./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2436510769 <...> Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts. execve("./syz-executor2436510769", ["./syz-executor2436510769"], 0x7ffe24bd83c0 /* 10 vars */) = 0 brk(NULL) = 0x555586dd3000 brk(0x555586dd3d00) = 0x555586dd3d00 arch_prctl(ARCH_SET_FS, 0x555586dd3380) = 0 set_tid_address(0x555586dd3650) = 5058 set_robust_list(0x555586dd3660, 24) = 0 rseq(0x555586dd3ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2436510769", 4096) = 28 getrandom("\xa8\xdb\x28\x00\x54\x9a\x78\x38", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555586dd3d00 brk(0x555586df4d00) = 0x555586df4d00 brk(0x555586df5000) = 0x555586df5000 mprotect(0x7fc701fcc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.TDf4Cv", 0700) = 0 chmod("./syzkaller.TDf4Cv", 0777) = 0 chdir("./syzkaller.TDf4Cv") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x555586dd3660, 24) = 0 [pid 5059] chdir("./0" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5059 [pid 5059] <... chdir resumed>) = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5059] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5059] close(3) = 0 [pid 5059] close(4) = 0 [pid 5059] mkdir("./file1", 0777) = 0 [ 56.875178][ T5059] loop0: detected capacity change from 0 to 512 [pid 5059] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5059] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5059] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5059] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5059] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5059] dup3(5, 4, 0) = 4 [pid 5059] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5059] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5059] exit_group(0) = ? [ 56.917297][ T5059] EXT4-fs (loop0): 1 truncate cleaned up [ 56.923086][ T5059] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./0/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/cpuset.effective_cpus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/cgroup.controllers") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 [ 57.097927][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached , child_tidptr=0x555586dd3650) = 5063 [pid 5063] set_robust_list(0x555586dd3660, 24) = 0 [pid 5063] chdir("./1") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5063] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] close(4) = 0 [pid 5063] mkdir("./file1", 0777) = 0 [ 57.322453][ T5063] loop0: detected capacity change from 0 to 512 [ 57.355891][ T5063] EXT4-fs (loop0): 1 truncate cleaned up [pid 5063] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5063] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5063] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5063] dup3(5, 4, 0) = 4 [pid 5063] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5063] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5063] exit_group(0) = ? [pid 5063] +++ exited with 0 +++ [ 57.361738][ T5063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./1/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/cpuset.effective_cpus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/cgroup.controllers") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 57.531009][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached , child_tidptr=0x555586dd3650) = 5065 [pid 5065] set_robust_list(0x555586dd3660, 24) = 0 [pid 5065] chdir("./2") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5065] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] close(4) = 0 [pid 5065] mkdir("./file1", 0777) = 0 [ 57.751703][ T5065] loop0: detected capacity change from 0 to 512 [ 57.787232][ T5065] EXT4-fs (loop0): 1 truncate cleaned up [pid 5065] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5065] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5065] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5065] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5065] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 57.793211][ T5065] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5065] dup3(5, 4, 0) = 4 [pid 5065] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5065] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./2/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/cpuset.effective_cpus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/cgroup.controllers") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 57.959962][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./2/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x555586dd3660, 24) = 0 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5067 [pid 5067] chdir("./3") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5067] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] close(4) = 0 [pid 5067] mkdir("./file1", 0777) = 0 [ 58.182612][ T5067] loop0: detected capacity change from 0 to 512 [ 58.215425][ T5067] EXT4-fs (loop0): 1 truncate cleaned up [pid 5067] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5067] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5067] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5067] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5067] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5067] dup3(5, 4, 0) = 4 [pid 5067] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5067] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 58.221172][ T5067] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./3/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/cpuset.effective_cpus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/cgroup.controllers") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 [ 58.377819][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x555586dd3650) = 5069 [pid 5069] set_robust_list(0x555586dd3660, 24) = 0 [pid 5069] chdir("./4") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5069] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] close(4) = 0 [pid 5069] mkdir("./file1", 0777) = 0 [ 58.609835][ T5069] loop0: detected capacity change from 0 to 512 [pid 5069] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5069] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5069] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5069] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5069] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5069] dup3(5, 4, 0) = 4 [pid 5069] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5069] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 58.651967][ T5069] EXT4-fs (loop0): 1 truncate cleaned up [ 58.657662][ T5069] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./4/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/cpuset.effective_cpus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/cgroup.controllers") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 58.806540][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x555586dd3660, 24) = 0 [pid 5071] chdir("./5" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5071 [pid 5071] <... chdir resumed>) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5071] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] close(4) = 0 [pid 5071] mkdir("./file1", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5071] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5071] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5071] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5071] dup3(5, 4, 0) = 4 [pid 5071] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5071] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [ 59.029283][ T5071] loop0: detected capacity change from 0 to 512 [ 59.054550][ T5071] EXT4-fs (loop0): 1 truncate cleaned up [ 59.061275][ T5071] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./5/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/cpuset.effective_cpus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/cgroup.controllers") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 59.219188][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x555586dd3650) = 5073 [pid 5073] set_robust_list(0x555586dd3660, 24) = 0 [pid 5073] chdir("./6") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5073] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] close(4) = 0 [pid 5073] mkdir("./file1", 0777) = 0 [ 59.450446][ T5073] loop0: detected capacity change from 0 to 512 [ 59.485110][ T5073] EXT4-fs (loop0): 1 truncate cleaned up [pid 5073] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5073] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5073] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5073] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5073] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5073] dup3(5, 4, 0) = 4 [pid 5073] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5073] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 59.490775][ T5073] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./6/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/cpuset.effective_cpus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/cgroup.controllers") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.669166][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x555586dd3650) = 5075 [pid 5075] set_robust_list(0x555586dd3660, 24) = 0 [pid 5075] chdir("./7") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5075] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] close(4) = 0 [pid 5075] mkdir("./file1", 0777) = 0 [ 59.872364][ T5075] loop0: detected capacity change from 0 to 512 [ 59.912124][ T5075] EXT4-fs (loop0): 1 truncate cleaned up [pid 5075] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5075] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5075] dup3(5, 4, 0) = 4 [pid 5075] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5075] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 59.917826][ T5075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./7/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/cpuset.effective_cpus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/cgroup.controllers") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 [ 60.066511][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x555586dd3650) = 5077 [pid 5077] set_robust_list(0x555586dd3660, 24) = 0 [pid 5077] chdir("./8") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5077] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] close(4) = 0 [pid 5077] mkdir("./file1", 0777) = 0 [ 60.331388][ T5077] loop0: detected capacity change from 0 to 512 [ 60.363780][ T5077] EXT4-fs (loop0): 1 truncate cleaned up [pid 5077] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5077] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5077] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5077] dup3(5, 4, 0) = 4 [pid 5077] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5077] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 60.369782][ T5077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./8/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/cpuset.effective_cpus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/cgroup.controllers") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 [ 60.456313][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached , child_tidptr=0x555586dd3650) = 5079 [pid 5079] set_robust_list(0x555586dd3660, 24) = 0 [pid 5079] chdir("./9") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5079] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] close(4) = 0 [pid 5079] mkdir("./file1", 0777) = 0 [ 60.728531][ T5079] loop0: detected capacity change from 0 to 512 [pid 