./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor726774060 <...> Warning: Permanently added '10.128.15.192' (ED25519) to the list of known hosts. execve("./syz-executor726774060", ["./syz-executor726774060"], 0x7ffe2b55ed00 /* 10 vars */) = 0 brk(NULL) = 0x5555563c1000 brk(0x5555563c1d00) = 0x5555563c1d00 arch_prctl(ARCH_SET_FS, 0x5555563c1380) = 0 set_tid_address(0x5555563c1650) = 5059 set_robust_list(0x5555563c1660, 24) = 0 rseq(0x5555563c1ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor726774060", 4096) = 27 getrandom("\x3f\xc5\x85\xf5\xbc\x3b\xa9\x0b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555563c1d00 brk(0x5555563e2d00) = 0x5555563e2d00 brk(0x5555563e3000) = 0x5555563e3000 mprotect(0x7f2297658000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.VlLzbX", 0700) = 0 chmod("./syzkaller.VlLzbX", 0777) = 0 chdir("./syzkaller.VlLzbX") = 0 [ 75.557962][ T27] audit: type=1400 audit(1702318995.326:83): avc: denied { execmem } for pid=5059 comm="syz-executor726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563c1650) = 5060 ./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x5555563c1660, 24) = 0 [pid 5060] chdir("./0") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [ 75.604911][ T27] audit: type=1400 audit(1702318995.376:84): avc: denied { read write } for pid=5059 comm="syz-executor726" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.629620][ T27] audit: type=1400 audit(1702318995.376:85): avc: denied { open } for pid=5059 comm="syz-executor726" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5060] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 75.654002][ T27] audit: type=1400 audit(1702318995.376:86): avc: denied { ioctl } for pid=5059 comm="syz-executor726" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file1", 0777) = 0 [ 75.701219][ T5060] loop0: detected capacity change from 0 to 512 [ 75.716000][ T27] audit: type=1400 audit(1702318995.486:87): avc: denied { mounton } for pid=5060 comm="syz-executor726" path="/root/syzkaller.VlLzbX/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 5060] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file1") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [ 75.719438][ T5060] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 75.759411][ T5060] EXT4-fs (loop0): 1 truncate cleaned up [ 75.765373][ T5060] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.778803][ T27] audit: type=1400 audit(1702318995.556:88): avc: denied { mount } for pid=5060 comm="syz-executor726" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5060] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 75.818502][ T27] audit: type=1400 audit(1702318995.586:89): avc: denied { setattr } for pid=5060 comm="syz-executor726" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 75.843865][ T27] audit: type=1400 audit(1702318995.616:90): avc: denied { write } for pid=5060 comm="syz-executor726" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [pid 5060] creat("./file1", 000) = 4 [pid 5060] exit_group(0) = ? [pid 5060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 [ 75.866342][ T27] audit: type=1400 audit(1702318995.616:91): avc: denied { open } for pid=5060 comm="syz-executor726" path="/root/syzkaller.VlLzbX/0/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.952831][ T27] audit: type=1400 audit(1702318995.726:92): avc: denied { unmount } for pid=5059 comm="syz-executor726" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 75.976323][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached , child_tidptr=0x5555563c1650) = 5064 [pid 5064] set_robust_list(0x5555563c1660, 24) = 0 [pid 5064] chdir("./1") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5064] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file1", 0777) = 0 [pid 5064] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5064] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file1") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [ 76.285996][ T5064] loop0: detected capacity change from 0 to 512 [ 76.296123][ T5064] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 76.311623][ T5064] EXT4-fs (loop0): 1 truncate cleaned up [ 76.317265][ T5064] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5064] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5064] creat("./file1", 000) = 4 [pid 5064] exit_group(0) = ? [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 76.479658][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x5555563c1650) = 5066 [pid 5066] set_robust_list(0x5555563c1660, 24) = 0 [pid 5066] chdir("./2") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] memfd_create("syzkaller", 0) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5066] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./file1", 0777) = 0 [ 76.741859][ T5066] loop0: detected capacity change from 0 to 512 [ 76.761780][ T5066] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 76.777324][ T5066] EXT4-fs (loop0): 1 truncate cleaned up [pid 5066] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./file1") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [ 76.783043][ T5066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5066] close(4) = 0 [pid 5066] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5066] creat("./file1", 000) = 4 [pid 5066] exit_group(0) = ? [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 [ 76.918870][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x5555563c1660, 24) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5068 [pid 5068] chdir("./3") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5068] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./file1", 0777) = 0 [ 77.071492][ T5068] loop0: detected capacity change from 0 to 512 [ 77.096124][ T5068] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 77.111642][ T5068] EXT4-fs (loop0): 1 truncate cleaned up [pid 5068] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5068] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] chdir("./file1") = 0 [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] close(4) = 0 [pid 5068] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5068] creat("./file1", 000) = 4 [pid 5068] exit_group(0) = ? [ 77.117283][ T5068] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 77.253101][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached , child_tidptr=0x5555563c1650) = 5070 [pid 5070] set_robust_list(0x5555563c1660, 24) = 0 [pid 5070] chdir("./4") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5070] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file1", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file1") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5070] creat("./file1", 000) = 4 [ 77.465363][ T5070] loop0: detected capacity change from 0 to 512 [ 77.475283][ T5070] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 77.490963][ T5070] EXT4-fs (loop0): 1 truncate cleaned up [ 77.496623][ T5070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5070] exit_group(0) = ? [pid 5070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.678740][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x5555563c1650) = 5072 [pid 5072] set_robust_list(0x5555563c1660, 24) = 0 [pid 5072] chdir("./5") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] memfd_create("syzkaller", 0) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5072] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5072] close(3) = 0 [pid 5072] mkdir("./file1", 0777) = 0 [ 77.866823][ T5072] loop0: detected capacity change from 0 to 512 [ 77.902487][ T5072] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5072] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5072] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file1") = 0 [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 77.918899][ T5072] EXT4-fs (loop0): 1 truncate cleaned up [ 77.924610][ T5072] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5072] creat("./file1", 000) = 4 [pid 5072] exit_group(0) = ? [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 78.071956][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./5/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x5555563c1650) = 5074 [pid 5074] set_robust_list(0x5555563c1660, 24) = 0 [pid 5074] chdir("./6") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5074] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file1", 0777) = 0 [ 78.294235][ T5074] loop0: detected capacity change from 0 to 512 [ 78.318176][ T5074] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.333952][ T5074] EXT4-fs (loop0): 1 truncate cleaned up [pid 5074] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5074] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file1") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5074] creat("./file1", 000) = 4 [ 78.339609][ T5074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 [ 78.471147][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x5555563c1650) = 5076 [pid 5076] set_robust_list(0x5555563c1660, 24) = 0 [pid 5076] chdir("./7") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5076] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file1", 0777) = 0 [ 78.613357][ T5076] loop0: detected capacity change from 0 to 512 [ 78.637783][ T5076] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.653412][ T5076] EXT4-fs (loop0): 1 truncate cleaned up [pid 