./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2993556806 <...> [ 101.846341][ T7] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.12' (ED25519) to the list of known hosts. execve("./syz-executor2993556806", ["./syz-executor2993556806"], 0x7ffd6616efd0 /* 10 vars */) = 0 brk(NULL) = 0x55555b90b000 brk(0x55555b90bd00) = 0x55555b90bd00 arch_prctl(ARCH_SET_FS, 0x55555b90b380) = 0 set_tid_address(0x55555b90b650) = 5074 set_robust_list(0x55555b90b660, 24) = 0 rseq(0x55555b90bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2993556806", 4096) = 28 getrandom("\xd5\x42\x86\x33\xd6\x5b\xa9\x9a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555b90bd00 brk(0x55555b92cd00) = 0x55555b92cd00 brk(0x55555b92d000) = 0x55555b92d000 mprotect(0x7fcb23d79000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.eWwVi0", 0700) = 0 chmod("./syzkaller.eWwVi0", 0777) = 0 chdir("./syzkaller.eWwVi0") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x55555b90b650) = 5075 [pid 5075] set_robust_list(0x55555b90b660, 24) = 0 [pid 5075] chdir("./0") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5075] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] close(4) = 0 [pid 5075] mkdir("./file1", 0777) = 0 [ 106.748161][ T5075] loop0: detected capacity change from 0 to 1024 [ 106.784467][ T5075] EXT4-fs: Ignoring removed oldalloc option [pid 5075] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file1") = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 106.831940][ T5075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5075] write(4, "\xe0", 1) = 1 [pid 5075] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 106.950233][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached , child_tidptr=0x55555b90b650) = 5079 [pid 5079] set_robust_list(0x55555b90b660, 24) = 0 [pid 5079] chdir("./1") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5079] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] close(4) = 0 [pid 5079] mkdir("./file1", 0777) = 0 [ 107.141406][ T5079] loop0: detected capacity change from 0 to 1024 [ 107.180655][ T5079] EXT4-fs: Ignoring removed oldalloc option [pid 5079] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5079] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file1") = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5079] write(4, "\xe0", 1) = 1 [ 107.200423][ T5079] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5079] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 107.310200][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x55555b90b650) = 5082 [pid 5082] set_robust_list(0x55555b90b660, 24) = 0 [pid 5082] chdir("./2") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5082] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] close(4) = 0 [pid 5082] mkdir("./file1", 0777) = 0 [ 107.528122][ T5082] loop0: detected capacity change from 0 to 1024 [pid 5082] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5082] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file1") = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5082] write(4, "\xe0", 1) = 1 [pid 5082] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5082] exit_group(0) = ? [ 107.576332][ T5082] EXT4-fs: Ignoring removed oldalloc option [ 107.600029][ T5082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 107.712240][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached , child_tidptr=0x55555b90b650) = 5085 [pid 5085] set_robust_list(0x55555b90b660, 24) = 0 [pid 5085] chdir("./3") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5085] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] close(4) = 0 [pid 5085] mkdir("./file1", 0777) = 0 [ 107.941675][ T5085] loop0: detected capacity change from 0 to 1024 [ 107.977844][ T5085] EXT4-fs: Ignoring removed oldalloc option [pid 5085] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5085] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file1") = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5085] write(4, "\xe0", 1) = 1 [pid 5085] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5085] exit_group(0) = ? [ 107.999682][ T5085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 [ 108.116065][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x55555b90b650) = 5088 [pid 5088] set_robust_list(0x55555b90b660, 24) = 0 [pid 5088] chdir("./4") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5088] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] mkdir("./file1", 0777) = 0 [ 108.353762][ T5088] loop0: detected capacity change from 0 to 1024 [ 108.380650][ T5088] EXT4-fs: Ignoring removed oldalloc option [pid 5088] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file1") = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5088] write(4, "\xe0", 1) = 1 [ 108.405269][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5088] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 108.545955][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x55555b90b660, 24) = 0 [pid 5093] chdir("./5") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5093] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] close(4) = 0 [pid 5093] mkdir("./file1", 0777) = 0 [ 108.757307][ T5093] loop0: detected capacity change from 0 to 1024 [ 108.793756][ T5093] EXT4-fs: Ignoring removed oldalloc option [pid 5093] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5093] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file1") = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5093] write(4, "\xe0", 1) = 1 [ 108.819891][ T5093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5093] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5093] exit_group(0) = ? [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 108.952365][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x55555b90b650) = 5096 [pid 5096] set_robust_list(0x55555b90b660, 24) = 0 [pid 5096] chdir("./6") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5096] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [ 109.150484][ T5096] loop0: detected capacity change from 0 to 1024 [ 109.181974][ T5096] EXT4-fs: Ignoring removed oldalloc option [pid 5096] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file1") = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5096] write(4, "\xe0", 1) = 1 [ 109.200665][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5096] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 109.323126][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x55555b90b660, 24) = 0 [pid 5074] <... clone resumed>, child_tidptr=0x55555b90b650) = 5099 [pid 5099] chdir("./7") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5099] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] close(4) = 0 [pid 5099] mkdir("./file1", 0777) = 0 [ 109.517675][ T5099] loop0: detected capacity change from 0 to 1024 [ 109.541811][ T5099] EXT4-fs: Ignoring removed oldalloc option [pid 5099] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5099] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file1") = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 109.560083][ T5099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5099] write(4, "\xe0", 1) = 1 [pid 5099] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5099] exit_group(0) = ? [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 109.671193][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./7/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached , child_tidptr=0x55555b90b650) = 5102 [pid 5102] set_robust_list(0x55555b90b660, 24) = 0 [pid 5102] chdir("./8") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5102] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] close(4) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [ 109.952714][ T5102] loop0: detected capacity change from 0 to 1024 [ 109.991829][ T5102] EXT4-fs: Ignoring removed oldalloc option [pid 5102] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file1") = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5102] write(4, "\xe0", 1) = 1 [pid 5102] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 110.019793][ T5102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 110.149204][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./8/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x55555b90b650) = 5105 [pid 5105] set_robust_list(0x55555b90b660, 24) = 0 [pid 5105] chdir("./9") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5105] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] close(4) = 0 [pid 5105] mkdir("./file1", 0777) = 0 [ 110.392708][ T5105] loop0: detected capacity change from 0 to 1024 [ 110.415942][ T5105] EXT4-fs: Ignoring removed oldalloc option [pid 5105] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file1") = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5105] write(4, "\xe0", 1) = 1 [pid 5105] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 110.439512][ T5105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5105] exit_group(0) = ? [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 110.562278][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached , child_tidptr=0x55555b90b650) = 5108 [pid 5108] set_robust_list(0x55555b90b660, 24) = 0 [pid 5108] chdir("./10") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5108] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] close(4) = 