5079] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5079] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5079] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5079] dup3(5, 4, 0) = 4 [pid 5079] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5079] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ [ 60.769627][ T5079] EXT4-fs (loop0): 1 truncate cleaned up [ 60.775346][ T5079] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./9/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/cpuset.effective_cpus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/cgroup.controllers") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 60.914149][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586dd3650) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x555586dd3660, 24) = 0 [pid 5081] chdir("./10") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5081] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] close(4) = 0 [pid 5081] mkdir("./file1", 0777) = 0 [ 61.058250][ T5081] loop0: detected capacity change from 0 to 512 [ 61.090773][ T5081] EXT4-fs (loop0): 1 truncate cleaned up [pid 5081] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5081] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5081] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5081] dup3(5, 4, 0) = 4 [pid 5081] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5081] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 61.100960][ T5081] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./10/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/cpuset.effective_cpus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/cgroup.controllers") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 61.237123][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./10/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586dd3650) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555586dd3660, 24) = 0 [pid 5084] chdir("./11") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5084] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] close(4) = 0 [pid 5084] mkdir("./file1", 0777) = 0 [ 61.467145][ T5084] loop0: detected capacity change from 0 to 512 [ 61.504609][ T5084] EXT4-fs (loop0): 1 truncate cleaned up [pid 5084] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5084] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5084] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5084] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5084] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5084] dup3(5, 4, 0) = 4 [pid 5084] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5084] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5084] exit_group(0) = ? [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 61.510291][ T5084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./11/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/cpuset.effective_cpus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/cgroup.controllers") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 [ 61.659970][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x555586dd3650) = 5086 [pid 5086] set_robust_list(0x555586dd3660, 24) = 0 [pid 5086] chdir("./12") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5086] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] close(4) = 0 [pid 5086] mkdir("./file1", 0777) = 0 [ 61.908191][ T5086] loop0: detected capacity change from 0 to 512 [pid 5086] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5086] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5086] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5086] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5086] dup3(5, 4, 0) = 4 [pid 5086] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5086] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5086] exit_group(0) = ? [ 61.948376][ T5086] EXT4-fs (loop0): 1 truncate cleaned up [ 61.954336][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./12/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/cpuset.effective_cpus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/cgroup.controllers") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 62.079028][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./12/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x555586dd3650) = 5088 [pid 5088] set_robust_list(0x555586dd3660, 24) = 0 [pid 5088] chdir("./13") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5088] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] mkdir("./file1", 0777) = 0 [ 62.329142][ T5088] loop0: detected capacity change from 0 to 512 [ 62.368130][ T5088] EXT4-fs (loop0): 1 truncate cleaned up [pid 5088] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5088] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5088] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5088] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5088] dup3(5, 4, 0) = 4 [pid 5088] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5088] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./13/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/cpuset.effective_cpus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 62.373874][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./13/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/cgroup.controllers") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 62.460713][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./13/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x555586dd3650) = 5090 [pid 5090] set_robust_list(0x555586dd3660, 24) = 0 [pid 5090] chdir("./14") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5090] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] close(4) = 0 [pid 5090] mkdir("./file1", 0777) = 0 [ 62.682520][ T5090] loop0: detected capacity change from 0 to 512 [pid 5090] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5090] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5090] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5090] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5090] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5090] dup3(5, 4, 0) = 4 [ 62.724041][ T5090] EXT4-fs (loop0): 1 truncate cleaned up [ 62.729715][ T5090] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5090] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5090] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5090] exit_group(0) = ? [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./14/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/cpuset.effective_cpus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/cgroup.controllers") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 62.884200][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x555586dd3650) = 5092 [pid 5092] set_robust_list(0x555586dd3660, 24) = 0 [pid 5092] chdir("./15") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5092] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("./file1", 0777) = 0 [pid 5092] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5092] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5092] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5092] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5092] dup3(5, 4, 0) = 4 [ 63.038293][ T5092] loop0: detected capacity change from 0 to 512 [ 63.064785][ T5092] EXT4-fs (loop0): 1 truncate cleaned up [ 63.070559][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5092] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5092] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./15/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/cpuset.effective_cpus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/cgroup.controllers") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 [ 63.213802][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x555586dd3650) = 5094 [pid 5094] set_robust_list(0x555586dd3660, 24) = 0 [pid 5094] chdir("./16") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5094] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file1", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5094] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5094] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5094] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5094] dup3(5, 4, 0) = 4 [pid 5094] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 63.384107][ T5094] loop0: detected capacity change from 0 to 512 [ 63.415698][ T5094] EXT4-fs (loop0): 1 truncate cleaned up [ 63.421552][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5094] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./16/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/cpuset.effective_cpus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/cgroup.controllers") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 63.599263][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x555586dd3650) = 5096 [pid 5096] set_robust_list(0x555586dd3660, 24) = 0 [pid 5096] chdir("./17") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5096] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [ 63.757261][ T5096] loop0: detected capacity change from 0 to 512 [ 63.793324][ T5096] EXT4-fs (loop0): 1 truncate cleaned up [pid 5096] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5096] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5096] dup3(5, 4, 0) = 4 [pid 5096] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5096] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5096] exit_group(0) = ? [ 63.799220][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./17/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/cpuset.effective_cpus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/cgroup.controllers") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 63.945721][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x555586dd3660, 24) = 0 [pid 5098] chdir("./18") = 0 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5098 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5098] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./file1", 0777) = 0 [ 64.160240][ T5098] loop0: detected capacity change from 0 to 512 [ 64.196587][ T5098] EXT4-fs (loop0): 1 truncate cleaned up [pid 5098] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5098] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5098] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 64.202448][ T5098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5098] dup3(5, 4, 0) = 4 [pid 5098] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5098] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./18/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/cpuset.effective_cpus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/cgroup.controllers") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 64.388756][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./18/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached , child_tidptr=0x555586dd3650) = 5100 [pid 5100] set_robust_list(0x555586dd3660, 24) = 0 [pid 5100] chdir("./19") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5100] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] close(4) = 0 [pid 5100] mkdir("./file1", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 64.706615][ T5100] loop0: detected capacity change from 0 to 512 [ 64.738298][ T5100] EXT4-fs (loop0): 1 truncate cleaned up [ 64.744157][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5100] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5100] dup3(5, 4, 0) = 4 [pid 