkaller", 0) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5158] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] mkdir("./file1", 0777) = 0 [pid 5158] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5158] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./file1") = 0 [pid 5158] ioctl(4, LOOP_CLR_FD) = 0 [pid 5158] close(4) = 0 [pid 5158] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5158] creat("./file1", 010) = 4 [pid 5158] exit_group(0) = ? [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 63.339804][ T5158] loop0: detected capacity change from 0 to 512 [ 63.355352][ T5158] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.370058][ T5158] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x55555595f650) = 5160 [pid 5160] set_robust_list(0x55555595f660, 24) = 0 [pid 5160] chdir("./44") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5160] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./file1", 0777) = 0 [ 63.546897][ T5160] loop0: detected capacity change from 0 to 512 [ 63.583307][ T5160] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5160] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5160] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file1") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5160] creat("./file1", 010) = 4 [pid 5160] exit_group(0) = ? [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.597993][ T5160] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x55555595f650) = 5162 [pid 5162] set_robust_list(0x55555595f660, 24) = 0 [pid 5162] chdir("./45") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5162] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file1", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5162] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file1") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5162] creat("./file1", 010) = 4 [pid 5162] exit_group(0) = ? [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 63.803474][ T5162] loop0: detected capacity change from 0 to 512 [ 63.829496][ T5162] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.843932][ T5162] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x55555595f650) = 5164 [pid 5164] set_robust_list(0x55555595f660, 24) = 0 [pid 5164] chdir("./46") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5164] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./file1", 0777) = 0 [pid 5164] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5164] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file1") = 0 [pid 5164] ioctl(4, LOOP_CLR_FD) = 0 [pid 5164] close(4) = 0 [pid 5164] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5164] creat("./file1", 010) = 4 [pid 5164] exit_group(0) = ? [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 64.046826][ T5164] loop0: detected capacity change from 0 to 512 [ 64.061396][ T5164] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.076070][ T5164] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5166 attached , child_tidptr=0x55555595f650) = 5166 [pid 5166] set_robust_list(0x55555595f660, 24) = 0 [pid 5166] chdir("./47") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5166] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file1", 0777) = 0 [pid 5166] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5166] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file1") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5166] creat("./file1", 010) = 4 [pid 5166] exit_group(0) = ? [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 64.260430][ T5166] loop0: detected capacity change from 0 to 512 [ 64.274809][ T5166] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.289156][ T5166] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5168 ./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x55555595f660, 24) = 0 [pid 5168] chdir("./48") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5168] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file1", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5168] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file1") = 0 [pid 5168] ioctl(4, LOOP_CLR_FD) = 0 [pid 5168] close(4) = 0 [pid 5168] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5168] creat("./file1", 010) = 4 [pid 5168] exit_group(0) = ? [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 64.473115][ T5168] loop0: detected capacity change from 0 to 512 [ 64.486647][ T5168] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.501087][ T5168] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5170 attached , child_tidptr=0x55555595f650) = 5170 [pid 5170] set_robust_list(0x55555595f660, 24) = 0 [pid 5170] chdir("./49") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5170] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] mkdir("./file1", 0777) = 0 [pid 5170] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5170] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file1") = 0 [pid 5170] ioctl(4, LOOP_CLR_FD) = 0 [pid 5170] close(4) = 0 [pid 5170] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5170] creat("./file1", 010) = 4 [ 64.694144][ T5170] loop0: detected capacity change from 0 to 512 [ 64.711891][ T5170] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.726363][ T5170] EXT4-fs (loop0): 1 truncate cleaned up [pid 5170] exit_group(0) = ? [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5172 attached , child_tidptr=0x55555595f650) = 5172 [pid 5172] set_robust_list(0x55555595f660, 24) = 0 [pid 5172] chdir("./50") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5172] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./file1", 0777) = 0 [pid 5172] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5172] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file1") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [ 64.877393][ T5172] loop0: detected capacity change from 0 to 512 [ 64.902601][ T5172] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.916968][ T5172] EXT4-fs (loop0): 1 truncate cleaned up [pid 5172] creat("./file1", 010) = 4 [pid 5172] exit_group(0) = ? [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x55555595f650) = 5174 [pid 5174] set_robust_list(0x55555595f660, 24) = 0 [pid 5174] chdir("./51") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5174] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] mkdir("./file1", 0777) = 0 [pid 5174] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5174] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file1") = 0 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5174] creat("./file1", 010) = 4 [ 65.121367][ T5174] loop0: detected capacity change from 0 to 512 [ 65.140720][ T5174] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.155714][ T5174] EXT4-fs (loop0): 1 truncate cleaned up [pid 