5076] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5076] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file1") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5076] creat("./file1", 000) = 4 [ 78.659061][ T5076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5076] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 78.834219][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./7/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached , child_tidptr=0x5555563c1650) = 5078 [pid 5078] set_robust_list(0x5555563c1660, 24) = 0 [pid 5078] chdir("./8") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5078] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file1", 0777) = 0 [ 79.022522][ T5078] loop0: detected capacity change from 0 to 512 [ 79.036687][ T5078] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.062821][ T5078] EXT4-fs (loop0): 1 truncate cleaned up [pid 5078] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file1") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5078] creat("./file1", 000) = 4 [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 79.068473][ T5078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 79.214985][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x5555563c1660, 24) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5080 [pid 5080] chdir("./9") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5080] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file1", 0777) = 0 [ 79.447216][ T5080] loop0: detected capacity change from 0 to 512 [ 79.464883][ T5080] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.480235][ T5080] EXT4-fs (loop0): 1 truncate cleaned up [pid 5080] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file1") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5080] creat("./file1", 000) = 4 [pid 5080] exit_group(0) = ? [ 79.485956][ T5080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 [ 79.597817][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x5555563c1650) = 5082 [pid 5082] set_robust_list(0x5555563c1660, 24) = 0 [pid 5082] chdir("./10") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5082] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file1", 0777) = 0 [pid 5082] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5082] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file1") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [ 79.759618][ T5082] loop0: detected capacity change from 0 to 512 [ 79.776061][ T5082] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.791579][ T5082] EXT4-fs (loop0): 1 truncate cleaned up [ 79.797224][ T5082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5082] close(4) = 0 [pid 5082] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5082] creat("./file1", 000) = 4 [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 [ 79.897452][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached , child_tidptr=0x5555563c1650) = 5084 [pid 5084] set_robust_list(0x5555563c1660, 24) = 0 [pid 5084] chdir("./11") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5084] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file1", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5084] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file1") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [ 80.132705][ T5084] loop0: detected capacity change from 0 to 512 [ 80.142199][ T5084] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.157706][ T5084] EXT4-fs (loop0): 1 truncate cleaned up [ 80.163476][ T5084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5084] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5084] creat("./file1", 000) = 4 [pid 5084] exit_group(0) = ? [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 [ 80.301221][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x5555563c1650) = 5086 [pid 5086] set_robust_list(0x5555563c1660, 24) = 0 [pid 5086] chdir("./12") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5086] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file1", 0777) = 0 [pid 5086] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file1") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 80.489319][ T5086] loop0: detected capacity change from 0 to 512 [ 80.499385][ T5086] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.514597][ T5086] EXT4-fs (loop0): 1 truncate cleaned up [ 80.520240][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5086] creat("./file1", 000) = 4 [pid 5086] exit_group(0) = ? [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 80.604684][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x5555563c1650) = 5088 [pid 5088] set_robust_list(0x5555563c1660, 24) = 0 [pid 5088] chdir("./13") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5088] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file1", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [ 80.813179][ T5088] loop0: detected capacity change from 0 to 512 [ 80.829025][ T5088] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.845350][ T5088] EXT4-fs (loop0): 1 truncate cleaned up [pid 5088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file1") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5088] creat("./file1", 000) = 4 [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ [ 80.851250][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x5555563c1650) = 5090 [ 80.966706][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5090] set_robust_list(0x5555563c1660, 24) = 0 [pid 5090] chdir("./14") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5090] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file1", 0777) = 0 [ 81.088642][ T5090] loop0: detected capacity change from 0 to 512 [ 81.108533][ T5090] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 81.124550][ T5090] EXT4-fs (loop0): 1 truncate cleaned up [pid 5090] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5090] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file1") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [ 81.130193][ T5090] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5090] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5090] creat("./file1", 000) = 4 [pid 5090] exit_group(0) = ? [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 [ 81.258124][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x5555563c1650) = 5092 [pid 5092] set_robust_list(0x5555563c1660, 24) = 0 [pid 5092] chdir("./15") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5092] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] mkdir("./file1", 0777) = 0 [ 81.468861][ T5092] loop0: detected capacity change from 0 to 512 [ 81.494024][ T5092] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 81.509741][ T5092] EXT4-fs (loop0): 1 truncate cleaned up [pid 5092] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file1") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4) = 0 [pid 5092] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5092] creat("./file1", 000) = 4 [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ [ 81.515443][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 81.702039][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x5555563c1650) = 5094 [pid 5094] set_robust_list(0x5555563c1660, 24) = 0 [pid 5094] chdir("./16") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5094] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file1", 0777) = 0 [ 81.911730][ T5094] loop0: detected capacity change from 0 to 512 [ 81.945560][ T5094] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5094] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file1") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [ 81.965230][ T5094] EXT4-fs (loop0): 1 truncate cleaned up [ 81.971370][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5094] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5094] creat("./file1", 000) = 4 [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 [ 82.091983][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5098 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5098] chdir("./17") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5098] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] mkdir("./file1", 0777) = 0 [ 82.250679][ T5098] loop0: detected capacity change from 0 to 512 [ 82.267551][ T5098] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 82.293204][ T5098] EXT4-fs (loop0): 1 truncate cleaned up [pid 5098] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5098] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./file1") = 0 [pid 5098] ioctl(4, LOOP_CLR_FD) = 0 [pid 5098] close(4) = 0 [pid 5098] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5098] creat("./file1", 000) = 4 [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 82.298847][ T5098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 82.426826][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached , child_tidptr=0x5555563c1650) = 5100 [pid 5100] set_robust_list(0x5555563c1660, 24) = 0 [pid 5100] chdir("./18") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5100] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file1", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file1") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 82.567710][ T5100] loop0: detected capacity change from 0 to 512 [ 82.581713][ T5100] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 82.597307][ T5100] EXT4-fs (loop0): 1 truncate cleaned up [ 82.603317][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5100] creat("./file1", 