5100] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5100] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./19/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/cpuset.effective_cpus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/cgroup.controllers") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 [ 64.910743][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586dd3650) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x555586dd3660, 24) = 0 [pid 5102] chdir("./20") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5102] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] close(4) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [ 65.128605][ T5102] loop0: detected capacity change from 0 to 512 [pid 5102] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5102] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5102] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5102] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5102] dup3(5, 4, 0) = 4 [pid 5102] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5102] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 65.171315][ T5102] EXT4-fs (loop0): 1 truncate cleaned up [ 65.176985][ T5102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./20/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/cpuset.effective_cpus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/cgroup.controllers") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 [ 65.296126][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x555586dd3650) = 5104 [pid 5104] set_robust_list(0x555586dd3660, 24) = 0 [pid 5104] chdir("./21") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5104] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] close(4) = 0 [pid 5104] mkdir("./file1", 0777) = 0 [pid 5104] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5104] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5104] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5104] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5104] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5104] dup3(5, 4, 0) = 4 [pid 5104] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5104] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 65.498468][ T5104] loop0: detected capacity change from 0 to 512 [ 65.518888][ T5104] EXT4-fs (loop0): 1 truncate cleaned up [ 65.524921][ T5104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./21/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/cpuset.effective_cpus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/cgroup.controllers") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 [ 65.679724][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x555586dd3650) = 5106 [pid 5106] set_robust_list(0x555586dd3660, 24) = 0 [pid 5106] chdir("./22") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5106] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] close(4) = 0 [pid 5106] mkdir("./file1", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5106] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5106] dup3(5, 4, 0) = 4 [pid 5106] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5106] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5106] exit_group(0) = ? [ 65.911672][ T5106] loop0: detected capacity change from 0 to 512 [ 65.939850][ T5106] EXT4-fs (loop0): 1 truncate cleaned up [ 65.945857][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./22/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/cpuset.effective_cpus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/cgroup.controllers") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 [ 66.074348][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached , child_tidptr=0x555586dd3650) = 5109 [pid 5109] set_robust_list(0x555586dd3660, 24) = 0 [pid 5109] chdir("./23") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5109] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] close(4) = 0 [pid 5109] mkdir("./file1", 0777) = 0 [pid 5109] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5109] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 66.299355][ T5109] loop0: detected capacity change from 0 to 512 [ 66.321800][ T5109] EXT4-fs (loop0): 1 truncate cleaned up [ 66.328083][ T5109] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5109] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5109] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5109] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5109] dup3(5, 4, 0) = 4 [pid 5109] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5109] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5109] exit_group(0) = ? [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./23/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/cpuset.effective_cpus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/cgroup.controllers") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 66.541491][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x555586dd3660, 24) = 0 [pid 5111] chdir("./24" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5111 [pid 5111] <... chdir resumed>) = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5111] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] close(4) = 0 [pid 5111] mkdir("./file1", 0777) = 0 [ 66.765626][ T5111] loop0: detected capacity change from 0 to 512 [ 66.804322][ T5111] EXT4-fs (loop0): 1 truncate cleaned up [pid 5111] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5111] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5111] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5111] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5111] dup3(5, 4, 0) = 4 [pid 5111] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5111] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5111] exit_group(0) = ? [ 66.810004][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./24/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/cpuset.effective_cpus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/cgroup.controllers") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 66.964444][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x555586dd3650) = 5113 [pid 5113] set_robust_list(0x555586dd3660, 24) = 0 [pid 5113] chdir("./25") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] memfd_create("syzkaller", 0) = 3 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5113] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5113] close(3) = 0 [pid 5113] close(4) = 0 [pid 5113] mkdir("./file1", 0777) = 0 [ 67.121311][ T5113] loop0: detected capacity change from 0 to 512 [ 67.154627][ T5113] EXT4-fs (loop0): 1 truncate cleaned up [pid 5113] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5113] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5113] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5113] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5113] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5113] dup3(5, 4, 0) = 4 [pid 5113] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 67.160296][ T5113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5113] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5113] exit_group(0) = ? [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./25/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/cpuset.effective_cpus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/cgroup.controllers") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 [ 67.403555][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached , child_tidptr=0x555586dd3650) = 5115 [pid 5115] set_robust_list(0x555586dd3660, 24) = 0 [pid 5115] chdir("./26") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5115] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] close(4) = 0 [pid 5115] mkdir("./file1", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5115] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5115] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5115] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 67.640000][ T5115] loop0: detected capacity change from 0 to 512 [ 67.668795][ T5115] EXT4-fs (loop0): 1 truncate cleaned up [ 67.674923][ T5115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5115] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5115] dup3(5, 4, 0) = 4 [pid 5115] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5115] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5115] exit_group(0) = ? [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./26/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/cpuset.effective_cpus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/cgroup.controllers") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 67.792377][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x555586dd3660, 24) = 0 [pid 5117] chdir("./27" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5117 [pid 5117] <... chdir resumed>) = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5117] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] close(4) = 0 [pid 5117] mkdir("./file1", 0777) = 0 [ 67.943502][ T5117] loop0: detected capacity change from 0 to 512 [ 67.980759][ T5117] EXT4-fs (loop0): 1 truncate cleaned up [pid 5117] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5117] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5117] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [ 67.986590][ T5117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5117] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5117] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5117] dup3(5, 4, 0) = 4 [pid 5117] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5117] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5117] exit_group(0) = ? [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./27/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/cpuset.effective_cpus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/cgroup.controllers") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 68.132416][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x555586dd3660, 24) = 0 [pid 5119] chdir("./28" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5119 [pid 5119] <... chdir resumed>) = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] memfd_create("syzkaller", 0) = 3 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5119] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5119] close(3) = 0 [pid 5119] close(4) = 0 [pid 5119] mkdir("./file1", 0777) = 0 [ 68.261497][ T5119] loop0: detected capacity change from 0 to 512 [ 68.294898][ T5119] EXT4-fs (loop0): 1 truncate cleaned up [pid 5119] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5119] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5119] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5119] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5119] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5119] dup3(5, 4, 0) = 4 [pid 5119] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5119] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5119] exit_group(0) = ? [pid 5119] +++ exited with 0 +++ [ 68.300664][ T5119] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./28/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/cpuset.effective_cpus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/cgroup.controllers") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 68.467870][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached , child_tidptr=0x555586dd3650) = 5121 [pid 5121] set_robust_list(0x555586dd3660, 24) = 0 [pid 5121] chdir("./29") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5121] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] close(4) = 0 [pid 5121] mkdir("./file1", 0777) = 