0 [pid 5108] mkdir("./file1", 0777) = 0 [ 110.718925][ T5108] loop0: detected capacity change from 0 to 1024 [ 110.745616][ T5108] EXT4-fs: Ignoring removed oldalloc option [pid 5108] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file1") = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5108] write(4, "\xe0", 1) = 1 [pid 5108] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5108] exit_group(0) = ? [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 110.770421][ T5108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 110.879579][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x55555b90b650) = 5111 [pid 5111] set_robust_list(0x55555b90b660, 24) = 0 [pid 5111] chdir("./11") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5111] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] close(4) = 0 [pid 5111] mkdir("./file1", 0777) = 0 [ 111.096536][ T5111] loop0: detected capacity change from 0 to 1024 [ 111.123168][ T5111] EXT4-fs: Ignoring removed oldalloc option [pid 5111] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file1") = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5111] write(4, "\xe0", 1) = 1 [pid 5111] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 111.159106][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5111] exit_group(0) = ? [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 111.278908][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./11/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached , child_tidptr=0x55555b90b650) = 5115 [pid 5115] set_robust_list(0x55555b90b660, 24) = 0 [pid 5115] chdir("./12") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5115] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] close(4) = 0 [pid 5115] mkdir("./file1", 0777) = 0 [ 111.508294][ T5115] loop0: detected capacity change from 0 to 1024 [ 111.546086][ T5115] EXT4-fs: Ignoring removed oldalloc option [pid 5115] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5115] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file1") = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5115] write(4, "\xe0", 1) = 1 [pid 5115] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 111.570593][ T5115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5115] exit_group(0) = ? [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 111.701842][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./12/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached , child_tidptr=0x55555b90b650) = 5118 [pid 5118] set_robust_list(0x55555b90b660, 24) = 0 [pid 5118] chdir("./13") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5118] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] close(4) = 0 [pid 5118] mkdir("./file1", 0777) = 0 [ 111.905287][ T5118] loop0: detected capacity change from 0 to 1024 [ 111.927880][ T5118] EXT4-fs: Ignoring removed oldalloc option [pid 5118] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5118] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file1") = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5118] write(4, "\xe0", 1) = 1 [pid 5118] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [ 111.966888][ T5118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5118] exit_group(0) = ? [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 112.058798][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x55555b90b660, 24) = 0 [pid 5121] chdir("./14") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5121] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] close(4) = 0 [pid 5121] mkdir("./file1", 0777) = 0 [ 112.272818][ T5121] loop0: detected capacity change from 0 to 1024 [ 112.305125][ T5121] EXT4-fs: Ignoring removed oldalloc option [pid 5121] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5121] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./file1") = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5121] write(4, "\xe0", 1) = 1 [pid 5121] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [ 112.328905][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5121] exit_group(0) = ? [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 112.435084][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached , child_tidptr=0x55555b90b650) = 5124 [pid 5124] set_robust_list(0x55555b90b660, 24) = 0 [pid 5124] chdir("./15") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5124] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] close(4) = 0 [pid 5124] mkdir("./file1", 0777) = 0 [ 112.670988][ T5124] loop0: detected capacity change from 0 to 1024 [pid 5124] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file1") = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5124] write(4, "\xe0", 1) = 1 [pid 5124] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [ 112.711560][ T5124] EXT4-fs: Ignoring removed oldalloc option [ 112.739975][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 112.847002][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x55555b90b650) = 5127 [pid 5127] set_robust_list(0x55555b90b660, 24) = 0 [pid 5127] chdir("./16") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5127] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] close(4) = 0 [pid 5127] mkdir("./file1", 0777) = 0 [ 113.026834][ T5127] loop0: detected capacity change from 0 to 1024 [ 113.054487][ T5127] EXT4-fs: Ignoring removed oldalloc option [pid 5127] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./file1") = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 113.082404][ T5127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5127] write(4, "\xe0", 1) = 1 [pid 5127] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5127] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 113.223533][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./16/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached , child_tidptr=0x55555b90b650) = 5130 [pid 5130] set_robust_list(0x55555b90b660, 24) = 0 [pid 5130] chdir("./17") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5130] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] close(4) = 0 [pid 5130] mkdir("./file1", 0777) = 0 [ 113.487390][ T5130] loop0: detected capacity change from 0 to 1024 [ 113.521308][ T5130] EXT4-fs: Ignoring removed oldalloc option [pid 5130] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5130] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file1") = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5130] write(4, "\xe0", 1) = 1 [pid 5130] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5130] exit_group(0) = ? [ 113.541235][ T5130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 [ 113.648066][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x55555b90b650) = 5133 [pid 5133] set_robust_list(0x55555b90b660, 24) = 0 [pid 5133] chdir("./18") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5133] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] close(4) = 0 [pid 5133] mkdir("./file1", 0777) = 0 [ 113.851282][ T5133] loop0: detected capacity change from 0 to 1024 [ 113.875416][ T5133] EXT4-fs: Ignoring removed oldalloc option [pid 5133] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./file1") = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5133] write(4, "\xe0", 1) = 1 [pid 5133] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 113.906056][ T5133] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 114.014899][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5136 attached , child_tidptr=0x55555b90b650) = 5136 [pid 5136] set_robust_list(0x55555b90b660, 24) = 0 [pid 5136] chdir("./19") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5136] setpgid(0, 0) = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5136] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] close(4) = 0 [pid 5136] mkdir("./file1", 0777) = 0 [ 114.210790][ T5136] loop0: detected capacity change from 0 to 1024 [ 114.237801][ T5136] EXT4-fs: Ignoring removed oldalloc option [pid 5136] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5136] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file1") = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5136] write(4, "\xe0", 1) = 1 [pid 5136] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5136] exit_group(0) = ? [ 114.260426][ T5136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 [ 114.380044][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached , child_tidptr=0x55555b90b650) = 5139 [pid 5139] set_robust_list(0x55555b90b660, 24) = 0 [pid 5139] chdir("./20") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5139] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] close(4) = 0 [pid 5139] mkdir("./file1", 0777) = 0 [ 114.606242][ T5139] loop0: detected capacity change from 0 to 1024 [ 114.631741][ T5139] EXT4-fs: Ignoring removed oldalloc option [pid 5139] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./file1") = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5139] write(4, "\xe0", 1) = 1 [pid 5139] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5139] exit_group(0) = ? [ 114.656467][ T5139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 114.767383][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5142 ./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x55555b90b660, 24) = 0 [pid 