000) = 4 [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 [ 82.740393][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached , child_tidptr=0x5555563c1650) = 5102 [pid 5102] set_robust_list(0x5555563c1660, 24) = 0 [pid 5102] chdir("./19") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5102] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [ 82.922138][ T5102] loop0: detected capacity change from 0 to 512 [ 82.940766][ T5102] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 82.956322][ T5102] EXT4-fs (loop0): 1 truncate cleaned up [pid 5102] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file1") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [ 82.962117][ T5102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5102] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5102] creat("./file1", 000) = 4 [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 [ 83.144609][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5104 [pid 5104] <... set_robust_list resumed>) = 0 [pid 5104] chdir("./20") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5104] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] mkdir("./file1", 0777) = 0 [ 83.373227][ T5104] loop0: detected capacity change from 0 to 512 [ 83.398201][ T5104] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 83.413888][ T5104] EXT4-fs (loop0): 1 truncate cleaned up [pid 5104] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5104] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./file1") = 0 [pid 5104] ioctl(4, LOOP_CLR_FD) = 0 [pid 5104] close(4) = 0 [pid 5104] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5104] creat("./file1", 000) = 4 [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.419531][ T5104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 83.561118][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x5555563c1650) = 5106 [pid 5106] set_robust_list(0x5555563c1660, 24) = 0 [pid 5106] chdir("./21") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5106] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file1", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file1") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5106] creat("./file1", 000) = 4 [ 83.729607][ T5106] loop0: detected capacity change from 0 to 512 [ 83.739540][ T5106] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 83.758017][ T5106] EXT4-fs (loop0): 1 truncate cleaned up [ 83.763750][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5106] exit_group(0) = ? [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 [ 83.898488][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5108 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5108] chdir("./22") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5108] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file1", 0777) = 0 [ 84.141158][ T5108] loop0: detected capacity change from 0 to 512 [ 84.165400][ T5108] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 84.181150][ T5108] EXT4-fs (loop0): 1 truncate cleaned up [pid 5108] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file1") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5108] creat("./file1", 000) = 4 [ 84.186812][ T5108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5108] exit_group(0) = ? [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 84.316145][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x5555563c1650) = 5110 [pid 5110] set_robust_list(0x5555563c1660, 24) = 0 [pid 5110] chdir("./23") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5110] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./file1", 0777) = 0 [ 84.594049][ T5110] loop0: detected capacity change from 0 to 512 [ 84.611819][ T5110] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 84.627388][ T5110] EXT4-fs (loop0): 1 truncate cleaned up [pid 5110] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5110] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file1") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [pid 5110] close(4) = 0 [pid 5110] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5110] creat("./file1", 000) = 4 [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 84.633115][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 84.696162][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached , child_tidptr=0x5555563c1650) = 5112 [pid 5112] set_robust_list(0x5555563c1660, 24) = 0 [pid 5112] chdir("./24") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5112] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file1", 0777) = 0 [ 84.891964][ T5112] loop0: detected capacity change from 0 to 512 [ 84.916645][ T5112] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 84.932216][ T5112] EXT4-fs (loop0): 1 truncate cleaned up [pid 5112] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5112] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file1") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5112] creat("./file1", 000) = 4 [pid 5112] exit_group(0) = ? [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 84.937854][ T5112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 [ 85.034466][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x5555563c1650) = 5114 [pid 5114] set_robust_list(0x5555563c1660, 24) = 0 [pid 5114] chdir("./25") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5114] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file1", 0777) = 0 [ 85.221236][ T5114] loop0: detected capacity change from 0 to 512 [ 85.234988][ T5114] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 85.260445][ T5114] EXT4-fs (loop0): 1 truncate cleaned up [pid 5114] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file1") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5114] creat("./file1", 000) = 4 [ 85.266132][ T5114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 [ 85.419458][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5116 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5116] chdir("./26") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5116] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] mkdir("./file1", 0777) = 0 [ 85.582072][ T5116] loop0: detected capacity change from 0 to 512 [ 85.608712][ T5116] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 85.623868][ T5116] EXT4-fs (loop0): 1 truncate cleaned up [pid 5116] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file1") = 0 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5116] creat("./file1", 000) = 4 [pid 5116] exit_group(0) = ? [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 85.629510][ T5116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 85.766400][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached , child_tidptr=0x5555563c1650) = 5118 [pid 5118] set_robust_list(0x5555563c1660, 24) = 0 [pid 5118] chdir("./27") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5118] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./file1", 0777) = 0 [ 86.003573][ T5118] loop0: detected capacity change from 0 to 512 [ 86.028984][ T5118] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.045163][ T5118] EXT4-fs (loop0): 1 truncate cleaned up [pid 5118] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5118] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file1") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5118] creat("./file1", 000) = 4 [pid 5118] exit_group(0) = ? [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 86.050869][ T5118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 86.143609][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached , child_tidptr=0x5555563c1650) = 5120 [pid 5120] set_robust_list(0x5555563c1660, 24) = 0 [pid 5120] chdir("./28") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5120] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file1", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5120] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file1") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [ 86.303387][ T5120] loop0: detected capacity change from 0 to 512 [ 86.318517][ T5120] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.334482][ T5120] EXT4-fs (loop0): 1 truncate cleaned up [ 86.340145][ T5120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5120] close(4) = 0 [pid 5120] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5120] creat("./file1", 000) = 4 [pid 5120] exit_group(0) = ? [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 86.490524][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5122 [pid 5122] <... set_robust_list resumed>) = 0 [pid 5122] chdir("./29") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5122] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file1", 0777) = 0 [ 86.711621][ T5122] loop0: detected capacity change from 0 to 512 [ 86.739937][ T5122] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.755609][ T5122] EXT4-fs (loop0): 1 truncate cleaned up [pid 5122] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file1") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5122] creat("./file1", 000) = 4 [pid 5122] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 86.761330][ T5122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 86.859547][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5124 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5124] chdir("./30") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5124] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 