0 [ 68.773279][ T5121] loop0: detected capacity change from 0 to 512 [ 68.813237][ T5121] EXT4-fs (loop0): 1 truncate cleaned up [pid 5121] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5121] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5121] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5121] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5121] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5121] dup3(5, 4, 0) = 4 [pid 5121] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5121] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5121] exit_group(0) = ? [ 68.818924][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./29/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/cpuset.effective_cpus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/cgroup.controllers") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 [ 68.932029][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached , child_tidptr=0x555586dd3650) = 5123 [pid 5123] set_robust_list(0x555586dd3660, 24) = 0 [pid 5123] chdir("./30") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5123] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] close(4) = 0 [pid 5123] mkdir("./file1", 0777) = 0 [ 69.157240][ T5123] loop0: detected capacity change from 0 to 512 [pid 5123] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5123] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5123] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5123] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5123] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5123] dup3(5, 4, 0) = 4 [pid 5123] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5123] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5123] exit_group(0) = ? [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.203458][ T5123] EXT4-fs (loop0): 1 truncate cleaned up [ 69.209285][ T5123] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./30/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/cpuset.effective_cpus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/cgroup.controllers") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 [ 69.363477][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586dd3650) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x555586dd3660, 24) = 0 [pid 5125] chdir("./31") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] memfd_create("syzkaller", 0) = 3 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5125] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5125] close(3) = 0 [pid 5125] close(4) = 0 [pid 5125] mkdir("./file1", 0777) = 0 [pid 5125] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5125] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5125] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5125] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 69.620111][ T5125] loop0: detected capacity change from 0 to 512 [ 69.651265][ T5125] EXT4-fs (loop0): 1 truncate cleaned up [ 69.656962][ T5125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5125] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5125] dup3(5, 4, 0) = 4 [pid 5125] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5125] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5125] exit_group(0) = ? [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./31/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/cpuset.effective_cpus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/cgroup.controllers") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 [ 69.729745][ T5058] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x555586dd3650) = 5127 [pid 5127] set_robust_list(0x555586dd3660, 24) = 0 [pid 5127] chdir("./32") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5127] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] close(4) = 0 [pid 5127] mkdir("./file1", 0777) = 0 [pid 5127] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5127] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5127] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 69.998214][ T5127] loop0: detected capacity change from 0 to 512 [ 70.036204][ T5127] EXT4-fs (loop0): 1 truncate cleaned up [pid 5127] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5127] dup3(5, 4, 0) = 4 [pid 5127] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5127] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5127] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./32/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/cpuset.effective_cpus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/cgroup.controllers") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x555586dd3650) = 5129 [pid 5129] set_robust_list(0x555586dd3660, 24) = 0 [pid 5129] chdir("./33") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5129] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] close(4) = 0 [pid 5129] mkdir("./file1", 0777) = 0 [ 70.359658][ T5129] loop0: detected capacity change from 0 to 512 [pid 5129] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5129] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5129] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5129] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5129] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5129] dup3(5, 4, 0) = 4 [pid 5129] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5129] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5129] exit_group(0) = ? [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 70.416156][ T5129] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./33/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/cpuset.effective_cpus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/cgroup.controllers") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x555586dd3660, 24) = 0 [pid 5131] chdir("./34" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5131 [pid 5131] <... chdir resumed>) = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5131] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] close(4) = 0 [pid 5131] mkdir("./file1", 0777) = 0 [pid 5131] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5131] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5131] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5131] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5131] dup3(5, 4, 0) = 4 [ 70.630373][ T5131] loop0: detected capacity change from 0 to 512 [ 70.665283][ T5131] EXT4-fs (loop0): 1 truncate cleaned up [pid 5131] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5131] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5131] exit_group(0) = ? [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./34/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/cpuset.effective_cpus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/cgroup.controllers") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x555586dd3650) = 5133 [pid 5133] set_robust_list(0x555586dd3660, 24) = 0 [pid 5133] chdir("./35") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5133] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] close(4) = 0 [pid 5133] mkdir("./file1", 0777) = 0 [ 71.058891][ T5133] loop0: detected capacity change from 0 to 512 [pid 5133] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5133] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5133] dup3(5, 4, 0) = 4 [pid 5133] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5133] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 71.104428][ T5133] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./35/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/cpuset.effective_cpus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/cgroup.controllers") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x555586dd3660, 24) = 0 [pid 5135] chdir("./36") = 0 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5135 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5135] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] close(4) = 0 [pid 5135] mkdir("./file1", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5135] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5135] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 71.416059][ T5135] loop0: detected capacity change from 0 to 512 [ 71.448466][ T5135] EXT4-fs (loop0): 1 truncate cleaned up [pid 5135] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5135] dup3(5, 4, 0) = 4 [pid 5135] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5135] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5135] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./36/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/cpuset.effective_cpus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/cgroup.controllers") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x555586dd3650) = 5137 [pid 5137] set_robust_list(0x555586dd3660, 24) = 0 [pid 5137] chdir("./37") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5137] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] close(4) = 0 [pid 5137] mkdir("./file1", 0777) = 0 [ 71.812272][ T5137] loop0: detected capacity change from 0 to 512 [pid 5137] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5137] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5137] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5137] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5137] dup3(5, 4, 0) = 4 [pid 5137] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5137] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5137] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 71.856928][ T5137] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./37/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/cpuset.effective_cpus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/cgroup.controllers") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached , child_tidptr=0x555586dd3650) = 5139 [pid 5139] set_robust_list(0x555586dd3660, 24) = 0 [pid 5139] chdir("./38") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5139] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] close(4) = 0 [pid 5139] mkdir("./file1", 0777) = 0 [ 72.207697][ T5139] loop0: detected capacity change from 0 to 512 [pid 5139] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5139] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5139] dup3(5, 4, 0) = 4 [pid 5139] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5139] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5139] exit_group(0) = ? [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.254876][ T5139] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./38/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/cpuset.effective_cpus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/cgroup.controllers") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x555586dd3660, 24) = 0 [pid 5141] chdir("./39" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5141 [pid 5141] <... chdir resumed>) = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5141] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] close(4) = 0 [pid 5141] mkdir("./file1", 0777) = 0 [ 72.560510][ T5141] loop0: detected capacity change from 0 to 512 [pid 5141] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5141] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5141] dup3(5, 4, 0) = 4 [ 72.602855][ T5141] EXT4-fs (loop0): 1 truncate cleaned up [pid 5141] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5141] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5141] exit_group(0) = ? [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./39/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/cpuset.effective_cpus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/cgroup.controllers") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x555586dd3660, 