5142] chdir("./21") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5142] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] close(4) = 0 [pid 5142] mkdir("./file1", 0777) = 0 [ 114.986866][ T5142] loop0: detected capacity change from 0 to 1024 [ 115.019074][ T5142] EXT4-fs: Ignoring removed oldalloc option [pid 5142] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5142] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file1") = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5142] write(4, "\xe0", 1) = 1 [pid 5142] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 115.049226][ T5142] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5142] exit_group(0) = ? [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 115.159361][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./21/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached , child_tidptr=0x55555b90b650) = 5145 [pid 5145] set_robust_list(0x55555b90b660, 24) = 0 [pid 5145] chdir("./22") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5145] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] close(4) = 0 [pid 5145] mkdir("./file1", 0777) = 0 [ 115.402913][ T5145] loop0: detected capacity change from 0 to 1024 [ 115.431241][ T5145] EXT4-fs: Ignoring removed oldalloc option [pid 5145] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file1") = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5145] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5145] write(4, "\xe0", 1) = 1 [pid 5145] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5145] exit_group(0) = ? [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 [ 115.450300][ T5145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 115.545601][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./22/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x55555b90b660, 24 [pid 5074] <... clone resumed>, child_tidptr=0x55555b90b650) = 5148 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5148] chdir("./23") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] memfd_create("syzkaller", 0) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5148] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5148] close(3) = 0 [pid 5148] close(4) = 0 [pid 5148] mkdir("./file1", 0777) = 0 [ 115.794903][ T5148] loop0: detected capacity change from 0 to 1024 [ 115.828756][ T5148] EXT4-fs: Ignoring removed oldalloc option [pid 5148] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5148] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5148] chdir("./file1") = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5148] write(4, "\xe0", 1) = 1 [pid 5148] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5148] exit_group(0) = ? [ 115.853979][ T5148] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 115.964387][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./23/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x55555b90b650) = 5151 [pid 5151] set_robust_list(0x55555b90b660, 24) = 0 [pid 5151] chdir("./24") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5151] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] close(4) = 0 [pid 5151] mkdir("./file1", 0777) = 0 [ 116.225677][ T5151] loop0: detected capacity change from 0 to 1024 [ 116.263947][ T5151] EXT4-fs: Ignoring removed oldalloc option [pid 5151] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file1") = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5151] write(4, "\xe0", 1) = 1 [pid 5151] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5151] exit_group(0) = ? [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 116.309681][ T5151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 116.386210][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached , child_tidptr=0x55555b90b650) = 5154 [pid 5154] set_robust_list(0x55555b90b660, 24) = 0 [pid 5154] chdir("./25") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5154] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] close(4) = 0 [pid 5154] mkdir("./file1", 0777) = 0 [ 116.545722][ T5154] loop0: detected capacity change from 0 to 1024 [ 116.585604][ T5154] EXT4-fs: Ignoring removed oldalloc option [pid 5154] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5154] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./file1") = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 116.620180][ T5154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5154] write(4, "\xe0", 1) = 1 [pid 5154] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5154] exit_group(0) = ? [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 [ 116.767058][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x55555b90b650) = 5157 [pid 5157] set_robust_list(0x55555b90b660, 24) = 0 [pid 5157] chdir("./26") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5157] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] close(4) = 0 [pid 5157] mkdir("./file1", 0777) = 0 [ 116.994338][ T5157] loop0: detected capacity change from 0 to 1024 [ 117.017599][ T5157] EXT4-fs: Ignoring removed oldalloc option [pid 5157] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file1") = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5157] write(4, "\xe0", 1) = 1 [pid 5157] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 117.049500][ T5157] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5157] exit_group(0) = ? [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 117.167588][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x55555b90b650) = 5160 [pid 5160] set_robust_list(0x55555b90b660, 24) = 0 [pid 5160] chdir("./27") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5160] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] close(4) = 0 [pid 5160] mkdir("./file1", 0777) = 0 [ 117.409116][ T5160] loop0: detected capacity change from 0 to 1024 [ 117.445116][ T5160] EXT4-fs: Ignoring removed oldalloc option [pid 5160] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5160] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file1") = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5160] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5160] write(4, "\xe0", 1) = 1 [pid 5160] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5160] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5160] exit_group(0) = ? [ 117.480431][ T5160] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 117.586243][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./27/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached , child_tidptr=0x55555b90b650) = 5163 [pid 5163] set_robust_list(0x55555b90b660, 24) = 0 [pid 5163] chdir("./28") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5163] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] close(4) = 0 [pid 5163] mkdir("./file1", 0777) = 0 [ 117.820300][ T5163] loop0: detected capacity change from 0 to 1024 [ 117.856679][ T5163] EXT4-fs: Ignoring removed oldalloc option [pid 5163] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5163] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] chdir("./file1") = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5163] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5163] write(4, "\xe0", 1) = 1 [pid 5163] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5163] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5163] exit_group(0) = ? [ 117.891266][ T5163] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 118.014784][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./28/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5166 attached , child_tidptr=0x55555b90b650) = 5166 [pid 5166] set_robust_list(0x55555b90b660, 24) = 0 [pid 5166] chdir("./29") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5166] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] close(4) = 0 [pid 5166] mkdir("./file1", 0777) = 0 [ 118.249682][ T5166] loop0: detected capacity change from 0 to 1024 [ 118.275959][ T5166] EXT4-fs: Ignoring removed oldalloc option [pid 5166] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5166] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file1") = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5166] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5166] write(4, "\xe0", 1) = 1 [pid 5166] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5166] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5166] exit_group(0) = ? [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 118.306011][ T5166] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 118.410498][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5170 attached , child_tidptr=0x55555b90b650) = 5170 [pid 5170] set_robust_list(0x55555b90b660, 24) = 0 [pid 5170] chdir("./30") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5170] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] close(4) = 0 [pid 5170] mkdir("./file1", 0777) = 0 [ 118.607479][ T5170] loop0: detected capacity change from 0 to 1024 [ 118.636821][ T5170] EXT4-fs: Ignoring removed oldalloc option [pid 5170] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5170] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file1") = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5170] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5170] write(4, "\xe0", 1) = 1 [pid 