86.994132][ T22] cfg80211: failed to load regulatory.db [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file1", 0777) = 0 [ 87.054689][ T5124] loop0: detected capacity change from 0 to 512 [ 87.081043][ T5124] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.096388][ T5124] EXT4-fs (loop0): 1 truncate cleaned up [pid 5124] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file1") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5124] creat("./file1", 000) = 4 [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 87.102088][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 87.203644][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x5555563c1650) = 5127 [pid 5127] set_robust_list(0x5555563c1660, 24) = 0 [pid 5127] chdir("./31") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5127] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] mkdir("./file1", 0777) = 0 [pid 5127] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./file1") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5127] creat("./file1", 000) = 4 [ 87.531308][ T5127] loop0: detected capacity change from 0 to 512 [ 87.546215][ T5127] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.562186][ T5127] EXT4-fs (loop0): 1 truncate cleaned up [ 87.567838][ T5127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5127] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 [ 87.695384][ T5059] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x5555563c1650) = 5129 [pid 5129] set_robust_list(0x5555563c1660, 24) = 0 [pid 5129] chdir("./32") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5129] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file1", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5129] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file1") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5129] creat("./file1", 000) = 4 [ 87.883176][ T5129] loop0: detected capacity change from 0 to 512 [ 87.896415][ T5129] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.912614][ T5129] EXT4-fs (loop0): 1 truncate cleaned up [pid 5129] exit_group(0) = ? [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x5555563c1650) = 5131 [pid 5131] set_robust_list(0x5555563c1660, 24) = 0 [pid 5131] chdir("./33") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5131] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file1", 0777) = 0 [pid 5131] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] chdir("./file1") = 0 [pid 5131] ioctl(4, LOOP_CLR_FD) = 0 [pid 5131] close(4) = 0 [pid 5131] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5131] creat("./file1", 000) = 4 [ 88.174927][ T5131] loop0: detected capacity change from 0 to 512 [ 88.190148][ T5131] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.205568][ T5131] EXT4-fs (loop0): 1 truncate cleaned up [pid 5131] exit_group(0) = ? [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x5555563c1650) = 5133 [pid 5133] set_robust_list(0x5555563c1660, 24) = 0 [pid 5133] chdir("./34") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5133] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./file1", 0777) = 0 [pid 5133] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./file1") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5133] creat("./file1", 000) = 4 [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 88.579424][ T5133] loop0: detected capacity change from 0 to 512 [ 88.604742][ T5133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.620155][ T5133] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x5555563c1650) = 5135 [pid 5135] set_robust_list(0x5555563c1660, 24) = 0 [pid 5135] chdir("./35") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5135] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file1", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file1") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5135] creat("./file1", 000) = 4 [ 88.866408][ T5135] loop0: detected capacity change from 0 to 512 [ 88.890619][ T5135] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.906306][ T5135] EXT4-fs (loop0): 1 truncate cleaned up [pid 5135] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x5555563c1650) = 5137 [pid 5137] set_robust_list(0x5555563c1660, 24) = 0 [pid 5137] chdir("./36") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5137] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] mkdir("./file1", 0777) = 0 [pid 5137] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file1") = 0 [pid 5137] ioctl(4, LOOP_CLR_FD) = 0 [pid 5137] close(4) = 0 [ 89.252759][ T5137] loop0: detected capacity change from 0 to 512 [ 89.272521][ T5137] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 89.287708][ T5137] EXT4-fs (loop0): 1 truncate cleaned up [pid 5137] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5137] creat("./file1", 000) = 4 [pid 5137] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached , child_tidptr=0x5555563c1650) = 5139 [pid 5139] set_robust_list(0x5555563c1660, 24) = 0 [pid 5139] chdir("./37") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5139] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./file1", 0777) = 0 [pid 5139] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./file1") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5139] creat("./file1", 000) = 4 [pid 5139] exit_group(0) = ? [ 89.611725][ T5139] loop0: detected capacity change from 0 to 512 [ 89.626790][ T5139] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 89.642714][ T5139] EXT4-fs (loop0): 1 truncate cleaned up [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached , child_tidptr=0x5555563c1650) = 5141 [pid 5141] set_robust_list(0x5555563c1660, 24) = 0 [pid 5141] chdir("./38") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5141] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file1", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file1") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 90.009562][ T5141] loop0: detected capacity change from 0 to 512 [ 90.024109][ T5141] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 90.049828][ T5141] EXT4-fs (loop0): 1 truncate cleaned up [pid 5141] creat("./file1", 000) = 4 [pid 5141] exit_group(0) = ? [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5143 [pid 5143] <... set_robust_list resumed>) = 0 [pid 5143] chdir("./39") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5143] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file1", 0777) = 0 [pid 5143] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file1") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5143] creat("./file1", 000) = 4 [ 90.374147][ T5143] loop0: detected capacity change from 0 to 512 [ 90.388565][ T5143] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 90.405293][ T5143] EXT4-fs (loop0): 1 truncate cleaned up [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached , child_tidptr=0x5555563c1650) = 5145 [pid 5145] set_robust_list(0x5555563c1660, 24) = 0 [pid 5145] chdir("./40") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5145] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file1", 0777) = 0 [ 90.671092][ T5145] loop0: detected capacity change from 0 to 512 [ 90.701175][ T5145] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5145] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file1") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 90.717031][ T5145] EXT4-fs (loop0): 1 truncate cleaned up [pid 5145] creat("./file1", 000) = 4 [pid 5145] exit_group(0) = ? [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x5555563c1650) = 5147 [pid 5147] set_robust_list(0x5555563c1660, 24) = 0 [pid 5147] chdir("./41") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5147] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file1", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5147] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file1") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 91.081095][ T5147] loop0: detected capacity change from 0 to 512 [ 91.104540][ T5147] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 91.120217][ T5147] EXT4-fs (loop0): 1 truncate cleaned up [pid 5147] creat("./file1", 000) = 4 [pid 5147] exit_group(0) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x5555563c1650) = 5149 [pid 5149] set_robust_list(0x5555563c1660, 24) = 0 [pid 5149] chdir("./42") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5149] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./file1", 0777) = 0 [pid 5149] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./file1") = 0 [pid 5149] ioctl(4, LOOP_CLR_FD) = 0 [pid 5149] close(4) = 0 [pid 5149] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5149] creat("./file1", 000) = 4 [ 91.385942][ T5149] loop0: detected capacity change from 0 to 512 [ 91.395774][ T5149] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 91.412066][ T5149] EXT4-fs (loop0): 1 truncate cleaned up [pid 5149] exit_group(0) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563c1650) = 5151 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x5555563c1660, 24) = 0 [pid 5151] chdir("./43") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5151] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./file1", 0777) = 0 [pid 5151] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file1") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5151] creat("./file1", 000) = 