24 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5144 [pid 5144] <... set_robust_list resumed>) = 0 [pid 5144] chdir("./40") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5144] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] close(4) = 0 [pid 5144] mkdir("./file1", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5144] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5144] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5144] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 72.951353][ T5144] loop0: detected capacity change from 0 to 512 [ 72.989756][ T5144] EXT4-fs (loop0): 1 truncate cleaned up [pid 5144] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5144] dup3(5, 4, 0) = 4 [pid 5144] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5144] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5144] exit_group(0) = ? [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./40/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/cpuset.effective_cpus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/cgroup.controllers") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x555586dd3650) = 5147 [pid 5147] set_robust_list(0x555586dd3660, 24) = 0 [pid 5147] chdir("./41") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5147] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] close(4) = 0 [pid 5147] mkdir("./file1", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5147] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5147] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5147] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5147] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5147] dup3(5, 4, 0) = 4 [pid 5147] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 73.292569][ T5147] loop0: detected capacity change from 0 to 512 [ 73.326981][ T5147] EXT4-fs (loop0): 1 truncate cleaned up [pid 5147] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5147] exit_group(0) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./41/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/cpuset.effective_cpus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/cgroup.controllers") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x555586dd3650) = 5149 [pid 5149] set_robust_list(0x555586dd3660, 24) = 0 [pid 5149] chdir("./42") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5149] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] close(4) = 0 [pid 5149] mkdir("./file1", 0777) = 0 [pid 5149] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 73.710492][ T5149] loop0: detected capacity change from 0 to 512 [ 73.745010][ T5149] EXT4-fs (loop0): 1 truncate cleaned up [pid 5149] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5149] dup3(5, 4, 0) = 4 [pid 5149] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5149] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5149] exit_group(0) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./42/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/cpuset.effective_cpus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/cgroup.controllers") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x555586dd3660, 24) = 0 [pid 5151] chdir("./43") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5151 [pid 5151] <... prctl resumed>) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5151] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] close(4) = 0 [pid 5151] mkdir("./file1", 0777) = 0 [pid 5151] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5151] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5151] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5151] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5151] dup3(5, 4, 0) = 4 [ 73.940996][ T5151] loop0: detected capacity change from 0 to 512 [ 73.974185][ T5151] EXT4-fs (loop0): 1 truncate cleaned up [pid 5151] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5151] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5151] exit_group(0) = ? [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./43/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/cpuset.effective_cpus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/cgroup.controllers") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x555586dd3660, 24) = 0 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5153 [pid 5153] chdir("./44") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5153] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] close(4) = 0 [pid 5153] mkdir("./file1", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5153] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5153] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5153] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5153] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5153] dup3(5, 4, 0) = 4 [ 74.270479][ T5153] loop0: detected capacity change from 0 to 512 [ 74.306989][ T5153] EXT4-fs (loop0): 1 truncate cleaned up [pid 5153] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5153] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5153] exit_group(0) = ? [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./44/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/cpuset.effective_cpus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/cgroup.controllers") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x555586dd3650) = 5155 [pid 5155] set_robust_list(0x555586dd3660, 24) = 0 [pid 5155] chdir("./45") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5155] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] close(4) = 0 [pid 5155] mkdir("./file1", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5155] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5155] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5155] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5155] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5155] dup3(5, 4, 0) = 4 [pid 5155] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5155] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5155] exit_group(0) = ? [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./45/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/cpuset.effective_cpus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.668366][ T5155] loop0: detected capacity change from 0 to 512 [ 74.695291][ T5155] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/cgroup.controllers") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached [pid 5157] set_robust_list(0x555586dd3660, 24) = 0 [pid 5157] chdir("./46" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5157 [pid 5157] <... chdir resumed>) = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5157] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] close(4) = 0 [pid 5157] mkdir("./file1", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5157] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5157] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5157] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5157] dup3(5, 4, 0) = 4 [ 74.932285][ T5157] loop0: detected capacity change from 0 to 512 [ 74.964107][ T5157] EXT4-fs (loop0): 1 truncate cleaned up [pid 5157] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5157] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5157] exit_group(0) = ? [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./46/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/cpuset.effective_cpus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/cgroup.controllers") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x555586dd3660, 24) = 0 [pid 5159] chdir("./47") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5159 [pid 5159] <... prctl resumed>) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5159] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] close(4) = 0 [pid 5159] mkdir("./file1", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5159] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5159] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5159] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5159] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5159] dup3(5, 4, 0) = 4 [pid 5159] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5159] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5159] exit_group(0) = ? [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.344601][ T5159] loop0: detected capacity change from 0 to 512 [ 75.384011][ T5159] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./47/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/cpuset.effective_cpus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/cgroup.controllers") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x555586dd3650) = 5162 [pid 5162] set_robust_list(0x555586dd3660, 24) = 0 [pid 5162] chdir("./48") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5162] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] close(4) = 0 [pid 5162] mkdir("./file1", 0777) = 0 [ 75.772203][ T5162] loop0: detected capacity change from 0 to 512 [pid 5162] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5162] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5162] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5162] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5162] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5162] dup3(5, 4, 0) = 4 [ 75.819114][ T5162] EXT4-fs (loop0): 1 truncate cleaned up [pid 5162] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5162] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5162] exit_group(0) = ? [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./48/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/cpuset.effective_cpus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/cgroup.controllers") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x555586dd3650) = 5164 [pid 5164] set_robust_list(0x555586dd3660, 24) = 0 [pid 5164] chdir("./49") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5164] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] close(4) = 0 [pid 5164] mkdir("./file1", 0777) = 0 [ 76.329165][ T5164] loop0: detected capacity change from 0 to 512 [pid 5164] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5164] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5164] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5164] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5164] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5164] dup3(5, 4, 0) = 4 [pid 5164] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5164] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5164] exit_group(0) = ? [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 76.369358][ T5164] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./49/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/cpuset.effective_cpus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/cgroup.controllers") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x555586dd3660, 24) = 0 [pid 5166] chdir("./50" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5166 [pid 5166] <... chdir resumed>) = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5166] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] close(4) = 0 [pid 5166] mkdir("./file1", 0777) = 0 [pid 5166] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5166] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5166] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5166] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5166] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5166] dup3(5, 