5170] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5170] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5170] exit_group(0) = ? [ 118.668756][ T5170] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 118.782905][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached , child_tidptr=0x55555b90b650) = 5173 [pid 5173] set_robust_list(0x55555b90b660, 24) = 0 [pid 5173] chdir("./31") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5173] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5173] close(3) = 0 [pid 5173] close(4) = 0 [pid 5173] mkdir("./file1", 0777) = 0 [ 118.987130][ T5173] loop0: detected capacity change from 0 to 1024 [ 119.014611][ T5173] EXT4-fs: Ignoring removed oldalloc option [pid 5173] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5173] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5173] chdir("./file1") = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5173] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5173] write(4, "\xe0", 1) = 1 [ 119.034472][ T5173] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5173] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5173] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5173] exit_group(0) = ? [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 119.173203][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached , child_tidptr=0x55555b90b650) = 5176 [pid 5176] set_robust_list(0x55555b90b660, 24) = 0 [pid 5176] chdir("./32") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5176] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] close(4) = 0 [pid 5176] mkdir("./file1", 0777) = 0 [ 119.442618][ T5176] loop0: detected capacity change from 0 to 1024 [pid 5176] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5176] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./file1") = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5176] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5176] write(4, "\xe0", 1) = 1 [pid 5176] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 119.484455][ T5176] EXT4-fs: Ignoring removed oldalloc option [pid 5176] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5176] exit_group(0) = ? [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x55555b90b650) = 5179 [pid 5179] set_robust_list(0x55555b90b660, 24) = 0 [pid 5179] chdir("./33") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] memfd_create("syzkaller", 0) = 3 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5179] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5179] close(3) = 0 [pid 5179] close(4) = 0 [pid 5179] mkdir("./file1", 0777) = 0 [pid 5179] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5179] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5179] chdir("./file1") = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5179] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5179] write(4, "\xe0", 1) = 1 [pid 5179] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 119.872255][ T5179] loop0: detected capacity change from 0 to 1024 [ 119.895146][ T5179] EXT4-fs: Ignoring removed oldalloc option [pid 5179] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5179] exit_group(0) = ? [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x55555b90b650) = 5183 [pid 5183] set_robust_list(0x55555b90b660, 24) = 0 [pid 5183] chdir("./34") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5183] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] close(4) = 0 [pid 5183] mkdir("./file1", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5183] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./file1") = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5183] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 120.248927][ T5183] loop0: detected capacity change from 0 to 1024 [ 120.278300][ T5183] EXT4-fs: Ignoring removed oldalloc option [pid 5183] write(4, "\xe0", 1) = 1 [pid 5183] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5183] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5183] exit_group(0) = ? [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached , child_tidptr=0x55555b90b650) = 5186 [pid 5186] set_robust_list(0x55555b90b660, 24) = 0 [pid 5186] chdir("./35") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5186] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] close(4) = 0 [pid 5186] mkdir("./file1", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5186] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file1") = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5186] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 120.570736][ T5186] loop0: detected capacity change from 0 to 1024 [ 120.599335][ T5186] EXT4-fs: Ignoring removed oldalloc option [pid 5186] write(4, "\xe0", 1) = 1 [pid 5186] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5186] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5186] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x55555b90b650) = 5189 [pid 5189] set_robust_list(0x55555b90b660, 24) = 0 [pid 5189] chdir("./36") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5189] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] close(4) = 0 [pid 5189] mkdir("./file1", 0777) = 0 [pid 5189] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5189] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file1") = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5189] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 120.998273][ T5189] loop0: detected capacity change from 0 to 1024 [ 121.027228][ T5189] EXT4-fs: Ignoring removed oldalloc option [pid 5189] write(4, "\xe0", 1) = 1 [pid 5189] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5189] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5189] exit_group(0) = ? [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5192 ./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x55555b90b660, 24) = 0 [pid 5192] chdir("./37") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5192] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] close(4) = 0 [pid 5192] mkdir("./file1", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5192] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file1") = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5192] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5192] write(4, "\xe0", 1) = 1 [ 121.335736][ T5192] loop0: detected capacity change from 0 to 1024 [ 121.362964][ T5192] EXT4-fs: Ignoring removed oldalloc option [pid 5192] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5192] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5192] exit_group(0) = ? [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5195 attached , child_tidptr=0x55555b90b650) = 5195 [pid 5195] set_robust_list(0x55555b90b660, 24) = 0 [pid 5195] chdir("./38") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5195] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] close(4) = 0 [pid 5195] mkdir("./file1", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5195] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file1") = 0 [ 121.712160][ T5195] loop0: detected capacity change from 0 to 1024 [ 121.735468][ T5195] EXT4-fs: Ignoring removed oldalloc option [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5195] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5195] write(4, "\xe0", 1) = 1 [pid 5195] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5195] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5195] exit_group(0) = ? [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5198 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x55555b90b660, 24) = 0 [pid 5198] chdir("./39") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] memfd_create("syzkaller", 0) = 3 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5198] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] close(4) = 0 [pid 5198] mkdir("./file1", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5198] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] chdir("./file1") = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5198] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5198] write(4, "\xe0", 1) = 1 [pid 5198] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5198] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [ 122.105852][ T5198] loop0: detected capacity change from 0 to 1024 [ 122.127525][ T5198] EXT4-fs: Ignoring removed oldalloc option [pid 5198] exit_group(0) = ? [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x55555b90b650) = 5201 [pid 5201] set_robust_list(0x55555b90b660, 24) = 0 [pid 5201] chdir("./40") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5201] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] close(4) = 0 [pid 5201] mkdir("./file1", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file1") = 0 [ 122.474640][ T5201] loop0: detected capacity change from 0 to 1024 [ 122.488632][ T5201] EXT4-fs: Ignoring removed oldalloc option [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5201] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5201] write(4, "\xe0", 1) = 1 [pid 5201] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5201] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5201] exit_group(0) = ? [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached , child_tidptr=0x55555b90b650) = 5205 [pid 5205] set_robust_list(0x55555b90b660, 