5174] exit_group(0) = ? [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x55555595f660, 24) = 0 [pid 5176] chdir("./52") = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5176 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5176] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] mkdir("./file1", 0777) = 0 [pid 5176] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5176] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./file1") = 0 [pid 5176] ioctl(4, LOOP_CLR_FD) = 0 [pid 5176] close(4) = 0 [pid 5176] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5176] creat("./file1", 010) = 4 [ 65.342608][ T5176] loop0: detected capacity change from 0 to 512 [ 65.357392][ T5176] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.372091][ T5176] EXT4-fs (loop0): 1 truncate cleaned up [pid 5176] exit_group(0) = ? [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x55555595f660, 24) = 0 [pid 5178] chdir("./53") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5178 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5178] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./file1", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5178] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file1") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [ 65.589057][ T5178] loop0: detected capacity change from 0 to 512 [ 65.603904][ T5178] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.618566][ T5178] EXT4-fs (loop0): 1 truncate cleaned up [pid 5178] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [ 65.672042][ T5178] [ 65.674385][ T5178] ====================================================== [ 65.681377][ T5178] WARNING: possible circular locking dependency detected [ 65.688362][ T5178] 6.7.0-rc8-syzkaller #0 Not tainted [ 65.693614][ T5178] ------------------------------------------------------ [ 65.700598][ T5178] syz-executor533/5178 is trying to acquire lock: [ 65.706977][ T5178] ffff8880776ff200 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x173/0x430 [ 65.717318][ T5178] [ 65.717318][ T5178] but task is already holding lock: [ 65.724652][ T5178] ffff888075278288 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1b94/0x29d0 [ 65.733931][ T5178] [ 65.733931][ T5178] which lock already depends on the new lock. [ 65.733931][ T5178] [ 65.744312][ T5178] [ 65.744312][ T5178] the existing dependency chain (in reverse order) is: [ 65.753302][ T5178] [ 65.753302][ T5178] -> #1 (&ei->i_data_sem/3){++++}-{3:3}: [ 65.761109][ T5178] down_write+0x3a/0x50 [ 65.765781][ T5178] ext4_xattr_set_entry+0x3415/0x3ce0 [ 65.771658][ T5178] ext4_xattr_ibody_set+0x126/0x380 [ 65.777359][ T5178] ext4_xattr_set_handle+0x936/0x1420 [ 65.783231][ T5178] ext4_xattr_set+0x149/0x370 [ 65.788409][ T5178] ext4_xattr_user_set+0xb9/0xf0 [ 65.793848][ T5178] __vfs_setxattr+0x173/0x1d0 [ 65.799037][ T5178] __vfs_setxattr_noperm+0x127/0x5e0 [ 65.804833][ T5178] __vfs_setxattr_locked+0x17e/0x250 [ 65.810624][ T5178] vfs_setxattr+0x146/0x350 [ 65.815634][ T5178] do_setxattr+0x142/0x170 [ 65.820560][ T5178] setxattr+0x159/0x170 [ 65.825225][ T5178] path_setxattr+0x175/0x1d0 [ 65.830322][ T5178] __x64_sys_setxattr+0xc4/0x160 [ 65.835769][ T5178] do_syscall_64+0x40/0x110 [ 65.840778][ T5178] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 65.847173][ T5178] [ 65.847173][ T5178] -> #0 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}: [ 65.855415][ T5178] __lock_acquire+0x2433/0x3b20 [ 65.860776][ T5178] lock_acquire+0x1ae/0x520 [ 65.865789][ T5178] down_write+0x3a/0x50 [ 65.870449][ T5178] ext4_xattr_inode_iget+0x173/0x430 [ 65.876236][ T5178] ext4_xattr_inode_get+0x170/0x840 [ 65.881938][ T5178] ext4_expand_extra_isize_ea+0x125a/0x1b20 [ 65.888331][ T5178] __ext4_expand_extra_isize+0x342/0x470 [ 65.894464][ T5178] __ext4_mark_inode_dirty+0x52b/0x810 [ 65.900428][ T5178] ext4_setattr+0x1c08/0x29d0 [ 65.905609][ T5178] notify_change+0x742/0x11c0 [ 65.910797][ T5178] do_truncate+0x15c/0x220 [ 65.915721][ T5178] path_openat+0x2597/0x2c50 [ 65.920816][ T5178] do_filp_open+0x1de/0x430 [ 65.925826][ T5178] do_sys_openat2+0x176/0x1e0 [ 65.931010][ T5178] __x64_sys_creat+0xcd/0x120 [ 65.936195][ T5178] do_syscall_64+0x40/0x110 [ 65.941205][ T5178] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 65.947600][ T5178] [ 65.947600][ T5178] other info that might help us debug this: [ 65.947600][ T5178] [ 65.957805][ T5178] Possible unsafe locking scenario: [ 65.957805][ T5178] [ 65.965233][ T5178] CPU0 CPU1 [ 65.970577][ T5178] ---- ---- [ 65.975918][ T5178] lock(&ei->i_data_sem/3); [ 65.980492][ T5178] lock(&ea_inode->i_rwsem#8/1); [ 65.988024][ T5178] lock(&ei->i_data_sem/3); [ 65.995125][ T5178] lock(&ea_inode->i_rwsem#8/1); [ 66.000140][ T5178] [ 66.000140][ T5178] *** DEADLOCK *** [ 66.000140][ T5178] [ 66.008259][ T5178] 5 locks held by syz-executor533/5178: [ 66.013778][ T5178] #0: ffff88801cc60418 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x2112/0x2c50 [ 66.022993][ T5178] #1: ffff888075278400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: do_truncate+0x14b/0x220 [ 66.033247][ T5178] #2: ffff8880752785a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xdf1/0x29d0 [ 66.043405][ T5178] #3: ffff888075278288 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1b94/0x29d0 [ 66.053135][ T5178] #4: ffff8880752780c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4a1/0x810 [ 66.063379][ T5178] [ 66.063379][ T5178] stack backtrace: [ 66.069242][ T5178] CPU: 0 PID: 5178 Comm: syz-executor533 Not tainted 6.7.0-rc8-syzkaller #0 [ 66.077894][ T5178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 66.087932][ T5178] Call Trace: [ 66.091197][ T5178] [ 66.094114][ T5178] dump_stack_lvl+0xd9/0x1b0 [ 66.098691][ T5178] check_noncircular+0x317/0x400 [ 66.103619][ T5178] ? print_circular_bug+0x5c0/0x5c0 [ 66.108808][ T5178] ? lockdep_lock+0xc6/0x200 [ 66.113383][ T5178] ? hlock_class+0x130/0x130 [ 66.117964][ T5178] __lock_acquire+0x2433/0x3b20 [ 66.122809][ T5178] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 66.128777][ T5178] ? look_up_lock_class+0x59/0x130 [ 66.133871][ T5178] lock_acquire+0x1ae/0x520 [ 66.138363][ T5178] ? ext4_xattr_inode_iget+0x173/0x430 [ 66.143807][ T5178] ? lock_sync+0x190/0x190 [ 66.148212][ T5178] ? preempt_count_sub+0x160/0x160 [ 66.153310][ T5178] down_write+0x3a/0x50 [ 66.157448][ T5178] ? ext4_xattr_inode_iget+0x173/0x430 [ 66.162891][ T5178] ext4_xattr_inode_iget+0x173/0x430 [ 66.168158][ T5178] ext4_xattr_inode_get+0x170/0x840 [ 66.173342][ T5178] ? ext4_xattr_inode_iget+0x430/0x430 [ 66.178780][ T5178] ? rcu_is_watching+0x12/0xb0 [ 66.183529][ T5178] ? trace_kmalloc+0x26/0xa0 [ 66.188109][ T5178] ? __kmalloc_node+0x78/0x90 [ 66.192773][ T5178] ext4_expand_extra_isize_ea+0x125a/0x1b20 [ 66.198655][ T5178] ? ext4_xattr_set+0x370/0x370 [ 66.203485][ T5178] ? lockdep_unlock+0x11b/0x290 [ 66.208325][ T5178] ? preempt_count_sub+0x160/0x160 [ 66.213421][ T5178] ? down_write_trylock+0x1ae/0x3d0 [ 66.218604][ T5178] ? dquot_initialize_needed+0x17d/0x290 [ 66.224221][ T5178] __ext4_expand_extra_isize+0x342/0x470 [ 66.229839][ T5178] __ext4_mark_inode_dirty+0x52b/0x810 [ 66.235283][ T5178] ? ext4_expand_extra_isize+0x600/0x600 [ 66.240901][ T5178] ? lock_sync+0x190/0x190 [ 66.245308][ T5178] ? preempt_count_sub+0x160/0x160 [ 66.250403][ T5178] ext4_setattr+0x1c08/0x29d0 [ 66.255063][ T5178] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 66.260942][ T5178] ? ext4_journalled_write_end+0x1120/0x1120 [ 66.266904][ T5178] notify_change+0x742/0x11c0 [ 66.271573][ T5178] do_truncate+0x15c/0x220 [ 66.275978][ T5178] ? file_open_root+0x450/0x450 [ 66.280812][ T5178] ? common_perm_cond+0x242/0x560 [ 66.285831][ T5178] path_openat+0x2597/0x2c50 [ 66.290412][ T5178] ? path_lookupat+0x770/0x770 [ 66.295160][ T5178] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 66.301133][ T5178] do_filp_open+0x1de/0x430 [ 66.305624][ T5178] ? may_open_dev+0xf0/0xf0 [ 66.310119][ T5178] ? find_held_lock+0x2d/0x110 [ 66.314876][ T5178] ? _raw_spin_unlock+0x28/0x40 [ 66.319711][ T5178] ? alloc_fd+0x2da/0x6c0 [ 66.324024][ T5178] do_sys_openat2+0x176/0x1e0 [ 66.328691][ T5178] ? build_open_flags+0x690/0x690 [ 66.333705][ T5178] ? ptrace_notify+0xf4/0x130 [ 66.338369][ T5178] ? restore_fpregs_from_fpstate+0xc1/0x1d0 [ 66.344252][ T5178] __x64_sys_creat+0xcd/0x120 [ 66.348922][ T5178] ? __x64_compat_sys_openat+0x200/0x200 [ 66.354542][ T5178] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.359725][ T5178] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 66.365953][ T5178] do_syscall_64+0x40/0x110 [ 66.370446][ T5178] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 66.376320][ T5178] RIP: 0033:0x7fe7ef30c169 [ 66.380716][ T5178] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.400308][ T5178] RSP: 002b:00007ffcc8324828 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 66.408701][ T5178] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fe7ef30c169 [ 66.416653][ T5178] RDX: 00007fe7ef30c169 RSI: 0000000000000008 RDI: 0000000020000400 [pid 5178] creat("./file1", 010) = 4 [pid 5178] exit_group(0) = ? [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x55555595f650) = 5181 [pid 5181] set_robust_list(0x55555595f660, 24) = 0 [pid 5181] chdir("./54") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [ 66.424605][ T5178] RBP: 0000000000000004 R08: 0000000000010000 R09: 0000000000010000 [ 66.432556][ T5178] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc8324870 [ 66.440515][ T5178] R13: 00007ffcc83248b0 R14: 0000000000040000 R15: 0000000000000003 [ 66.448475][ T5178] [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5181] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file1", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5181] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file1") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5181] creat("./file1", 010) = 4 [pid 5181] exit_group(0) = ? [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 66.523152][ T5181] loop0: detected capacity change from 0 to 512 [ 66.536855][ T5181] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.550592][ T5181] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x55555595f650) = 5183 [pid 5183] set_robust_list(0x55555595f660, 24) = 0 [pid 5183] chdir("./55") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5183] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./file1", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5183] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./file1") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5183] creat("./file1", 010) = 4 [pid 5183] exit_group(0) = ? [ 66.702807][ T5183] loop0: detected capacity change from 0 to 512 [ 66.726526][ T5183] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.740355][ T5183] EXT4-fs (loop0): 1 truncate cleaned up [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x55555595f650) = 5185 [pid 5185] set_robust_list(0x55555595f660, 24) = 0 [pid 5185] chdir("./56") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5185] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./file1", 0777) = 0 [pid 5185] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5185] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./file1") = 0 [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [pid 5185] close(4) = 0 [pid 5185] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5185] creat("./file1", 010) = 4 [pid 5185] exit_group(0) = ? [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 66.901069][ T5185] loop0: detected capacity change from 0 to 512 [ 66.919930][ T5185] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.933925][ T5185] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x55555595f650) = 5187 [pid 5187] set_robust_list(0x55555595f660, 24) = 0 [pid 5187] chdir("./57") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5187] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./file1", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./file1") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5187] creat("./file1", 010) = 4 [pid 5187] exit_group(0) = ? [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 67.133172][ T5187] loop0: detected capacity change from 0 to 512 [ 67.145808][ T5187] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.159492][ T5187] EXT4-fs (loop0): 1 truncate cleaned up umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x55555595f650) = 5189 [pid 5189] set_robust_list(0x55555595f660, 24) = 0 [pid 5189] chdir("./58") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5189] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file1", 0777) = 0 [pid 5189] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5189] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file1") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5189] creat("./file1", 010) = 4 [pid 5189] exit_group(0) = ? [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 67.362950][ T5189] loop0: detected capacity change from 0 to 512 [ 67.376448][ T5189] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.390239][ T5189] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x55555595f660, 24) = 0 [pid 5191] chdir("./59") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5191] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5191] close(3) = 0 [pid 5191] mkdir("./file1", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5191] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file1") = 0 [pid 5191] ioctl(4, LOOP_CLR_FD) = 0 [pid 5191] close(4) = 0 [pid 5191] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5191] creat("./file1", 