4, 0) = 4 [pid 5166] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5166] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5166] exit_group(0) = ? [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 76.741685][ T5166] loop0: detected capacity change from 0 to 512 [ 76.770448][ T5166] EXT4-fs (loop0): 1 truncate cleaned up umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./50/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/cpuset.effective_cpus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/cgroup.controllers") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 76.912584][ T926] cfg80211: failed to load regulatory.db newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x555586dd3660, 24) = 0 [pid 5168] chdir("./51" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5168 [pid 5168] <... chdir resumed>) = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5168] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] close(4) = 0 [pid 5168] mkdir("./file1", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5168] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5168] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [ 77.214766][ T5168] loop0: detected capacity change from 0 to 512 [ 77.250391][ T5168] EXT4-fs (loop0): 1 truncate cleaned up [pid 5168] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5168] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5168] dup3(5, 4, 0) = 4 [pid 5168] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5168] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5168] exit_group(0) = ? [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./51/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/cpuset.effective_cpus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/cgroup.controllers") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached , child_tidptr=0x555586dd3650) = 5171 [pid 5171] set_robust_list(0x555586dd3660, 24) = 0 [pid 5171] chdir("./52") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5171] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] close(4) = 0 [pid 5171] mkdir("./file1", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5171] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5171] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5171] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5171] dup3(5, 4, 0) = 4 [pid 5171] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5171] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5171] exit_group(0) = ? [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./52/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/cpuset.effective_cpus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/cgroup.controllers") = 0 [ 77.618648][ T5171] loop0: detected capacity change from 0 to 512 [ 77.646029][ T5171] EXT4-fs (loop0): 1 truncate cleaned up umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x555586dd3660, 24) = 0 [pid 5174] chdir("./53" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5174 [pid 5174] <... chdir resumed>) = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5174] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] close(4) = 0 [pid 5174] mkdir("./file1", 0777) = 0 [ 77.818913][ T5174] loop0: detected capacity change from 0 to 512 [pid 5174] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5174] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5174] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5174] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5174] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5174] dup3(5, 4, 0) = 4 [pid 5174] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5174] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5174] exit_group(0) = ? [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 77.859463][ T5174] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./53/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/cpuset.effective_cpus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/cgroup.controllers") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x555586dd3660, 24) = 0 [pid 5176] chdir("./54" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5176 [pid 5176] <... chdir resumed>) = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5176] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] close(4) = 0 [pid 5176] mkdir("./file1", 0777) = 0 [pid 5176] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5176] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5176] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5176] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 78.141353][ T5176] loop0: detected capacity change from 0 to 512 [ 78.175576][ T5176] EXT4-fs (loop0): 1 truncate cleaned up [pid 5176] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5176] dup3(5, 4, 0) = 4 [pid 5176] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5176] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5176] exit_group(0) = ? [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./54/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/cpuset.effective_cpus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/cgroup.controllers") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x555586dd3660, 24) = 0 [pid 5178] chdir("./55" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5178 [pid 5178] <... chdir resumed>) = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5178] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] close(4) = 0 [pid 5178] mkdir("./file1", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5178] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5178] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5178] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5178] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5178] dup3(5, 4, 0) = 4 [pid 5178] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5178] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5178] exit_group(0) = ? [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./55/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/cpuset.effective_cpus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/cgroup.controllers") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 78.511830][ T5178] loop0: detected capacity change from 0 to 512 [ 78.542981][ T5178] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./55/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5180 attached , child_tidptr=0x555586dd3650) = 5180 [pid 5180] set_robust_list(0x555586dd3660, 24) = 0 [pid 5180] chdir("./56") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] memfd_create("syzkaller", 0) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5180] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] close(4) = 0 [pid 5180] mkdir("./file1", 0777) = 0 [pid 5180] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5180] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5180] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5180] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5180] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5180] dup3(5, 4, 0) = 4 [pid 5180] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5180] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [ 78.700771][ T5180] loop0: detected capacity change from 0 to 512 [ 78.734638][ T5180] EXT4-fs (loop0): 1 truncate cleaned up [pid 5180] exit_group(0) = ? [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./56/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/cpuset.effective_cpus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/cgroup.controllers") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5182 attached , child_tidptr=0x555586dd3650) = 5182 [pid 5182] set_robust_list(0x555586dd3660, 24) = 0 [pid 5182] chdir("./57") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] memfd_create("syzkaller", 0) = 3 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5182] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5182] close(3) = 0 [pid 5182] close(4) = 0 [pid 5182] mkdir("./file1", 0777) = 0 [pid 5182] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5182] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5182] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5182] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5182] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5182] dup3(5, 4, 0) = 4 [pid 5182] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5182] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5182] exit_group(0) = ? [ 79.079684][ T5182] loop0: detected capacity change from 0 to 512 [ 79.107947][ T5182] EXT4-fs (loop0): 1 truncate cleaned up [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./57/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/cpuset.effective_cpus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/cgroup.controllers") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x555586dd3650) = 5184 [pid 5184] set_robust_list(0x555586dd3660, 24) = 0 [pid 5184] chdir("./58") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5184] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./file1", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5184] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5184] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5184] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5184] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5184] dup3(5, 4, 0) = 4 [pid 5184] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5184] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5184] exit_group(0) = ? [ 79.462379][ T5184] loop0: detected capacity change from 0 to 512 [ 79.498119][ T5184] EXT4-fs (loop0): 1 truncate cleaned up [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./58/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/cpuset.effective_cpus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/cgroup.controllers") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586dd3650) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x555586dd3660, 24) = 0 [pid 5186] chdir("./59") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5186] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] close(4) = 0 [pid 5186] mkdir("./file1", 0777) = 0 [ 79.874928][ T5186] loop0: detected capacity change from 0 to 512 [pid 5186] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5186] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5186] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5186] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5186] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5186] dup3(5, 4, 0) = 4 [pid 5186] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5186] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5186] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 79.926302][ T5186] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./59/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/cpuset.effective_cpus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/cgroup.controllers") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x555586dd3660, 24) = 0 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5188 [pid 5188] chdir("./60") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5188] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] close(4) = 0 [pid 5188] mkdir("./file1", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5188] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5188] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5188] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5188] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5188] dup3(5, 