4 [pid 5151] exit_group(0) = ? [ 91.695078][ T5151] loop0: detected capacity change from 0 to 512 [ 91.712200][ T5151] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 91.727710][ T5151] EXT4-fs (loop0): 1 truncate cleaned up [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached , child_tidptr=0x5555563c1650) = 5153 [pid 5153] set_robust_list(0x5555563c1660, 24) = 0 [pid 5153] chdir("./44") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5153] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file1", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5153] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file1") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5153] creat("./file1", 000) = 4 [ 91.989899][ T5153] loop0: detected capacity change from 0 to 512 [ 92.007023][ T5153] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.025075][ T5153] EXT4-fs (loop0): 1 truncate cleaned up [pid 5153] exit_group(0) = ? [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x5555563c1650) = 5155 [pid 5155] set_robust_list(0x5555563c1660, 24) = 0 [pid 5155] chdir("./45") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5155] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./file1", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5155] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file1") = 0 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5155] creat("./file1", 000) = 4 [pid 5155] exit_group(0) = ? [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 92.284350][ T5155] loop0: detected capacity change from 0 to 512 [ 92.298002][ T5155] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.313538][ T5155] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x5555563c1650) = 5157 [pid 5157] set_robust_list(0x5555563c1660, 24) = 0 [pid 5157] chdir("./46") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5157] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./file1", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file1") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5157] creat("./file1", 000) = 4 [ 92.649454][ T5157] loop0: detected capacity change from 0 to 512 [ 92.665550][ T5157] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.681393][ T5157] EXT4-fs (loop0): 1 truncate cleaned up [pid 5157] exit_group(0) = ? [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x5555563c1650) = 5159 [pid 5159] set_robust_list(0x5555563c1660, 24) = 0 [pid 5159] chdir("./47") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5159] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./file1", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5159] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./file1") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [ 93.017779][ T5159] loop0: detected capacity change from 0 to 512 [ 93.045159][ T5159] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 93.060652][ T5159] EXT4-fs (loop0): 1 truncate cleaned up [pid 5159] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5159] creat("./file1", 000) = 4 [pid 5159] exit_group(0) = ? [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5161 [pid 5161] <... set_robust_list resumed>) = 0 [pid 5161] chdir("./48") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5161] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./file1", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [ 93.373847][ T5161] loop0: detected capacity change from 0 to 512 [ 93.402833][ T5161] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5161] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./file1") = 0 [pid 5161] ioctl(4, LOOP_CLR_FD) = 0 [pid 5161] close(4) = 0 [ 93.418705][ T5161] EXT4-fs (loop0): 1 truncate cleaned up [pid 5161] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5161] creat("./file1", 000) = 4 [pid 5161] exit_group(0) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x5555563c1660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5163 [pid 5163] <... set_robust_list resumed>) = 0 [pid 5163] chdir("./49") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5163] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] mkdir("./file1", 0777) = 0 [pid 5163] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5163] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] chdir("./file1") = 0 [pid 5163] ioctl(4, LOOP_CLR_FD) = 0 [pid 5163] close(4) = 0 [pid 5163] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5163] creat("./file1", 000) = 4 [ 93.776093][ T5163] loop0: detected capacity change from 0 to 512 [ 93.785420][ T5163] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 93.800785][ T5163] EXT4-fs (loop0): 1 truncate cleaned up [pid 5163] exit_group(0) = ? [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached , child_tidptr=0x5555563c1650) = 5165 [pid 5165] set_robust_list(0x5555563c1660, 24) = 0 [pid 5165] chdir("./50") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5165] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file1", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5165] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./file1") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5165] creat("./file1", 000) = 4 [pid 5165] exit_group(0) = ? [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.140403][ T5165] loop0: detected capacity change from 0 to 512 [ 94.155264][ T5165] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.171205][ T5165] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached , child_tidptr=0x5555563c1650) = 5167 [pid 5167] set_robust_list(0x5555563c1660, 24) = 0 [pid 5167] chdir("./51") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5167] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file1", 0777) = 0 [pid 5167] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5167] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file1") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 94.350918][ T5167] loop0: detected capacity change from 0 to 512 [ 94.369541][ T5167] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.385137][ T5167] EXT4-fs (loop0): 1 truncate cleaned up [ 94.410013][ T5167] [ 94.412366][ T5167] ====================================================== [ 94.419472][ T5167] WARNING: possible circular locking dependency detected [ 94.426484][ T5167] 6.7.0-rc5-syzkaller #0 Not tainted [ 94.431745][ T5167] ------------------------------------------------------ [ 94.439344][ T5167] syz-executor726/5167 is trying to acquire lock: [ 94.445732][ T5167] ffff888074eed4c0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x173/0x430 [ 94.456086][ T5167] [ 94.456086][ T5167] but task is already holding lock: [ 94.463427][ T5167] ffff888074eec388 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1b94/0x29d0 [ 94.472721][ T5167] [ 94.472721][ T5167] which lock already depends on the new lock. [ 94.472721][ T5167] [ 94.483121][ T5167] [ 94.483121][ T5167] the existing dependency chain (in reverse order) is: [ 94.492132][ T5167] [ 94.492132][ T5167] -> #1 (&ei->i_data_sem/3){++++}-{3:3}: [ 94.499950][ T5167] down_write+0x3a/0x50 [ 94.504636][ T5167] ext4_xattr_set_entry+0x3415/0x3ce0 [ 94.510515][ T5167] ext4_xattr_ibody_set+0x126/0x380 [ 94.516228][ T5167] ext4_xattr_set_handle+0x936/0x1420 [ 94.522111][ T5167] ext4_xattr_set+0x149/0x370 [ 94.527316][ T5167] __vfs_setxattr+0x173/0x1d0 [ 94.532504][ T5167] __vfs_setxattr_noperm+0x127/0x5e0 [ 94.538296][ T5167] __vfs_setxattr_locked+0x17e/0x250 [ 94.544092][ T5167] vfs_setxattr+0x146/0x350 [ 94.549099][ T5167] do_setxattr+0x142/0x170 [ 94.554020][ T5167] setxattr+0x159/0x170 [ 94.558695][ T5167] path_setxattr+0x175/0x1d0 [ 94.563805][ T5167] __x64_sys_setxattr+0xc4/0x160 [ 94.569253][ T5167] do_syscall_64+0x40/0x110 [ 94.574264][ T5167] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 94.580696][ T5167] [ 94.580696][ T5167] -> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}: [ 94.588940][ T5167] __lock_acquire+0x2433/0x3b20 [ 94.594302][ T5167] lock_acquire+0x1ae/0x520 [ 94.599313][ T5167] down_write+0x3a/0x50 [ 94.603977][ T5167] ext4_xattr_inode_iget+0x173/0x430 [ 94.609767][ T5167] ext4_xattr_inode_get+0x170/0x840 [ 94.615472][ T5167] ext4_expand_extra_isize_ea+0x125a/0x1b20 [ 94.621884][ T5167] __ext4_expand_extra_isize+0x342/0x470 [ 94.628018][ T5167] __ext4_mark_inode_dirty+0x52b/0x810 [ 94.633985][ T5167] ext4_setattr+0x1c08/0x29d0 [ 94.639167][ T5167] notify_change+0x742/0x11c0 [ 94.644351][ T5167] do_truncate+0x15c/0x220 [ 94.649280][ T5167] path_openat+0x25a0/0x2c50 [ 94.654408][ T5167] do_filp_open+0x1de/0x430 [ 94.659422][ T5167] do_sys_openat2+0x176/0x1e0 [ 94.664612][ T5167] __x64_sys_creat+0xcd/0x120 [ 94.669800][ T5167] do_syscall_64+0x40/0x110 [ 94.674987][ T5167] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 94.681394][ T5167] [ 94.681394][ T5167] other info that might help us debug this: [ 94.681394][ T5167] [ 94.691604][ T5167] Possible unsafe locking scenario: [ 94.691604][ T5167] [ 94.699040][ T5167] CPU0 CPU1 [ 94.704384][ T5167] ---- ---- [ 94.709725][ T5167] lock(&ei->i_data_sem/3); [ 94.714323][ T5167] lock(&ea_inode->i_rwsem#7/1); [ 94.721865][ T5167] lock(&ei->i_data_sem/3); [ 94.728959][ T5167] lock(&ea_inode->i_rwsem#7/1); [ 94.733971][ T5167] [ 94.733971][ T5167] *** DEADLOCK *** [ 94.733971][ T5167] [ 94.742090][ T5167] 5 locks held by syz-executor726/5167: [ 94.747614][ T5167] #0: ffff8880667fa418 (sb_writers#5){.+.