010) = 4 [ 67.512632][ T5191] loop0: detected capacity change from 0 to 512 [ 67.526811][ T5191] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.540737][ T5191] EXT4-fs (loop0): 1 truncate cleaned up [pid 5191] exit_group(0) = ? [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x55555595f660, 24) = 0 [pid 5193] chdir("./60") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5193] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file1", 0777) = 0 [pid 5193] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file1") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5193] creat("./file1", 010) = 4 [ 67.760876][ T5193] loop0: detected capacity change from 0 to 512 [ 67.784754][ T5193] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.798533][ T5193] EXT4-fs (loop0): 1 truncate cleaned up [pid 5193] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5195 attached , child_tidptr=0x55555595f650) = 5195 [pid 5195] set_robust_list(0x55555595f660, 24) = 0 [pid 5195] chdir("./61") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5195] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file1", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5195] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file1") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5195] creat("./file1", 010) = 4 [pid 5195] exit_group(0) = ? [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.000628][ T5195] loop0: detected capacity change from 0 to 512 [ 68.014717][ T5195] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.028440][ T5195] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5197 attached , child_tidptr=0x55555595f650) = 5197 [pid 5197] set_robust_list(0x55555595f660, 24) = 0 [pid 5197] chdir("./62") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5197] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5197] close(3) = 0 [pid 5197] mkdir("./file1", 0777) = 0 [pid 5197] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5197] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5197] chdir("./file1") = 0 [pid 5197] ioctl(4, LOOP_CLR_FD) = 0 [pid 5197] close(4) = 0 [pid 5197] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5197] creat("./file1", 010) = 4 [pid 5197] exit_group(0) = ? [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 68.227793][ T5197] loop0: detected capacity change from 0 to 512 [ 68.246658][ T5197] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.260442][ T5197] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5199 attached , child_tidptr=0x55555595f650) = 5199 [pid 5199] set_robust_list(0x55555595f660, 24) = 0 [pid 5199] chdir("./63") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5199] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./file1", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5199] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./file1") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5199] creat("./file1", 010) = 4 [pid 5199] exit_group(0) = ? [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 68.436172][ T5199] loop0: detected capacity change from 0 to 512 [ 68.449907][ T5199] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.463894][ T5199] EXT4-fs (loop0): 1 truncate cleaned up umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x55555595f650) = 5201 [pid 5201] set_robust_list(0x55555595f660, 24) = 0 [pid 5201] chdir("./64") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5201] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./file1", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file1") = 0 [pid 5201] ioctl(4, LOOP_CLR_FD) = 0 [pid 5201] close(4) = 0 [pid 5201] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5201] creat("./file1", 010) = 4 [pid 5201] exit_group(0) = ? [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.587810][ T5201] loop0: detected capacity change from 0 to 512 [ 68.606721][ T5201] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.620498][ T5201] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5203 attached , child_tidptr=0x55555595f650) = 5203 [pid 5203] set_robust_list(0x55555595f660, 24) = 0 [pid 5203] chdir("./65") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5203] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./file1", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./file1") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5203] creat("./file1", 010) = 4 [pid 5203] exit_group(0) = ? [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 68.761899][ T5203] loop0: detected capacity change from 0 to 512 [ 68.775922][ T5203] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.789655][ T5203] EXT4-fs (loop0): 1 truncate cleaned up umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached , child_tidptr=0x55555595f650) = 5205 [pid 5205] set_robust_list(0x55555595f660, 24) = 0 [pid 5205] chdir("./66") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5205] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./file1", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5205] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file1") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5205] creat("./file1", 010) = 4 [pid 5205] exit_group(0) = ? [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 68.913493][ T5205] loop0: detected capacity change from 0 to 512 [ 68.926849][ T5205] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.940611][ T5205] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5207 ./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x55555595f660, 24) = 0 [pid 5207] chdir("./67") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] memfd_create("syzkaller", 0) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5207] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] mkdir("./file1", 0777) = 0 [pid 5207] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5207] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file1") = 0 [pid 5207] ioctl(4, LOOP_CLR_FD) = 0 [pid 5207] close(4) = 0 [pid 5207] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5207] creat("./file1", 010) = 4 [pid 5207] exit_group(0) = ? [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 69.116971][ T5207] loop0: detected capacity change from 0 to 512 [ 69.130819][ T5207] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.144604][ T5207] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x55555595f660, 24) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5209 [pid 5209] chdir("./68") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5209] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] mkdir("./file1", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5209] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./file1") = 0 [pid 5209] ioctl(4, LOOP_CLR_FD) = 