4, 0) = 4 [pid 5188] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5188] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5188] exit_group(0) = ? [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 80.231706][ T5188] loop0: detected capacity change from 0 to 512 [ 80.254244][ T5188] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./60/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/cpuset.effective_cpus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/cgroup.controllers") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached , child_tidptr=0x555586dd3650) = 5190 [pid 5190] set_robust_list(0x555586dd3660, 24) = 0 [pid 5190] chdir("./61") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5190] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] close(4) = 0 [pid 5190] mkdir("./file1", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5190] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5190] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5190] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5190] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5190] dup3(5, 4, 0) = 4 [pid 5190] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5190] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5190] exit_group(0) = ? [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 80.637624][ T5190] loop0: detected capacity change from 0 to 512 [ 80.676799][ T5190] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./61/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/cpuset.effective_cpus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/cgroup.controllers") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x555586dd3650) = 5192 [pid 5192] set_robust_list(0x555586dd3660, 24) = 0 [pid 5192] chdir("./62") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5192] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] close(4) = 0 [pid 5192] mkdir("./file1", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5192] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5192] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5192] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5192] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5192] dup3(5, 4, 0) = 4 [pid 5192] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5192] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5192] exit_group(0) = ? [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 81.229526][ T5192] loop0: detected capacity change from 0 to 512 [ 81.262127][ T5192] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./62/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/cpuset.effective_cpus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/cgroup.controllers") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x555586dd3660, 24) = 0 [pid 5194] chdir("./63") = 0 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5194 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] memfd_create("syzkaller", 0) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5194] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] close(4) = 0 [pid 5194] mkdir("./file1", 0777) = 0 [pid 5194] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5194] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5194] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5194] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5194] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5194] dup3(5, 4, 0) = 4 [pid 5194] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5194] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5194] exit_group(0) = ? [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 81.581103][ T5194] loop0: detected capacity change from 0 to 512 [ 81.613063][ T5194] EXT4-fs (loop0): 1 truncate cleaned up umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./63/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/cpuset.effective_cpus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/cgroup.controllers") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached , child_tidptr=0x555586dd3650) = 5196 [pid 5196] set_robust_list(0x555586dd3660, 24) = 0 [pid 5196] chdir("./64") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5196] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] close(4) = 0 [pid 5196] mkdir("./file1", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5196] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5196] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5196] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5196] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5196] dup3(5, 4, 0) = 4 [pid 5196] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5196] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5196] exit_group(0) = ? [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 81.910218][ T5196] loop0: detected capacity change from 0 to 512 [ 81.943799][ T5196] EXT4-fs (loop0): 1 truncate cleaned up umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./64/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/cpuset.effective_cpus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/cgroup.controllers") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5198 attached , child_tidptr=0x555586dd3650) = 5198 [pid 5198] set_robust_list(0x555586dd3660, 24) = 0 [pid 5198] chdir("./65") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] memfd_create("syzkaller", 0) = 3 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5198] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] close(4) = 0 [pid 5198] mkdir("./file1", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5198] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5198] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5198] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5198] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5198] dup3(5, 4, 0) = 4 [pid 5198] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5198] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5198] exit_group(0) = ? [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 82.283318][ T5198] loop0: detected capacity change from 0 to 512 [ 82.315477][ T5198] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./65/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/cpuset.effective_cpus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/cgroup.controllers") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x555586dd3660, 24) = 0 [pid 5200] chdir("./66" [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5200 [pid 5200] <... chdir resumed>) = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5200] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] close(4) = 0 [pid 5200] mkdir("./file1", 0777) = 0 [ 82.671056][ T5200] loop0: detected capacity change from 0 to 512 [pid 5200] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5200] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5200] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5200] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5200] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5200] dup3(5, 4, 0) = 4 [pid 5200] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5200] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5200] exit_group(0) = ? [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.712779][ T5200] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./66/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/cpuset.effective_cpus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/cgroup.controllers") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached , child_tidptr=0x555586dd3650) = 5202 [pid 5202] set_robust_list(0x555586dd3660, 24) = 0 [pid 5202] chdir("./67") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5202] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] close(4) = 0 [pid 5202] mkdir("./file1", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5202] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5202] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5202] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5202] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5202] dup3(5, 4, 0) = 4 [pid 5202] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5202] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [ 83.111183][ T5202] loop0: detected capacity change from 0 to 512 [ 83.144162][ T5202] EXT4-fs (loop0): 1 truncate cleaned up [pid 5202] exit_group(0) = ? [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./67/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/cpuset.effective_cpus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/cgroup.controllers") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x555586dd3650) = 5204 [pid 5204] set_robust_list(0x555586dd3660, 24) = 0 [pid 5204] chdir("./68") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] memfd_create("syzkaller", 0) = 3 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5204] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5204] close(3) = 0 [pid 5204] close(4) = 0 [pid 5204] mkdir("./file1", 0777) = 0 [ 83.491201][ T5204] loop0: detected capacity change from 0 to 512 [pid 5204] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5204] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5204] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5204] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5204] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5204] dup3(5, 4, 0) = 4 [pid 5204] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5204] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5204] exit_group(0) = ? [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./68/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/cpuset.effective_cpus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/cgroup.controllers") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 [ 83.542019][ T5204] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586dd3650) = 5206 ./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x555586dd3660, 24) = 0 [pid 5206] chdir("./69") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5206] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5206] close(3) = 0 [pid 5206] close(4) = 0 [pid 5206] mkdir("./file1", 0777) = 0 [ 83.781745][ T5206] loop0: detected capacity change from 0 to 512 [pid 5206] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5206] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5206] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5206] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5206] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5206] dup3(5, 4, 0) = 4 [pid 5206] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5206] ioctl(4, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x200000c0) = -1 EINVAL (Invalid argument) [pid 5206] exit_group(0) = ? [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 83.822005][ T5206] EXT4-fs (loop0): 1 truncate cleaned up umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586dd46f0 /* 6 entries */, 32768) = 200 umount2("./69/cpuset.effective_cpus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/cpuset.effective_cpus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/cgroup.controllers", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/cgroup.controllers") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ddc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586ddc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x555586dd46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x555586dd3660, 24) = 0 [pid 5208] chdir("./70") = 0 [pid 5058] <... clone resumed>, child_tidptr=0x555586dd3650) = 5208 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6f9a00000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5208] munmap(0x7fc6f9a00000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] close(4) = 0 [pid 5208] mkdir("./file1", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,block_validity,debug_want_extra_isize=0x0000000000000066,nom"...) = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5208] setxattr("./file1", "user.incfs.metadata", "\x16\xee\x88\x96\x15\xe6\x28\xb8\x96\x49\x82\x30\xe9\x0f\xc5\x74\x7a\x4f\x11\xd8\x0e\x12\xbe\xcf\x22\xb8\xec\x25\xf3\xb5\x8f\x75\x09\x5f\xed\x7e\x65\x03\x75\x77\x17\x83\x36\x71\x5f\xb4\x5e\x6b\x4e\xd7\x1a\xc2\xb2\x7c\x2e\x36\xbc\x83\x6b\x70\xf3\xf6\x50\xc4\xfd\x27\xe6\xf4\xbf\x38\xd0\xc8\xbe\x32\xe2\x8f\xb5\x49\x6a\x9a\x31\xa6\xcc\x5f\x7b\x50\x1f\xce\x16\xaa\x4f\x67\x08\x57\x9f\xc8\x60\xf5\x79\xf7"..., 897, 0) = 0 [pid 5208] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5208] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5208] dup3(5, 4, 0) = 4 [pid 5208] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 84.171958][ T5208] loop0: detected capacity change from 0 to 512 [ 84.209920][ T5208] EXT4-fs (loop0): 1 truncate cleaned up [ 84.224429][ T5208] ------------[ cut here ]------------ [ 84.229926][ T5208] Looking for class "&ei->i_data_sem" with key init_once.