+}-{0:0}, at: path_openat+0x2112/0x2c50 [ 94.756831][ T5167] #1: ffff888074eec500 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x14b/0x220 [ 94.767085][ T5167] #2: ffff888074eec6a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xdf1/0x29d0 [ 94.777421][ T5167] #3: ffff888074eec388 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1b94/0x29d0 [ 94.787168][ T5167] #4: ffff888074eec1c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4a1/0x810 [ 94.797416][ T5167] [ 94.797416][ T5167] stack backtrace: [ 94.803282][ T5167] CPU: 1 PID: 5167 Comm: syz-executor726 Not tainted 6.7.0-rc5-syzkaller #0 [ 94.811937][ T5167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 94.821976][ T5167] Call Trace: [ 94.825243][ T5167] [ 94.828157][ T5167] dump_stack_lvl+0xd9/0x1b0 [ 94.832732][ T5167] check_noncircular+0x317/0x400 [ 94.837664][ T5167] ? print_circular_bug+0x5c0/0x5c0 [ 94.842852][ T5167] ? lockdep_lock+0xc6/0x200 [ 94.847429][ T5167] ? hlock_class+0x130/0x130 [ 94.852006][ T5167] __lock_acquire+0x2433/0x3b20 [ 94.856846][ T5167] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 94.862817][ T5167] ? look_up_lock_class+0x59/0x130 [ 94.867917][ T5167] lock_acquire+0x1ae/0x520 [ 94.872409][ T5167] ? ext4_xattr_inode_iget+0x173/0x430 [ 94.877866][ T5167] ? lock_sync+0x190/0x190 [ 94.882272][ T5167] ? preempt_count_sub+0x160/0x160 [ 94.887366][ T5167] down_write+0x3a/0x50 [ 94.891514][ T5167] ? ext4_xattr_inode_iget+0x173/0x430 [ 94.896961][ T5167] ext4_xattr_inode_iget+0x173/0x430 [ 94.902404][ T5167] ext4_xattr_inode_get+0x170/0x840 [ 94.907608][ T5167] ? ext4_xattr_inode_iget+0x430/0x430 [ 94.913072][ T5167] ? rcu_is_watching+0x12/0xb0 [ 94.917832][ T5167] ? trace_kmalloc+0x26/0xa0 [ 94.922414][ T5167] ? __kmalloc_node+0x78/0x90 [ 94.927090][ T5167] ext4_expand_extra_isize_ea+0x125a/0x1b20 [ 94.932985][ T5167] ? ext4_xattr_set+0x370/0x370 [ 94.937825][ T5167] ? lockdep_unlock+0x11b/0x290 [ 94.942668][ T5167] ? preempt_count_sub+0x160/0x160 [ 94.947784][ T5167] ? down_write_trylock+0x1ae/0x3d0 [ 94.952972][ T5167] ? dquot_initialize_needed+0x17d/0x290 [ 94.958764][ T5167] __ext4_expand_extra_isize+0x342/0x470 [ 94.964388][ T5167] __ext4_mark_inode_dirty+0x52b/0x810 [ 94.969833][ T5167] ? ext4_expand_extra_isize+0x600/0x600 [ 94.975453][ T5167] ? lock_sync+0x190/0x190 [ 94.979889][ T5167] ? preempt_count_sub+0x160/0x160 [ 94.984982][ T5167] ext4_setattr+0x1c08/0x29d0 [ 94.989649][ T5167] ? ext4_journalled_write_end+0x1120/0x1120 [ 94.995616][ T5167] notify_change+0x742/0x11c0 [ 95.000468][ T5167] do_truncate+0x15c/0x220 [ 95.004875][ T5167] ? file_open_root+0x450/0x450 [ 95.009716][ T5167] path_openat+0x25a0/0x2c50 [ 95.014300][ T5167] ? path_lookupat+0x770/0x770 [ 95.019054][ T5167] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 95.025025][ T5167] do_filp_open+0x1de/0x430 [ 95.029520][ T5167] ? may_open_dev+0xf0/0xf0 [ 95.034013][ T5167] ? find_held_lock+0x2d/0x110 [ 95.038785][ T5167] ? _raw_spin_unlock+0x28/0x40 [ 95.043619][ T5167] ? alloc_fd+0x2da/0x6c0 [ 95.047933][ T5167] do_sys_openat2+0x176/0x1e0 [ 95.052601][ T5167] ? build_open_flags+0x690/0x690 [ 95.057605][ T5167] ? ptrace_notify+0xf4/0x130 [ 95.062264][ T5167] ? restore_fpregs_from_fpstate+0xc1/0x1d0 [ 95.068179][ T5167] __x64_sys_creat+0xcd/0x120 [ 95.072846][ T5167] ? __x64_compat_sys_openat+0x200/0x200 [ 95.078465][ T5167] ? _raw_spin_unlock_irq+0x2e/0x50 [ 95.083648][ T5167] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 95.089875][ T5167] do_syscall_64+0x40/0x110 [ 95.094386][ T5167] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 95.100278][ T5167] RIP: 0033:0x7f22975e41a9 [ 95.104677][ T5167] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 95.124276][ T5167] RSP: 002b:00007ffc160cd518 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 95.132685][ T5167] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f22975e41a9 [ 95.140659][ T5167] RDX: 00007f22975e41a9 RSI: 0000000000000000 RDI: 0000000020000400 [ 95.148641][ T5167] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [pid 5167] creat("./file1", 000) = 4 [pid 5167] exit_group(0) = ? [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 95.156688][ T5167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc160cd560 [ 95.164663][ T5167] R13: 00007ffc160cd5a0 R14: 0000000000040000 R15: 0000000000000003 [ 95.172624][ T5167] unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x5555563c1660, 24) = 0 [pid 5169] chdir("./52" [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5169 [pid 5169] <... chdir resumed>) = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] memfd_create("syzkaller", 0) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5169] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] mkdir("./file1", 0777) = 0 [pid 5169] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5169] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] chdir("./file1") = 0 [pid 5169] ioctl(4, LOOP_CLR_FD) = 0 [pid 5169] close(4) = 0 [pid 5169] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 95.421197][ T5169] loop0: detected capacity change from 0 to 512 [ 95.444150][ T5169] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.458774][ T5169] EXT4-fs (loop0): 1 truncate cleaned up [pid 5169] creat("./file1", 000) = 4 [pid 5169] exit_group(0) = ? [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x5555563c1660, 24) = 0 [pid 5171] chdir("./53") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5171 [pid 5171] <... openat resumed>) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5171] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file1", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./file1") = 0 [pid 5171] ioctl(4, LOOP_CLR_FD) = 0 [pid 5171] close(4) = 0 [pid 5171] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5171] creat("./file1", 000) = 4 [pid 5171] exit_group(0) = ? [ 95.711270][ T5171] loop0: detected capacity change from 0 to 512 [ 95.725734][ T5171] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.740655][ T5171] EXT4-fs (loop0): 1 truncate cleaned up [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached , child_tidptr=0x5555563c1650) = 5173 [pid 5173] set_robust_list(0x5555563c1660, 24) = 0 [pid 5173] chdir("./54") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5173] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5173] close(3) = 0 [pid 5173] mkdir("./file1", 0777) = 0 [pid 5173] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5173] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5173] chdir("./file1") = 0 [pid 5173] ioctl(4, LOOP_CLR_FD) = 0 [pid 5173] close(4) = 0 [pid 5173] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5173] creat("./file1", 000) = 4 [ 95.967565][ T5173] loop0: detected capacity change from 0 to 512 [ 95.976369][ T5173] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.991127][ T5173] EXT4-fs (loop0): 1 truncate cleaned up [pid 5173] exit_group(0) = ? [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x5555563c1660, 24) = 0 [pid 5175] chdir("./55") = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5175 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5175] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./file1", 0777) = 0 [pid 5175] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5175] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./file1") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5175] creat("./file1", 000) = 4 [ 96.295013][ T5175] loop0: detected capacity change from 0 to 512 [ 96.309480][ T5175] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 96.324496][ T5175] EXT4-fs (loop0): 1 truncate cleaned up [pid 5175] exit_group(0) = ? [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563c1650) = 5177 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x5555563c1660, 24) = 0 [pid 5177] chdir("./56") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] memfd_create("syzkaller", 0) = 3 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5177] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] mkdir("./file1", 0777) = 0 [ 96.579015][ T5177] loop0: detected capacity change from 0 to 512 [ 96.604579][ T5177] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5177] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5177] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] chdir("./file1") = 0 [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] close(4) = 0 [ 96.628783][ T5177] EXT4-fs (loop0): 1 truncate cleaned up [pid 5177] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5177] creat("./file1", 000) = 4 [pid 5177] exit_group(0) = ? [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x5555563c1660, 24) = 0 [pid 5179] chdir("./57") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5179 [pid 5179] <... openat resumed>) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] memfd_create("syzkaller", 0) = 3 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5179] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5179] close(3) = 0 [pid 5179] mkdir("./file1", 0777) = 0 [pid 5179] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5179] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5179] chdir("./file1") = 0 [pid 5179] ioctl(4, LOOP_CLR_FD) = 0 [pid 5179] close(4) = 0 [pid 5179] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5179] creat("./file1", 000) = 4 [ 96.845941][ T5179] loop0: detected capacity change from 0 to 512 [ 96.870891][ T5179] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 