24) = 0 [pid 5205] chdir("./41") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5205] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] close(4) = 0 [pid 5205] mkdir("./file1", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5205] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file1") = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5205] write(4, "\xe0", 1) = 1 [ 122.844453][ T5205] loop0: detected capacity change from 0 to 1024 [ 122.883577][ T5205] EXT4-fs: Ignoring removed oldalloc option [pid 5205] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5205] exit_group(0) = ? [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached , child_tidptr=0x55555b90b650) = 5208 [pid 5208] set_robust_list(0x55555b90b660, 24) = 0 [pid 5208] chdir("./42") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5208] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] close(4) = 0 [pid 5208] mkdir("./file1", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 123.205616][ T5208] loop0: detected capacity change from 0 to 1024 [ 123.244733][ T5208] EXT4-fs: Ignoring removed oldalloc option [pid 5208] chdir("./file1") = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5208] write(4, "\xe0", 1) = 1 [pid 5208] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5208] exit_group(0) = ? [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5211 attached , child_tidptr=0x55555b90b650) = 5211 [pid 5211] set_robust_list(0x55555b90b660, 24) = 0 [pid 5211] chdir("./43") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5211] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] close(4) = 0 [pid 5211] mkdir("./file1", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5211] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./file1") = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5211] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5211] write(4, "\xe0", 1) = 1 [ 123.583112][ T5211] loop0: detected capacity change from 0 to 1024 [ 123.618930][ T5211] EXT4-fs: Ignoring removed oldalloc option [pid 5211] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5211] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5211] exit_group(0) = ? [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x55555b90b650) = 5214 [pid 5214] set_robust_list(0x55555b90b660, 24) = 0 [pid 5214] chdir("./44") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5214] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] close(4) = 0 [pid 5214] mkdir("./file1", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5214] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file1") = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5214] write(4, "\xe0", 1) = 1 [pid 5214] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5214] exit_group(0) = ? [ 123.995490][ T5214] loop0: detected capacity change from 0 to 1024 [ 124.021087][ T5214] EXT4-fs: Ignoring removed oldalloc option [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached , child_tidptr=0x55555b90b650) = 5218 [pid 5218] set_robust_list(0x55555b90b660, 24) = 0 [pid 5218] chdir("./45") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5218] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] close(4) = 0 [pid 5218] mkdir("./file1", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 124.356547][ T5218] loop0: detected capacity change from 0 to 1024 [ 124.372977][ T5218] EXT4-fs: Ignoring removed oldalloc option [pid 5218] chdir("./file1") = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5218] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5218] write(4, "\xe0", 1) = 1 [pid 5218] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5218] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x55555b90b660, 24 [pid 5074] <... clone resumed>, child_tidptr=0x55555b90b650) = 5221 [pid 5221] <... set_robust_list resumed>) = 0 [pid 5221] chdir("./46") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5221] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] close(4) = 0 [ 124.739205][ T5221] loop0: detected capacity change from 0 to 1024 [pid 5221] mkdir("./file1", 0777) = 0 [pid 5221] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./file1") = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 124.789299][ T5221] EXT4-fs: Ignoring removed oldalloc option [pid 5221] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5221] write(4, "\xe0", 1) = 1 [pid 5221] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5221] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5221] exit_group(0) = ? [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x55555b90b650) = 5224 [pid 5224] set_robust_list(0x55555b90b660, 24) = 0 [pid 5224] chdir("./47") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5224] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./file1", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file1") = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 125.110306][ T5224] loop0: detected capacity change from 0 to 1024 [ 125.138558][ T5224] EXT4-fs: Ignoring removed oldalloc option [pid 5224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5224] write(4, "\xe0", 1) = 1 [pid 5224] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x55555b90b650) = 5227 [pid 5227] set_robust_list(0x55555b90b660, 24) = 0 [pid 5227] chdir("./48") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5227] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] close(4) = 0 [pid 5227] mkdir("./file1", 0777) = 0 [pid 5227] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5227] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./file1") = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 125.504744][ T5227] loop0: detected capacity change from 0 to 1024 [ 125.541407][ T5227] EXT4-fs: Ignoring removed oldalloc option [pid 5227] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5227] write(4, "\xe0", 1) = 1 [pid 5227] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5227] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5227] exit_group(0) = ? [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached , child_tidptr=0x55555b90b650) = 5230 [pid 5230] set_robust_list(0x55555b90b660, 24) = 0 [pid 5230] chdir("./49") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5230] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] close(4) = 0 [pid 5230] mkdir("./file1", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [ 125.887381][ T5230] loop0: detected capacity change from 0 to 1024 [ 125.915186][ T5230] EXT4-fs: Ignoring removed oldalloc option [pid 5230] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file1") = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5230] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5230] write(4, "\xe0", 1) = 1 [pid 5230] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5230] exit_group(0) = ? [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x55555b90b660, 24) = 0 [pid 5074] <... clone resumed>, child_tidptr=0x55555b90b650) = 5234 [pid 5234] chdir("./50") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5234] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file1", 0777) = 0 [ 126.208700][ T5234] loop0: detected capacity change from 0 to 1024 [pid 5234] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5234] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file1") = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5234] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5234] write(4, "\xe0", 1) = 1 [pid 5234] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 126.251185][ T5234] EXT4-fs: Ignoring removed oldalloc option [pid 5234] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5234] exit_group(0) = ? [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x55555b90b660, 24 [pid 5074] <... clone resumed>, child_tidptr=0x55555b90b650) = 5237 [pid 5237] <... set_robust_list resumed>) = 0 [pid 5237] chdir("./51") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5237] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file1", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file1") = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 126.636167][ T5237] loop0: detected capacity change from 0 to 1024 [ 126.662263][ T5237] EXT4-fs: Ignoring removed oldalloc option [pid 5237] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5237] write(4, "\xe0", 1) = 1 [pid 5237] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5237] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5237] exit_group(0) = ? [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached , child_tidptr=0x55555b90b650) = 5240 [pid 5240] set_robust_list(0x55555b90b660, 24) = 0 [pid 5240] chdir("./52") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5240] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] close(4) = 0 [pid 5240] mkdir("./file1", 0777) = 0 [pid 5240] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5240] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file1") = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 127.014741][ T5240] loop0: detected capacity change from 0 to 1024 [ 127.051620][ T5240] EXT4-fs: Ignoring removed oldalloc option [pid 5240] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5240] write(4, "\xe0", 1) = 1 [pid 