__key.789, but found a different class "&ei->i_data_sem" with the same key [ 84.244126][ T5208] WARNING: CPU: 1 PID: 5208 at kernel/locking/lockdep.c:935 look_up_lock_class+0xdc/0x160 [ 84.254040][ T5208] Modules linked in: [ 84.257945][ T5208] CPU: 1 PID: 5208 Comm: syz-executor243 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 84.268008][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 84.278064][ T5208] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 84.283787][ T5208] Code: 01 0f 85 80 00 00 00 c6 05 9a 11 05 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 80 e2 aa 8b e8 65 2f ec f5 90 <0f> 0b 90 90 eb 57 90 e8 18 dd 2d f9 48 c7 c7 c0 e1 aa 8b 89 de e8 [ 84.303386][ T5208] RSP: 0018:ffffc900044673f0 EFLAGS: 00010046 [ 84.309448][ T5208] RAX: 2004fb2f20de5b00 RBX: ffffffff929e3730 RCX: ffff888020ed1e00 [ 84.317409][ T5208] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.325371][ T5208] RBP: ffffc90004467500 R08: ffffffff8157cb22 R09: 1ffff110172a51a2 [ 84.333390][ T5208] R10: dffffc0000000000 R11: ffffed10172a51a3 R12: ffff88807e6e2088 [ 84.341440][ T5208] R13: ffff88807e6e2088 R14: ffff88807e6e2088 R15: ffffffff945d4bc1 [ 84.349415][ T5208] FS: 0000555586dd3380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 84.358440][ T5208] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.365033][ T5208] CR2: 00007fc701fd0120 CR3: 000000001f224000 CR4: 00000000003506f0 [ 84.373004][ T5208] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 84.380966][ T5208] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 84.388923][ T5208] Call Trace: [ 84.392196][ T5208] [ 84.395120][ T5208] ? __warn+0x163/0x4b0 [ 84.399271][ T5208] ? look_up_lock_class+0xdc/0x160 [ 84.404378][ T5208] ? report_bug+0x2b3/0x500 [ 84.408872][ T5208] ? look_up_lock_class+0xdc/0x160 [ 84.414003][ T5208] ? handle_bug+0x3e/0x70 [ 84.418321][ T5208] ? exc_invalid_op+0x1a/0x50 [ 84.423078][ T5208] ? asm_exc_invalid_op+0x1a/0x20 [ 84.428097][ T5208] ? __warn_printk+0x292/0x360 [ 84.433378][ T5208] ? look_up_lock_class+0xdc/0x160 [ 84.438581][ T5208] register_lock_class+0x102/0x980 [ 84.443705][ T5208] ? __pfx_validate_chain+0x10/0x10 [ 84.448929][ T5208] ? __pfx_register_lock_class+0x10/0x10 [ 84.454563][ T5208] __lock_acquire+0xda/0x1fd0 [ 84.459237][ T5208] lock_acquire+0x1e4/0x530 [ 84.463745][ T5208] ? ext4_move_extents+0x39d/0xec0 [ 84.468866][ T5208] ? __pfx_lock_acquire+0x10/0x10 [ 84.474072][ T5208] ? __pfx___might_resched+0x10/0x10 [ 84.479347][ T5208] ? __down_write_common+0x162/0x200 [ 84.484642][ T5208] ? __pfx_inode_dio_wait+0x10/0x10 [ 84.489849][ T5208] ? __pfx___down_write_common+0x10/0x10 [ 84.495492][ T5208] ? __pfx___down_write_common+0x10/0x10 [ 84.501152][ T5208] down_write_nested+0x3d/0x50 [ 84.505906][ T5208] ? ext4_move_extents+0x39d/0xec0 [ 84.511020][ T5208] ext4_move_extents+0x39d/0xec0 [ 84.515957][ T5208] ? rcu_read_lock_any_held+0xb7/0x160 [ 84.521406][ T5208] ? __pfx_ext4_move_extents+0x10/0x10 [ 84.526952][ T5208] ext4_ioctl+0x349a/0x5540 [ 84.531450][ T5208] ? kasan_save_track+0x3f/0x80 [ 84.536379][ T5208] ? kasan_save_free_info+0x40/0x50 [ 84.541587][ T5208] ? security_file_ioctl+0x75/0xb0 [ 84.546725][ T5208] ? do_vfs_ioctl+0x1e77/0x2e50 [ 84.551594][ T5208] ? __pfx_ext4_ioctl+0x10/0x10 [ 84.556444][ T5208] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 84.561476][ T5208] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 84.567801][ T5208] ? tomoyo_path_number_perm+0x208/0x880 [ 84.573517][ T5208] ? __pfx_lock_release+0x10/0x10 [ 84.578547][ T5208] ? kfree+0x14a/0x380 [ 84.582608][ T5208] ? tomoyo_path_number_perm+0x71a/0x880 [ 84.588245][ T5208] ? tomoyo_path_number_perm+0x208/0x880 [ 84.593872][ T5208] ? smack_log+0x123/0x540 [ 84.598297][ T5208] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 84.604286][ T5208] ? __pfx_smack_log+0x10/0x10 [ 84.609047][ T5208] ? smk_access+0x4ab/0x4e0 [ 84.613647][ T5208] ? smk_tskacc+0x300/0x370 [ 84.618145][ T5208] ? smack_file_ioctl+0x2fa/0x3a0 [ 84.623177][ T5208] ? __pfx_smack_file_ioctl+0x10/0x10 [ 84.628547][ T5208] ? __pfx_ptrace_notify+0x10/0x10 [ 84.633659][ T5208] ? bpf_lsm_file_ioctl+0x9/0x10 [ 84.638590][ T5208] ? security_file_ioctl+0x87/0xb0 [ 84.643692][ T5208] ? __pfx_ext4_ioctl+0x10/0x10 [ 84.648537][ T5208] __se_sys_ioctl+0xfc/0x170 [ 84.653132][ T5208] do_syscall_64+0xfb/0x240 [ 84.657625][ T5208] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 84.663510][ T5208] RIP: 0033:0x7fc701f582a9 [ 84.667921][ T5208] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.687526][ T5208] RSP: 002b:00007ffee88d6288 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.695940][ T5208] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fc701f582a9 [ 84.703902][ T5208] RDX: 00000000200000c0 RSI: 00000000c028660f RDI: 0000000000000004 [ 84.711863][ T5208] RBP: 0000000000000000 R08: 00007ffee88d62c0 R09: 00007ffee88d62c0 [ 84.719827][ T5208] R10: 00007ffee88d62c0 R11: 0000000000000246 R12: 00007ffee88d62ac [ 84.727799][ T5208] R13: 0000000000000046 R14: 431bde82d7b634db R15: 00007ffee88d62e0 [ 84.735765][ T5208] [ 84.738773][ T5208] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 84.746041][ T5208] CPU: 1 PID: 5208 Comm: syz-executor243 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 84.756092][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 84.766228][ T5208] Call Trace: [ 84.769531][ T5208] [ 84.772450][ T5208] dump_stack_lvl+0x241/0x360 [ 84.777470][ T5208] ? __pfx_dump_stack_lvl+0x10/0x10 [ 84.782659][ T5208] ? __pfx__printk+0x10/0x10 [ 84.787244][ T5208] ? _printk+0xd5/0x120 [ 84.791393][ T5208] ? vscnprintf+0x5d/0x90 [ 84.795718][ T5208] panic+0x349/0x860 [ 84.799608][ T5208] ? __warn+0x172/0x4b0 [ 84.803755][ T5208] ? __pfx_panic+0x10/0x10 [ 84.808161][ T5208] ? show_trace_log_lvl+0x4e6/0x520 [ 84.813361][ T5208] __warn+0x31e/0x4b0 [ 84.817335][ T5208] ? look_up_lock_class+0xdc/0x160 [ 84.822617][ T5208] report_bug+0x2b3/0x500 [ 84.826949][ T5208] ? look_up_lock_class+0xdc/0x160 [ 84.832063][ T5208] handle_bug+0x3e/0x70 [ 84.836205][ T5208] exc_invalid_op+0x1a/0x50 [ 84.840697][ T5208] asm_exc_invalid_op+0x1a/0x20 [ 84.845625][ T5208] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 84.851344][ T5208] Code: 01 0f 85 80 00 00 00 c6 05 9a 11 05 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 80 e2 aa 8b e8 65 2f ec f5 90 <0f> 0b 90 90 eb 57 90 e8 18 dd 2d f9 48 c7 c7 c0 e1 aa 8b 89 de e8 [ 84.870938][ T5208] RSP: 0018:ffffc900044673f0 EFLAGS: 00010046 [ 84.876994][ T5208] RAX: 2004fb2f20de5b00 RBX: ffffffff929e3730 RCX: ffff888020ed1e00 [ 84.884955][ T5208] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.892981][ T5208] RBP: ffffc90004467500 R08: ffffffff8157cb22 R09: 1ffff110172a51a2 [ 84.901304][ T5208] R10: dffffc0000000000 R11: ffffed10172a51a3 R12: ffff88807e6e2088 [ 84.909355][ T5208] R13: ffff88807e6e2088 R14: ffff88807e6e2088 R15: ffffffff945d4bc1 [ 84.917321][ T5208] ? __warn_printk+0x292/0x360 [ 84.922086][ T5208] register_lock_class+0x102/0x980 [ 84.927202][ T5208] ? __pfx_validate_chain+0x10/0x10 [ 84.932393][ T5208] ? __pfx_register_lock_class+0x10/0x10 [ 84.938019][ T5208] __lock_acquire+0xda/0x1fd0 [ 84.942706][ T5208] lock_acquire+0x1e4/0x530 [ 84.947196][ T5208] ? ext4_move_extents+0x39d/0xec0 [ 84.952407][ T5208] ? __pfx_lock_acquire+0x10/0x10 [ 84.957422][ T5208] ? __pfx___might_resched+0x10/0x10 [ 84.962722][ T5208] ? __down_write_common+0x162/0x200 [ 84.968028][ T5208] ? __pfx_inode_dio_wait+0x10/0x10 [ 84.973221][ T5208] ? __pfx___down_write_common+0x10/0x10 [ 84.978846][ T5208] ? __pfx___down_write_common+0x10/0x10 [ 84.984474][ T5208] down_write_nested+0x3d/0x50 [ 84.989330][ T5208] ? ext4_move_extents+0x39d/0xec0 [ 84.994435][ T5208] ext4_move_extents+0x39d/0xec0 [ 84.999404][ T5208] ? rcu_read_lock_any_held+0xb7/0x160 [ 85.004943][ T5208] ? __pfx_ext4_move_extents+0x10/0x10 [ 85.010421][ T5208] ext4_ioctl+0x349a/0x5540 [ 85.015000][ T5208] ? kasan_save_track+0x3f/0x80 [ 85.019859][ T5208] ? kasan_save_free_info+0x40/0x50 [ 85.025396][ T5208] ? security_file_ioctl+0x75/0xb0 [ 85.030502][ T5208] ? do_vfs_ioctl+0x1e77/0x2e50 [ 85.035347][ T5208] ? __pfx_ext4_ioctl+0x10/0x10 [ 85.040377][ T5208] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 85.045394][ T5208] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 85.051711][ T5208] ? tomoyo_path_number_perm+0x208/0x880 [ 85.057343][ T5208] ? __pfx_lock_release+0x10/0x10 [ 85.062477][ T5208] ? kfree+0x14a/0x380 [ 85.066545][ T5208] ? tomoyo_path_number_perm+0x71a/0x880 [ 85.072176][ T5208] ? tomoyo_path_number_perm+0x208/0x880 [ 85.077804][ T5208] ? smack_log+0x123/0x540 [ 85.082216][ T5208] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.088218][ T5208] ? __pfx_smack_log+0x10/0x10 [ 85.092978][ T5208] ? smk_access+0x4ab/0x4e0 [ 85.097478][ T5208] ? smk_tskacc+0x300/0x370 [ 85.102066][ T5208] ? smack_file_ioctl+0x2fa/0x3a0 [ 85.107103][ T5208] ? __pfx_smack_file_ioctl+0x10/0x10 [ 85.112473][ T5208] ? __pfx_ptrace_notify+0x10/0x10 [ 85.117591][ T5208] ? bpf_lsm_file_ioctl+0x9/0x10 [ 85.122519][ T5208] ? security_file_ioctl+0x87/0xb0 [ 85.127627][ T5208] ? __pfx_ext4_ioctl+0x10/0x10 [ 85.132492][ T5208] __se_sys_ioctl+0xfc/0x170 [ 85.137276][ T5208] do_syscall_64+0xfb/0x240 [ 85.141778][ T5208] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 85.147665][ T5208] RIP: 0033:0x7fc701f582a9 [ 85.152118][ T5208] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 85.171803][ T5208] RSP: 002b:00007ffee88d6288 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.180210][ T5208] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fc701f582a9 [ 85.188215][ T5208] RDX: 00000000200000c0 RSI: 00000000c028660f RDI: 0000000000000004 [ 85.196210][ T5208] RBP: 0000000000000000 R08: 00007ffee88d62c0 R09: 00007ffee88d62c0 [ 85.204264][ T5208] R10: 00007ffee88d62c0 R11: 0000000000000246 R12: 00007ffee88d62ac [ 85.212228][ T5208] R13: 0000000000000046 R14: 431bde82d7b634db R15: 00007ffee88d62e0 [ 85.220198][ T5208] [ 85.223470][ T5208] Kernel Offset: disabled [ 85.227800][ T5208] Rebooting in 86400 seconds..