0 [pid 5209] close(4) = 0 [pid 5209] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [ 69.289538][ T5209] loop0: detected capacity change from 0 to 512 [ 69.313346][ T5209] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.327288][ T5209] EXT4-fs (loop0): 1 truncate cleaned up [pid 5209] creat("./file1", 010) = 4 [pid 5209] exit_group(0) = ? [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x55555595f660, 24) = 0 [pid 5211] chdir("./69") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5211] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] mkdir("./file1", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5211] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./file1") = 0 [pid 5211] ioctl(4, LOOP_CLR_FD) = 0 [pid 5211] close(4) = 0 [pid 5211] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5211] creat("./file1", 010) = 4 [pid 5211] exit_group(0) = ? [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.490282][ T5211] loop0: detected capacity change from 0 to 512 [ 69.498826][ T5211] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.513236][ T5211] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x55555595f660, 24) = 0 [pid 5213] chdir("./70") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5213 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5213] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] mkdir("./file1", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5213] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] chdir("./file1") = 0 [pid 5213] ioctl(4, LOOP_CLR_FD) = 0 [pid 5213] close(4) = 0 [pid 5213] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5213] creat("./file1", 010) = 4 [pid 5213] exit_group(0) = ? [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 69.656293][ T5213] loop0: detected capacity change from 0 to 512 [ 69.670042][ T5213] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.684590][ T5213] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached , child_tidptr=0x55555595f650) = 5215 [pid 5215] set_robust_list(0x55555595f660, 24) = 0 [pid 5215] chdir("./71") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5215] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./file1", 0777) = 0 [pid 5215] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5215] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file1") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5215] creat("./file1", 010) = 4 [pid 5215] exit_group(0) = ? [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 69.864122][ T5215] loop0: detected capacity change from 0 to 512 [ 69.878065][ T5215] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.892285][ T5215] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x55555595f650) = 5217 [pid 5217] set_robust_list(0x55555595f660, 24) = 0 [pid 5217] chdir("./72") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5217] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] mkdir("./file1", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5217] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file1") = 0 [pid 5217] ioctl(4, LOOP_CLR_FD) = 0 [pid 5217] close(4) = 0 [pid 5217] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5217] creat("./file1", 010) = 4 [pid 5217] exit_group(0) = ? [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 70.046464][ T5217] loop0: detected capacity change from 0 to 512 [ 70.058447][ T5217] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.072321][ T5217] EXT4-fs (loop0): 1 truncate cleaned up umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x55555595f660, 24) = 0 [pid 5219] chdir("./73") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5219 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5219] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] mkdir("./file1", 0777) = 0 [pid 5219] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5219] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file1") = 0 [pid 5219] ioctl(4, LOOP_CLR_FD) = 0 [pid 5219] close(4) = 0 [pid 5219] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5219] creat("./file1", 010) = 4 [pid 5219] exit_group(0) = ? [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 70.182563][ T5219] loop0: detected capacity change from 0 to 512 [ 70.194877][ T5219] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.208671][ T5219] EXT4-fs (loop0): 1 truncate cleaned up umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached , child_tidptr=0x55555595f650) = 5221 [pid 5221] set_robust_list(0x55555595f660, 24) = 0 [pid 5221] chdir("./74") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5221] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./file1", 0777) = 0 [pid 5221] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./file1") = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 [pid 5221] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5221] creat("./file1", 010) = 4 [pid 5221] exit_group(0) = ? [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 70.361787][ T5221] loop0: detected capacity change from 0 to 512 [ 70.374517][ T5221] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.388434][ T5221] EXT4-fs (loop0): 1 truncate cleaned up umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x55555595f660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5224 [pid 5224] <... set_robust_list resumed>) = 0 [pid 5224] chdir("./75") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5224] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file1", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file1") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5224] creat("./file1", 010) = 4 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 70.592192][ T5224] loop0: detected capacity change from 0 to 512 [ 70.605708][ T5224] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.619518][ T5224] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x55555595f650) = 5226 [pid 5226] set_robust_list(0x55555595f660, 24) = 0 [pid 5226] chdir("./76") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5226] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] mkdir("./file1", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./file1") = 0 [pid 5226] ioctl(4, LOOP_CLR_FD) = 0 [pid 5226] close(4) = 0 [pid 5226] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5226] creat("./file1", 010) = 4 [pid 5226] exit_group(0) = ? [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 70.725235][ T5226] loop0: detected capacity change from 0 to 512 [ 70.743730][ T5226] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.757644][ T5226] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x55555595f650) = 5228 [pid 5228] set_robust_list(0x55555595f660, 24) = 0 [pid 