96.885429][ T5179] EXT4-fs (loop0): 1 truncate cleaned up [pid 5179] exit_group(0) = ? [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x5555563c1660, 24) = 0 [pid 5181] chdir("./58") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5181 [pid 5181] <... openat resumed>) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5181] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file1", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5181] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file1") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 97.167597][ T5181] loop0: detected capacity change from 0 to 512 [ 97.187102][ T5181] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.201414][ T5181] EXT4-fs (loop0): 1 truncate cleaned up [pid 5181] creat("./file1", 000) = 4 [pid 5181] exit_group(0) = ? [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x5555563c1650) = 5183 [pid 5183] set_robust_list(0x5555563c1660, 24) = 0 [pid 5183] chdir("./59") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5183] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./file1", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5183] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./file1") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 97.577955][ T5183] loop0: detected capacity change from 0 to 512 [ 97.592372][ T5183] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.606891][ T5183] EXT4-fs (loop0): 1 truncate cleaned up [pid 5183] creat("./file1", 000) = 4 [pid 5183] exit_group(0) = ? [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x5555563c1650) = 5185 [pid 5185] set_robust_list(0x5555563c1660, 24) = 0 [pid 5185] chdir("./60") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5185] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./file1", 0777) = 0 [pid 5185] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5185] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./file1") = 0 [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [pid 5185] close(4) = 0 [pid 5185] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5185] creat("./file1", 000) = 4 [ 97.874145][ T5185] loop0: detected capacity change from 0 to 512 [ 97.897765][ T5185] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.912411][ T5185] EXT4-fs (loop0): 1 truncate cleaned up [pid 5185] exit_group(0) = ? [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x5555563c1650) = 5187 [pid 5187] set_robust_list(0x5555563c1660, 24) = 0 [pid 5187] chdir("./61") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5187] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./file1", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./file1") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5187] creat("./file1", 000) = 4 [ 98.149125][ T5187] loop0: detected capacity change from 0 to 512 [ 98.173189][ T5187] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.187921][ T5187] EXT4-fs (loop0): 1 truncate cleaned up [pid 5187] exit_group(0) = ? [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x5555563c1660, 24) = 0 [pid 5189] chdir("./62") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5189 [pid 5189] <... openat resumed>) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5189] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file1", 0777) = 0 [ 98.440015][ T5189] loop0: detected capacity change from 0 to 512 [ 98.464835][ T5189] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5189] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5189] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file1") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5189] creat("./file1", 000) = 4 [pid 5189] exit_group(0) = ? [pid 5189] +++ exited with 0 +++ [ 98.489608][ T5189] EXT4-fs (loop0): 1 truncate cleaned up --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5191 attached , child_tidptr=0x5555563c1650) = 5191 [pid 5191] set_robust_list(0x5555563c1660, 24) = 0 [pid 5191] chdir("./63") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5191] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5191] close(3) = 0 [pid 5191] mkdir("./file1", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5191] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file1") = 0 [pid 5191] ioctl(4, LOOP_CLR_FD) = 0 [pid 5191] close(4) = 0 [pid 5191] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5191] creat("./file1", 000) = 4 [pid 5191] exit_group(0) = ? [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 [ 98.822501][ T5191] loop0: detected capacity change from 0 to 512 [ 98.845244][ T5191] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.859820][ T5191] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5193 attached , child_tidptr=0x5555563c1650) = 5193 [pid 5193] set_robust_list(0x5555563c1660, 24) = 0 [pid 5193] chdir("./64") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5193] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file1", 0777) = 0 [pid 5193] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file1") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5193] creat("./file1", 000) = 4 [pid 5193] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.955067][ T5193] loop0: detected capacity change from 0 to 512 [ 98.974062][ T5193] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.989109][ T5193] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563c1650) = 5195 ./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x5555563c1660, 24) = 0 [pid 5195] chdir("./65") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5195] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file1", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5195] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file1") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5195] creat("./file1", 000) = 4 [pid 5195] exit_group(0) = ? [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 99.207413][ T5195] loop0: detected capacity change from 0 to 512 [ 99.221376][ T5195] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 99.235758][ T5195] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x5555563c1660, 24) = 0 [pid 5197] chdir("./66" [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5197 [pid 5197] <... chdir resumed>) = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5197] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5197] close(3) = 0 [pid 5197] mkdir("./file1", 0777) = 0 [pid 5197] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5197] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5197] chdir("./file1") = 0 [pid 5197] ioctl(4, LOOP_CLR_FD) = 0 [pid 5197] close(4) = 0 [pid 5197] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5197] creat("./file1", 000) = 4 [pid 5197] exit_group(0) = ? [ 99.503208][ T5197] loop0: detected capacity change from 0 to 512 [ 99.526428][ T5197] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 99.540942][ T5197] EXT4-fs (loop0): 1 truncate cleaned up [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563c1650) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x5555563c1660, 24) = 0 [pid 5199] chdir("./67") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5199] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./file1", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5199] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./file1") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5199] creat("./file1", 000) = 4 [pid 5199] exit_group(0) = ? [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 99.799294][ T5199] loop0: detected capacity change from 0 to 512 [ 99.823062][ T5199] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 99.837801][ T5199] EXT4-fs (loop0): 1 truncate cleaned up umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x5555563c1650) = 5201 [pid 5201] set_robust_list(0x5555563c1660, 24) = 0 [pid 5201] chdir("./68") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5201] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./file1", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file1") = 0 [pid 5201] ioctl(4, LOOP_CLR_FD) = 0 [pid 5201] close(4) = 0 [ 100.131225][ T5201] loop0: detected capacity change from 0 to 512 [ 100.145116][ T5201] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.159490][ T5201] EXT4-fs (loop0): 1 truncate cleaned up [pid 5201] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5201] creat("./file1", 000) = 4 [pid 5201] exit_group(0) = ? [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x5555563c1660, 24) = 0 [pid 5203] chdir("./69" [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5203 [pid 5203] <... chdir resumed>) = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5203] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./file1", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./file1") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5203] creat("./file1", 000) = 4 [pid 5203] exit_group(0) = ? [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 [ 100.436721][ T5203] loop0: detected capacity change from 0 to 512 [ 100.452085][ T5203] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.466494][ T5203] EXT4-fs (loop0): 1 truncate cleaned up umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5206 attached , child_tidptr=0x5555563c1650) = 5206 [pid 5206] set_robust_list(0x5555563c1660, 24) = 0 [pid 5206] chdir("./70") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5206] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5206] close(3) = 