5240] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5240] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5240] exit_group(0) = ? [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached , child_tidptr=0x55555b90b650) = 5244 [pid 5244] set_robust_list(0x55555b90b660, 24) = 0 [pid 5244] chdir("./53") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5244] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] close(4) = 0 [pid 5244] mkdir("./file1", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5244] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file1") = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 127.436302][ T5244] loop0: detected capacity change from 0 to 1024 [ 127.471254][ T5244] EXT4-fs: Ignoring removed oldalloc option [pid 5244] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5244] write(4, "\xe0", 1) = 1 [pid 5244] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5244] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5244] exit_group(0) = ? [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x55555b90b650) = 5247 [pid 5247] set_robust_list(0x55555b90b660, 24) = 0 [pid 5247] chdir("./54") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5247] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] close(4) = 0 [pid 5247] mkdir("./file1", 0777) = 0 [ 127.847514][ T5247] loop0: detected capacity change from 0 to 1024 [pid 5247] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5247] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./file1") = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5247] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5247] write(4, "\xe0", 1) = 1 [pid 5247] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5247] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5247] exit_group(0) = ? [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 127.892159][ T5247] EXT4-fs: Ignoring removed oldalloc option umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x55555b90b650) = 5250 [pid 5250] set_robust_list(0x55555b90b660, 24) = 0 [pid 5250] chdir("./55") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5250] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] close(4) = 0 [pid 5250] mkdir("./file1", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5250] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file1") = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 128.284033][ T5250] loop0: detected capacity change from 0 to 1024 [ 128.310050][ T5250] EXT4-fs: Ignoring removed oldalloc option [pid 5250] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5250] write(4, "\xe0", 1) = 1 [pid 5250] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5250] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5250] exit_group(0) = ? [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached , child_tidptr=0x55555b90b650) = 5253 [pid 5253] set_robust_list(0x55555b90b660, 24) = 0 [pid 5253] chdir("./56") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] memfd_create("syzkaller", 0) = 3 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5253] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5253] close(3) = 0 [pid 5253] close(4) = 0 [pid 5253] mkdir("./file1", 0777) = 0 [pid 5253] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5253] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5253] chdir("./file1") = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 128.645665][ T5253] loop0: detected capacity change from 0 to 1024 [ 128.680300][ T5253] EXT4-fs: Ignoring removed oldalloc option [pid 5253] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5253] write(4, "\xe0", 1) = 1 [pid 5253] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5253] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5253] exit_group(0) = ? [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x55555b90b650) = 5256 [pid 5256] set_robust_list(0x55555b90b660, 24) = 0 [pid 5256] chdir("./57") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5256] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] close(4) = 0 [pid 5256] mkdir("./file1", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5256] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file1") = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5256] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 129.088794][ T5256] loop0: detected capacity change from 0 to 1024 [ 129.125762][ T5256] EXT4-fs: Ignoring removed oldalloc option [pid 5256] write(4, "\xe0", 1) = 1 [pid 5256] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5256] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5256] exit_group(0) = ? [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5259 attached , child_tidptr=0x55555b90b650) = 5259 [pid 5259] set_robust_list(0x55555b90b660, 24) = 0 [pid 5259] chdir("./58") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] memfd_create("syzkaller", 0) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5259] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] close(4) = 0 [pid 5259] mkdir("./file1", 0777) = 0 [pid 5259] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5259] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 129.375739][ T5259] loop0: detected capacity change from 0 to 1024 [ 129.412505][ T5259] EXT4-fs: Ignoring removed oldalloc option [pid 5259] chdir("./file1") = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5259] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5259] write(4, "\xe0", 1) = 1 [pid 5259] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5259] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5259] exit_group(0) = ? [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5262 attached , child_tidptr=0x55555b90b650) = 5262 [pid 5262] set_robust_list(0x55555b90b660, 24) = 0 [pid 5262] chdir("./59") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] memfd_create("syzkaller", 0) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5262] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] close(4) = 0 [pid 5262] mkdir("./file1", 0777) = 0 [pid 5262] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5262] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./file1") = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 129.769169][ T5262] loop0: detected capacity change from 0 to 1024 [ 129.794183][ T5262] EXT4-fs: Ignoring removed oldalloc option [pid 5262] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5262] write(4, "\xe0", 1) = 1 [pid 5262] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5262] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5262] exit_group(0) = ? [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5265 attached , child_tidptr=0x55555b90b650) = 5265 [pid 5265] set_robust_list(0x55555b90b660, 24) = 0 [pid 5265] chdir("./60") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] memfd_create("syzkaller", 0) = 3 [pid 5265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5265] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5265] close(3) = 0 [pid 5265] close(4) = 0 [pid 5265] mkdir("./file1", 0777) = 0 [pid 5265] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5265] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5265] chdir("./file1") = 0 [pid 5265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 130.168291][ T5265] loop0: detected capacity change from 0 to 1024 [ 130.205479][ T5265] EXT4-fs: Ignoring removed oldalloc option [pid 5265] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5265] write(4, "\xe0", 1) = 1 [pid 5265] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5265] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5265] exit_group(0) = ? [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached , child_tidptr=0x55555b90b650) = 5268 [pid 5268] set_robust_list(0x55555b90b660, 24) = 0 [pid 5268] chdir("./61") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] memfd_create("syzkaller", 0) = 3 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5268] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5268] close(3) = 0 [pid 5268] close(4) = 0 [pid 5268] mkdir("./file1", 0777) = 0 [pid 5268] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5268] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5268] chdir("./file1") = 0 [ 130.566401][ T5268] loop0: detected capacity change from 0 to 1024 [ 130.605361][ T5268] EXT4-fs: Ignoring removed oldalloc option [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5268] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5268] write(4, "\xe0", 1) = 1 [pid 5268] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5268] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5268] exit_group(0) = ? [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5271 attached , child_tidptr=0x55555b90b650) = 5271 [pid 5271] set_robust_list(0x55555b90b660, 24) = 0 [pid 5271] chdir("./62") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] memfd_create("syzkaller", 0) = 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5271] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5271] close(3) = 0 [pid 5271] close(4) = 0 [pid 5271] mkdir("./file1", 0777) = 0 [pid 5271] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5271] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5271] chdir("./file1") = 0 [ 130.886411][ T5271] loop0: detected capacity change from 0 to 1024 [ 130.909098][ T5271] EXT4-fs: Ignoring removed oldalloc option [pid 5271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5271] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5271] write(4, "\xe0", 1) = 1 [pid 5271] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5271] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5271] exit_group(0) = ? [pid 5271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5274 attached , child_tidptr=0x55555b90b650) = 5274 [pid 5274] set_robust_list(0x55555b90b660, 24) = 0 [pid 5274] chdir("./63") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] memfd_create("syzkaller", 0) = 3 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5274] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5274] close(3) = 0 [pid 5274] close(4) = 0 [pid 5274] mkdir("./file1", 0777) = 0 [pid 5274] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5274] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./file1") = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 131.315626][ T5274] loop0: detected capacity change from 0 to 1024 [ 131.332438][ T5274] EXT4-fs: Ignoring removed oldalloc option [pid 5274] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5274] write(4, "\xe0", 1) = 1 [pid 5274] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5274] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5274] exit_group(0) = ? [pid 5274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5277 ./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x55555b90b660, 24) = 0 [pid 5277] chdir("./64") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] memfd_create("syzkaller", 0) = 3 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5277] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5277] close(3) = 0 [pid 5277] close(4) = 0 [pid 5277] mkdir("./file1", 0777) = 0 [pid 5277] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5277] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5277] chdir("./file1") = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5277] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5277] write(4, "\xe0", 1) = 1 [pid 5277] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 131.677028][ T5277] loop0: detected capacity change from 0 to 1024 [ 131.704910][ T5277] EXT4-fs: Ignoring removed oldalloc option [pid 5277] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5277] exit_group(0) = ? [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5280 ./strace-static-x86_64: Process 5280 attached [pid 5280] set_robust_list(0x55555b90b660, 24) = 0 [pid 5280] chdir("./65") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] memfd_create("syzkaller", 0) = 3 [pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5280] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5280] close(3) = 0 [pid 5280] close(4) = 0 [pid 5280] mkdir("./file1", 0777) = 0 [pid 5280] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5280] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 132.056025][ T5280] loop0: detected capacity change from 0 to 1024 [ 132.089094][ T5280] EXT4-fs: Ignoring removed oldalloc option [pid 5280] chdir("./file1") = 0 [pid 5280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5280] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5280] write(4, "\xe0", 1) = 1 [pid 5280] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5280] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5280] exit_group(0) = ? [pid 5280] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x55555b90b650) = 5283 [pid 5283] set_robust_list(0x55555b90b660, 24) = 0 [pid 5283] chdir("./66") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] memfd_create("syzkaller", 0) = 3 [pid 5283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5283] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5283] close(3) = 0 [pid 5283] close(4) = 0 [pid 5283] mkdir("./file1", 0777) = 0 [pid 5283] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5283] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5283] chdir("./file1") = 0 [ 132.401649][ T5283] loop0: detected capacity change from 0 to 1024 [ 132.432570][ T5283] EXT4-fs: Ignoring removed oldalloc option [pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5283] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5283] write(4, "\xe0", 1) = 1 [pid 5283] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5283] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5283] exit_group(0) = ? [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5286 ./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x55555b90b660, 24) = 0 [pid 5286] chdir("./67") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] memfd_create("syzkaller", 0) = 3 [pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5286] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5286] close(3) = 0 [pid 5286] close(4) = 0 [pid 5286] mkdir("./file1", 0777) = 0 [ 132.757948][ T5286] loop0: detected capacity change from 0 to 1024 [pid 5286] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5286] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5286] chdir("./file1") = 0 [pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5286] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5286] write(4, "\xe0", 1) = 1 [ 132.806060][ T5286] EXT4-fs: Ignoring removed oldalloc option [pid 5286] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5286] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5286] exit_group(0) = ? [pid 5286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached , child_tidptr=0x55555b90b650) = 5289 [pid 5289] set_robust_list(0x55555b90b660, 24) = 0 [pid 5289] chdir("./68") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] memfd_create("syzkaller", 0) = 3 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5289] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5289] close(3) = 0 [pid 5289] close(4) = 0 [pid 5289] mkdir("./file1", 0777) = 0 [pid 5289] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5289] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5289] chdir("./file1") = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5289] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5289] write(4, "\xe0", 1) = 1 [pid 5289] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 133.091979][ T5289] loop0: detected capacity change from 0 to 1024 [ 133.129105][ T5289] EXT4-fs: Ignoring removed oldalloc option [pid 5289] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5289] exit_group(0) = ? [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5292 attached , child_tidptr=0x55555b90b650) = 5292 [pid 5292] set_robust_list(0x55555b90b660, 24) = 0 [pid 5292] chdir("./69") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] memfd_create("syzkaller", 0) = 3 [pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5292] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5292] close(3) = 0 [pid 5292] close(4) = 0 [pid 5292] mkdir("./file1", 0777) = 0 [pid 5292] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5292] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5292] chdir("./file1") = 0 [pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 133.461195][ T5292] loop0: detected capacity change from 0 to 1024 [ 133.480320][ T5292] EXT4-fs: Ignoring removed oldalloc option [pid 5292] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5292] write(4, "\xe0", 1) = 1 [pid 5292] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5292] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5292] exit_group(0) = ? [pid 5292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x55555b90b660, 24) = 0 [pid 5295] chdir("./70") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] memfd_create("syzkaller", 0) = 3 [pid 5295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5295] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5295] close(3) = 0 [pid 5295] close(4) = 0 [pid 5295] mkdir("./file1", 0777) = 0 [pid 5295] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5295] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5295] chdir("./file1") = 0 [pid 5295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 133.863786][ T5295] loop0: detected capacity change from 0 to 1024 [ 133.884406][ T5295] EXT4-fs: Ignoring removed oldalloc option [pid 5295] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5295] write(4, "\xe0", 1) = 1 [pid 5295] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5295] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5295] exit_group(0) = ? [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached , child_tidptr=0x55555b90b650) = 5298 [pid 5298] set_robust_list(0x55555b90b660, 24) = 0 [pid 5298] chdir("./71") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5298] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5298] close(3) = 0 [pid 5298] close(4) = 0 [pid 5298] mkdir("./file1", 0777) = 0 [pid 5298] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5298] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5298] chdir("./file1") = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 134.285633][ T5298] loop0: detected capacity change from 0 to 1024 [ 134.324385][ T5298] EXT4-fs: Ignoring removed oldalloc option [pid 5298] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5298] write(4, "\xe0", 