5228] chdir("./77") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5228] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file1", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file1") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [ 70.892460][ T5228] loop0: detected capacity change from 0 to 512 [ 70.900771][ T5228] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.914678][ T5228] EXT4-fs (loop0): 1 truncate cleaned up [pid 5228] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5228] creat("./file1", 010) = 4 [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x55555595f660, 24) = 0 [pid 5230] chdir("./78") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5230] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file1", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file1") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5230] creat("./file1", 010) = 4 [pid 5230] exit_group(0) = ? [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 71.111936][ T5230] loop0: detected capacity change from 0 to 512 [ 71.125438][ T5230] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 71.139177][ T5230] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5232 attached , child_tidptr=0x55555595f650) = 5232 [pid 5232] set_robust_list(0x55555595f660, 24) = 0 [pid 5232] chdir("./79") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] memfd_create("syzkaller", 0) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5232] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5232] close(3) = 0 [pid 5232] mkdir("./file1", 0777) = 0 [pid 5232] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5232] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5232] chdir("./file1") = 0 [pid 5232] ioctl(4, LOOP_CLR_FD) = 0 [pid 5232] close(4) = 0 [pid 5232] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5232] creat("./file1", 010) = 4 [pid 5232] exit_group(0) = ? [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 [ 71.344633][ T5232] loop0: detected capacity change from 0 to 512 [ 71.356708][ T5232] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 71.370579][ T5232] EXT4-fs (loop0): 1 truncate cleaned up umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached , child_tidptr=0x55555595f650) = 5234 [pid 5234] set_robust_list(0x55555595f660, 24) = 0 [pid 5234] chdir("./80") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5234] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./file1", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5234] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file1") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5234] creat("./file1", 010) = 4 [pid 5234] exit_group(0) = ? [ 71.494415][ T5234] loop0: detected capacity change from 0 to 512 [ 71.508274][ T5234] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 71.522257][ T5234] EXT4-fs (loop0): 1 truncate cleaned up [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x55555595f660, 24) = 0 [pid 5236] chdir("./81") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5236 [pid 5236] <... openat resumed>) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5236] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file1", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5236] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file1") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5236] creat("./file1", 010) = 4 [ 71.706521][ T5236] loop0: detected capacity change from 0 to 512 [ 71.725140][ T5236] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 71.738968][ T5236] EXT4-fs (loop0): 1 truncate cleaned up [pid 5236] exit_group(0) = ? [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x55555595f660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5238 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5238] chdir("./82") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] memfd_create("syzkaller", 0) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5238] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./file1", 0777) = 0 [pid 5238] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5238] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./file1") = 0 [pid 5238] ioctl(4, LOOP_CLR_FD) = 0 [pid 5238] close(4) = 0 [pid 5238] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5238] creat("./file1", 010) = 4 [pid 5238] exit_group(0) = ? [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 71.882391][ T5238] loop0: detected capacity change from 0 to 512 [ 71.900914][ T5238] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 71.914815][ T5238] EXT4-fs (loop0): 1 truncate cleaned up umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x55555595f660, 24) = 0 [pid 5240] chdir("./83") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5240 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5240] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./file1", 0777) = 0 [pid 5240] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5240] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file1") = 0 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5240] creat("./file1", 010) = 4 [pid 5240] exit_group(0) = ? [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 72.035939][ T5240] loop0: detected capacity change from 0 to 512 [ 72.049675][ T5240] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 72.063769][ T5240] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x55555595f660, 24) = 0 [pid 5242] chdir("./84") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5242 [pid 5242] <... openat resumed>) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5242] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file1", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5242] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file1") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5242] creat("./file1", 010) = 4 [pid 5242] exit_group(0) = ? [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 72.243371][ T5242] loop0: detected capacity change from 0 to 512 [ 72.261916][ T5242] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 72.275772][ T5242] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x55555595f660, 24) = 0 [pid 5244] chdir("./85") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5244 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5244] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] mkdir("./file1", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5244] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file1") = 0 [pid 5244] ioctl(4, LOOP_CLR_FD) = 0 [pid 5244] close(4) = 0 [pid 5244] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5244] creat("./file1", 010) = 4 [pid 5244] exit_group(0) = ? [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 72.427521][ T5244] loop0: detected capacity change from 0 to 512 [ 72.441660][ T5244] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 