0 [pid 5206] mkdir("./file1", 0777) = 0 [ 100.827462][ T5206] loop0: detected capacity change from 0 to 512 [pid 5206] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5206] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5206] chdir("./file1") = 0 [pid 5206] ioctl(4, LOOP_CLR_FD) = 0 [pid 5206] close(4) = 0 [ 100.867049][ T5206] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.881615][ T5206] EXT4-fs (loop0): 1 truncate cleaned up [pid 5206] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5206] creat("./file1", 000) = 4 [pid 5206] exit_group(0) = ? [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x5555563c1660, 24) = 0 [pid 5208] chdir("./71") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5208 [pid 5208] <... openat resumed>) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5208] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./file1", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./file1") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5208] creat("./file1", 000) = 4 [pid 5208] exit_group(0) = ? [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 101.099654][ T5208] loop0: detected capacity change from 0 to 512 [ 101.114031][ T5208] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.138886][ T5208] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5210 attached , child_tidptr=0x5555563c1650) = 5210 [pid 5210] set_robust_list(0x5555563c1660, 24) = 0 [pid 5210] chdir("./72") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5210] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file1", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5210] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file1") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5210] creat("./file1", 000) = 4 [pid 5210] exit_group(0) = ? [pid 5210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5210, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 101.331330][ T5210] loop0: detected capacity change from 0 to 512 [ 101.340404][ T5210] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.354788][ T5210] EXT4-fs (loop0): 1 truncate cleaned up umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563c1650) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x5555563c1660, 24) = 0 [pid 5212] chdir("./73") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5212] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file1", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5212] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file1") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 101.626634][ T5212] loop0: detected capacity change from 0 to 512 [ 101.650940][ T5212] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.665460][ T5212] EXT4-fs (loop0): 1 truncate cleaned up [pid 5212] creat("./file1", 000) = 4 [pid 5212] exit_group(0) = ? [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x5555563c1650) = 5214 [pid 5214] set_robust_list(0x5555563c1660, 24) = 0 [pid 5214] chdir("./74") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5214] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./file1", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5214] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file1") = 0 [pid 5214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5214] close(4) = 0 [ 101.906701][ T5214] loop0: detected capacity change from 0 to 512 [ 101.930512][ T5214] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.945300][ T5214] EXT4-fs (loop0): 1 truncate cleaned up [pid 5214] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5214] creat("./file1", 000) = 4 [pid 5214] exit_group(0) = ? [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x5555563c1650) = 5216 [pid 5216] set_robust_list(0x5555563c1660, 24) = 0 [pid 5216] chdir("./75") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5216] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./file1", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file1") = 0 [pid 5216] ioctl(4, LOOP_CLR_FD) = 0 [pid 5216] close(4) = 0 [pid 5216] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5216] creat("./file1", 000) = 4 [pid 5216] exit_group(0) = ? [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 102.272918][ T5216] loop0: detected capacity change from 0 to 512 [ 102.297389][ T5216] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.312040][ T5216] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x5555563c1660, 24) = 0 [pid 5218] chdir("./76") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5218 [pid 5218] <... openat resumed>) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5218] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./file1", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./file1") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5218] creat("./file1", 000) = 4 [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 102.636539][ T5218] loop0: detected capacity change from 0 to 512 [ 102.660337][ T5218] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.674879][ T5218] EXT4-fs (loop0): 1 truncate cleaned up umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x5555563c1660, 24) = 0 [pid 5220] chdir("./77") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5220 [pid 5220] <... openat resumed>) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5220] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./file1", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5220] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file1") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5220] creat("./file1", 000) = 4 [ 102.922502][ T5220] loop0: detected capacity change from 0 to 512 [ 102.948040][ T5220] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.962912][ T5220] EXT4-fs (loop0): 1 truncate cleaned up [pid 5220] exit_group(0) = ? [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x5555563c1650) = 5222 [pid 5222] set_robust_list(0x5555563c1660, 24) = 0 [pid 5222] chdir("./78") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5222] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./file1", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5222] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file1") = 0 [pid 5222] ioctl(4, LOOP_CLR_FD) = 0 [pid 5222] close(4) = 0 [pid 5222] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 103.316737][ T5222] loop0: detected capacity change from 0 to 512 [ 103.340466][ T5222] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 103.354613][ T5222] EXT4-fs (loop0): 1 truncate cleaned up [pid 5222] creat("./file1", 000) = 4 [pid 5222] exit_group(0) = ? [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x5555563c1650) = 5224 [pid 5224] set_robust_list(0x5555563c1660, 24) = 0 [pid 5224] chdir("./79") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5224] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file1", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file1") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [ 103.624411][ T5224] loop0: detected capacity change from 0 to 512 [ 103.649241][ T5224] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 103.663918][ T5224] EXT4-fs (loop0): 1 truncate cleaned up [pid 5224] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5224] creat("./file1", 000) = 4 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x5555563c1650) = 5226 [pid 5226] set_robust_list(0x5555563c1660, 24) = 0 [pid 5226] chdir("./80") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5226] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] mkdir("./file1", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./file1") = 0 [pid 5226] ioctl(4, LOOP_CLR_FD) = 0 [pid 5226] close(4) = 0 [pid 5226] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [ 103.922949][ T5226] loop0: detected capacity change from 0 to 512 [ 103.946755][ T5226] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 103.961182][ T5226] EXT4-fs (loop0): 1 truncate cleaned up [pid 5226] creat("./file1", 000) = 4 [pid 5226] exit_group(0) = ? [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x5555563c1650) = 5228 [pid 5228] set_robust_list(0x5555563c1660, 24) = 0 [pid 5228] chdir("./81") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f228f1a5000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5228] munmap(0x7f228f1a5000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file1", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file1") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [ 104.168831][ T5228] loop0: detected capacity change from 0 to 512 [ 104.179123][ T5228] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 104.194129][ T5228] EXT4-fs (loop0): 1 truncate cleaned up [pid 5228] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x78\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 888, 0) = 0 [pid 5228] creat("./file1", 000) = 4 [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555563c26f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555563ca730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555563ca730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x5555563c26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x5555563c1660, 24) = 0 [pid 5231] chdir("./82") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5059] <... clone resumed>, child_tidptr=0x5555563c1650) = 5231 [pid 5231] <... openat resumed>) = 3 [pid 5231] write(3, "1000", 4) = 4