72.455531][ T5244] EXT4-fs (loop0): 1 truncate cleaned up umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5246 ./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x55555595f660, 24) = 0 [pid 5246] chdir("./86") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5246] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file1", 0777) = 0 [pid 5246] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5246] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file1") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5246] creat("./file1", 010) = 4 [ 72.600730][ T5246] loop0: detected capacity change from 0 to 512 [ 72.614284][ T5246] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 72.627933][ T5246] EXT4-fs (loop0): 1 truncate cleaned up [pid 5246] exit_group(0) = ? [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5248 attached , child_tidptr=0x55555595f650) = 5248 [pid 5248] set_robust_list(0x55555595f660, 24) = 0 [pid 5248] chdir("./87") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5248] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file1", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5248] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file1") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5248] creat("./file1", 010) = 4 [pid 5248] exit_group(0) = ? [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 72.796956][ T5248] loop0: detected capacity change from 0 to 512 [ 72.810543][ T5248] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 72.824313][ T5248] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5250 ./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x55555595f660, 24) = 0 [pid 5250] chdir("./88") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5250] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] mkdir("./file1", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5250] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file1") = 0 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [pid 5250] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5250] creat("./file1", 010) = 4 [pid 5250] exit_group(0) = ? [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 72.994232][ T5250] loop0: detected capacity change from 0 to 512 [ 73.007575][ T5250] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 73.021349][ T5250] EXT4-fs (loop0): 1 truncate cleaned up umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x55555595f650) = 5252 [pid 5252] set_robust_list(0x55555595f660, 24) = 0 [pid 5252] chdir("./89") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5252] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file1", 0777) = 0 [pid 5252] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5252] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file1") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5252] creat("./file1", 010) = 4 [pid 5252] exit_group(0) = ? [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 73.145654][ T5252] loop0: detected capacity change from 0 to 512 [ 73.158955][ T5252] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 73.172852][ T5252] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x55555595f660, 24) = 0 [pid 5254] chdir("./90" [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5254 [pid 5254] <... chdir resumed>) = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5254] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file1", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5254] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file1") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5254] creat("./file1", 010) = 4 [ 73.328228][ T5254] loop0: detected capacity change from 0 to 512 [ 73.341613][ T5254] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 73.355905][ T5254] EXT4-fs (loop0): 1 truncate cleaned up [pid 5254] exit_group(0) = ? [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5257 attached , child_tidptr=0x55555595f650) = 5257 [pid 5257] set_robust_list(0x55555595f660, 24) = 0 [pid 5257] chdir("./91") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5257] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file1", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5257] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file1") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5257] creat("./file1", 010) = 4 [pid 5257] exit_group(0) = ? [ 73.483513][ T5257] loop0: detected capacity change from 0 to 512 [ 73.496717][ T5257] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 73.510621][ T5257] EXT4-fs (loop0): 1 truncate cleaned up [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5259 ./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x55555595f660, 24) = 0 [pid 5259] chdir("./92") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] memfd_create("syzkaller", 0) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5259] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] mkdir("./file1", 0777) = 0 [pid 5259] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5259] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./file1") = 0 [pid 5259] ioctl(4, LOOP_CLR_FD) = 0 [pid 5259] close(4) = 0 [pid 5259] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5259] creat("./file1", 010) = 4 [pid 5259] exit_group(0) = ? [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 73.700356][ T5259] loop0: detected capacity change from 0 to 512 [ 73.713792][ T5259] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 73.727517][ T5259] EXT4-fs (loop0): 1 truncate cleaned up umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached , child_tidptr=0x55555595f650) = 5261 [pid 5261] set_robust_list(0x55555595f660, 24) = 0 [pid 5261] chdir("./93") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] memfd_create("syzkaller", 0) = 3 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5261] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5261] close(3) = 0 [pid 5261] mkdir("./file1", 0777) = 0 [pid 5261] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5261] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5261] chdir("./file1") = 0 [pid 5261] ioctl(4, LOOP_CLR_FD) = 0 [pid 5261] close(4) = 0 [pid 5261] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5261] creat("./file1", 010) = 4 [pid 5261] exit_group(0) = ? [ 73.860974][ T5261] loop0: detected capacity change from 0 to 512 [ 73.874634][ T5261] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 73.888399][ T5261] EXT4-fs (loop0): 1 truncate cleaned up [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached , child_tidptr=0x55555595f650) = 5263 [pid 5263] set_robust_list(0x55555595f660, 24) = 0 [pid 5263] chdir("./94") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5263] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./file1", 0777) = 0 [pid 5263] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5263] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file1") = 0 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5263] creat("./file1", 010) = 4 [pid 5263] exit_group(0) = ? [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.103314][ T5263] loop0: detected capacity change from 0 to 512 [ 74.111939][ T5263] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 74.125997][ T5263] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5265 attached , child_tidptr=0x55555595f650) = 5265 [pid 5265] set_robust_list(0x55555595f660, 24) = 0 [pid 5265] chdir("./95") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] memfd_create("syzkaller", 0) = 3 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5265] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5265] close(3) = 0 [pid 5265] mkdir("./file1", 0777) = 0 [pid 5265] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5265] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5265] chdir("./file1") = 0 [pid 5265] ioctl(4, LOOP_CLR_FD) = 0 [pid 5265] close(4) = 0 [pid 5265] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [ 74.346192][ T5265] loop0: detected capacity change from 0 to 512 [ 74.369476][ T5265] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 74.383559][ T5265] EXT4-fs (loop0): 1 truncate cleaned up [pid 5265] creat("./file1", 010) = 4 [pid 5265] exit_group(0) = ? [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5267 attached , child_tidptr=0x55555595f650) = 5267 [pid 5267] set_robust_list(0x55555595f660, 24) = 0 [pid 5267] chdir("./96") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] memfd_create("syzkaller", 0) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5267] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] mkdir("./file1", 0777) = 0 [pid 5267] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5267] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file1") = 0 [pid 5267] ioctl(4, LOOP_CLR_FD) = 0 [pid 5267] close(4) = 0 [pid 5267] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5267] creat("./file1", 010) = 4 [pid 5267] exit_group(0) = ? [pid 5267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5267, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 74.584698][ T5267] loop0: detected capacity change from 0 to 512 [ 74.593193][ T5267] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 74.606879][ T5267] EXT4-fs (loop0): 1 truncate cleaned up unlink("./96/binderfs") = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5269 ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x55555595f660, 24) = 0 [pid 5269] chdir("./97") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5269] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] mkdir("./file1", 0777) = 0 [pid 5269] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5269] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file1") = 0 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5269] creat("./file1", 010) = 4 [pid 5269] exit_group(0) = ? [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.768933][ T5269] loop0: detected capacity change from 0 to 512 [ 74.781863][ T5269] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 74.795923][ T5269] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5271 attached , child_tidptr=0x55555595f650) = 5271 [pid 5271] set_robust_list(0x55555595f660, 24) = 0 [pid 5271] chdir("./98") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] memfd_create("syzkaller", 0) = 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5271] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5271] close(3) = 0 [pid 5271] mkdir("./file1", 0777) = 0 [pid 5271] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5271] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5271] chdir("./file1") = 0 [pid 5271] ioctl(4, LOOP_CLR_FD) = 0 [pid 5271] close(4) = 0 [pid 5271] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5271] creat("./file1", 010) = 4 [pid 5271] exit_group(0) = ? [pid 5271] +++ exited with 0 +++ [ 74.960462][ T5271] loop0: detected capacity change from 0 to 512 [ 74.982998][ T5271] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 74.996816][ T5271] EXT4-fs (loop0): 1 truncate cleaned up --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x55555595f660, 24) = 0 [pid 5273] chdir("./99") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x55555595f650) = 5273 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5273] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./file1", 0777) = 0 [pid 5273] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5273] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file1") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5273] creat("./file1", 010) = 4 [pid 5273] exit_group(0) = ? [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.182635][ T5273] loop0: detected capacity change from 0 to 512 [ 75.196028][ T5273] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 75.209786][ T5273] EXT4-fs (loop0): 1 truncate cleaned up umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555968730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555968730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x5555559606f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555595f650) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x55555595f660, 24) = 0 [pid 5275] chdir("./100") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7e6ecd000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5275] munmap(0x7fe7e6ecd000, 138412032) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./file1", 0777) = 0 [pid 5275] mount("/dev/loop0", "./file1", "ext4", MS_POSIXACL, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5275] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file1") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] setxattr("./file1", "user.incfs.metadata", "\x3b\xca\x3e\x8e\xec\x60\xdb\x6d\xa7\x28\xee\x8e\x29\xfa\x02\xfa\x21\x03\x9b\x37\x80\xdd\x17\x54\x0b\xcd\xff\x62\xd7\x13\x4b\xa5\x3e\x25\xf5\x9a\xf9\x2d\xd4\x65\xa8\x39\x65\x8e\xad\x1f\x48\xc4\x42\xf9\x96\x01\x68\x49\x56\xb1\x12\x67\xdb\x59\xfd\x65\x72\x81\xe9\x0a\x34\xe6\x3a\x4a\x3f\xeb\x92\xde\x49\xe5\x7c\xea\x7f\xec\x40\xeb\x97\x08\xd5\xc4\x39\x65\xc6\xae\x13\x8b\x7e\x6a\xe8\x40\x58\x14\x26\x34"..., 881, 0) = 0 [pid 5275] creat("./file1", 010) = 4 [pid 5275] exit_group(0) = ? [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 75.356217][ T5275] loop0: detected capacity change from 0 to 512 [ 75.370062][ T5275] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 75.384121][ T5275] EXT4-fs (loop0): 1 truncate cleaned up umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559606f0 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)