1) = 1 [pid 5298] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5298] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5298] exit_group(0) = ? [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5301 attached [pid 5301] set_robust_list(0x55555b90b660, 24 [pid 5074] <... clone resumed>, child_tidptr=0x55555b90b650) = 5301 [pid 5301] <... set_robust_list resumed>) = 0 [pid 5301] chdir("./72") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] memfd_create("syzkaller", 0) = 3 [pid 5301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5301] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5301] close(3) = 0 [pid 5301] close(4) = 0 [pid 5301] mkdir("./file1", 0777) = 0 [pid 5301] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5301] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5301] chdir("./file1") = 0 [pid 5301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5301] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5301] write(4, "\xe0", 1) = 1 [pid 5301] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5301] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5301] exit_group(0) = ? [pid 5301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5301, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 134.636525][ T5301] loop0: detected capacity change from 0 to 1024 [ 134.670227][ T5301] EXT4-fs: Ignoring removed oldalloc option restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached , child_tidptr=0x55555b90b650) = 5305 [pid 5305] set_robust_list(0x55555b90b660, 24) = 0 [pid 5305] chdir("./73") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] memfd_create("syzkaller", 0) = 3 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5305] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5305] close(3) = 0 [pid 5305] close(4) = 0 [pid 5305] mkdir("./file1", 0777) = 0 [pid 5305] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5305] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5305] chdir("./file1") = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5305] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5305] write(4, "\xe0", 1) = 1 [ 134.970115][ T5305] loop0: detected capacity change from 0 to 1024 [ 135.008905][ T5305] EXT4-fs: Ignoring removed oldalloc option [pid 5305] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 135.061412][ T5305] [ 135.063777][ T5305] ====================================================== [ 135.070788][ T5305] WARNING: possible circular locking dependency detected [ 135.077803][ T5305] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 135.084478][ T5305] ------------------------------------------------------ [ 135.091493][ T5305] syz-executor299/5305 is trying to acquire lock: [ 135.097908][ T5305] ffff888079a79800 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x173/0x440 [ 135.108343][ T5305] [ 135.108343][ T5305] but task is already holding lock: [ 135.115704][ T5305] ffff8880799fb488 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1ba0/0x29d0 [ 135.125058][ T5305] [ 135.125058][ T5305] which lock already depends on the new lock. [ 135.125058][ T5305] [ 135.135465][ T5305] [ 135.135465][ T5305] the existing dependency chain (in reverse order) is: [ 135.144475][ T5305] [ 135.144475][ T5305] -> #1 (&ei->i_data_sem/3){++++}-{3:3}: [ 135.152329][ T5305] down_write+0x3a/0x50 [ 135.157063][ T5305] ext4_xattr_set_entry+0x3a14/0x3cf0 [ 135.162974][ T5305] ext4_xattr_ibody_set+0x126/0x380 [ 135.168711][ T5305] ext4_xattr_set_handle+0x98d/0x1480 [ 135.174626][ T5305] ext4_xattr_set+0x149/0x380 [ 135.179846][ T5305] __vfs_setxattr+0x176/0x1e0 [ 135.185069][ T5305] __vfs_setxattr_noperm+0x127/0x5e0 [ 135.190909][ T5305] __vfs_setxattr_locked+0x182/0x260 [ 135.196731][ T5305] vfs_setxattr+0x146/0x350 [ 135.201770][ T5305] do_setxattr+0x146/0x170 [ 135.206738][ T5305] setxattr+0x15d/0x180 [ 135.211427][ T5305] path_setxattr+0x179/0x1e0 [ 135.216552][ T5305] __x64_sys_lsetxattr+0xc1/0x160 [ 135.222114][ T5305] do_syscall_64+0xd5/0x260 [ 135.227167][ T5305] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 135.233607][ T5305] [ 135.233607][ T5305] -> #0 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}: [ 135.241904][ T5305] __lock_acquire+0x2478/0x3b30 [ 135.247304][ T5305] lock_acquire+0x1b1/0x540 [ 135.252354][ T5305] down_write+0x3a/0x50 [ 135.257059][ T5305] ext4_xattr_inode_iget+0x173/0x440 [ 135.262884][ T5305] ext4_xattr_inode_get+0x16c/0x870 [ 135.268625][ T5305] ext4_expand_extra_isize_ea+0x1367/0x1ae0 [ 135.275065][ T5305] __ext4_expand_extra_isize+0x346/0x480 [ 135.281241][ T5305] __ext4_mark_inode_dirty+0x55a/0x860 [ 135.287241][ T5305] ext4_setattr+0x1c14/0x29d0 [ 135.292475][ T5305] notify_change+0x745/0x11c0 [ 135.297684][ T5305] do_truncate+0x15c/0x220 [ 135.302650][ T5305] path_openat+0x24b9/0x2990 [ 135.307786][ T5305] do_filp_open+0x1dc/0x430 [ 135.312838][ T5305] do_sys_openat2+0x17a/0x1e0 [ 135.318050][ T5305] __x64_sys_openat+0x175/0x210 [ 135.323448][ T5305] do_syscall_64+0xd5/0x260 [ 135.328501][ T5305] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 135.334943][ T5305] [ 135.334943][ T5305] other info that might help us debug this: [ 135.334943][ T5305] [ 135.345176][ T5305] Possible unsafe locking scenario: [ 135.345176][ T5305] [ 135.352637][ T5305] CPU0 CPU1 [ 135.358001][ T5305] ---- ---- [ 135.363367][ T5305] lock(&ei->i_data_sem/3); [ 135.367993][ T5305] lock(&ea_inode->i_rwsem#8/1); [ 135.375576][ T5305] lock(&ei->i_data_sem/3); [ 135.382705][ T5305] lock(&ea_inode->i_rwsem#8/1); [ 135.387773][ T5305] [ 135.387773][ T5305] *** DEADLOCK *** [ 135.387773][ T5305] [ 135.395911][ T5305] 5 locks held by syz-executor299/5305: [ 135.401475][ T5305] #0: ffff888059e02420 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1fba/0x2990 [ 135.410757][ T5305] #1: ffff8880799fb600 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: do_truncate+0x14b/0x220 [ 135.421082][ T5305] #2: ffff8880799fb7a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xdfd/0x29d0 [ 135.431318][ T5305] #3: ffff8880799fb488 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1ba0/0x29d0 [ 135.441115][ T5305] #4: ffff8880799fb2c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4cf/0x860 [ 135.451438][ T5305] [ 135.451438][ T5305] stack backtrace: [ 135.457411][ T5305] CPU: 1 PID: 5305 Comm: syz-executor299 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 135.467488][ T5305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 135.477549][ T5305] Call Trace: [ 135.480833][ T5305] [ 135.483782][ T5305] dump_stack_lvl+0x116/0x1f0 [ 135.488526][ T5305] check_noncircular+0x31a/0x400 [ 135.493488][ T5305] ? __pfx_check_noncircular+0x10/0x10 [ 135.498971][ T5305] ? lockdep_lock+0xc6/0x200 [ 135.503588][ T5305] ? __pfx_lockdep_lock+0x10/0x10 [ 135.508643][ T5305] __lock_acquire+0x2478/0x3b30 [ 135.513519][ T5305] ? __pfx___lock_acquire+0x10/0x10 [ 135.518735][ T5305] ? check_igot_inode+0x7c/0x1b0 [ 135.523786][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.528681][ T5305] ? look_up_lock_class+0x59/0x140 [ 135.533820][ T5305] ? __ext4_iget+0x1de/0x4370 [ 135.538524][ T5305] lock_acquire+0x1b1/0x540 [ 135.543058][ T5305] ? ext4_xattr_inode_iget+0x173/0x440 [ 135.548541][ T5305] ? __pfx_lock_acquire+0x10/0x10 [ 135.553583][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.558462][ T5305] ? __pfx___might_resched+0x10/0x10 [ 135.563776][ T5305] down_write+0x3a/0x50 [ 135.567967][ T5305] ? ext4_xattr_inode_iget+0x173/0x440 [ 135.573455][ T5305] ext4_xattr_inode_iget+0x173/0x440 [ 135.578770][ T5305] ext4_xattr_inode_get+0x16c/0x870 [ 135.583993][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.588903][ T5305] ? rcu_is_watching+0x12/0xc0 [ 135.593688][ T5305] ? __pfx_ext4_xattr_inode_get+0x10/0x10 [ 135.599426][ T5305] ? __kmalloc_node+0x244/0x480 [ 135.604289][ T5305] ? kvmalloc_node+0x9d/0x1a0 [ 135.608979][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.613863][ T5305] ext4_expand_extra_isize_ea+0x1367/0x1ae0 [ 135.619883][ T5305] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 135.626153][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.631053][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.635927][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.640804][ T5305] ? dquot_initialize_needed+0x183/0x2a0 [ 135.646488][ T5305] __ext4_expand_extra_isize+0x346/0x480 [ 135.652168][ T5305] __ext4_mark_inode_dirty+0x55a/0x860 [ 135.657646][ T5305] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 135.663676][ T5305] ? __pfx_lock_acquire+0x10/0x10 [ 135.668719][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.673599][ T5305] ? __pfx___might_resched+0x10/0x10 [ 135.678917][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.683817][ T5305] ext4_setattr+0x1c14/0x29d0 [ 135.688509][ T5305] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 135.694445][ T5305] ? __pfx_ext4_setattr+0x10/0x10 [ 135.699485][ T5305] notify_change+0x745/0x11c0 [ 135.704183][ T5305] do_truncate+0x15c/0x220 [ 135.708628][ T5305] ? __pfx_do_truncate+0x10/0x10 [ 135.713595][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.718470][ T5305] ? common_perm_cond+0x242/0x560 [ 135.723610][ T5305] path_openat+0x24b9/0x2990 [ 135.728233][ T5305] ? __pfx_path_openat+0x10/0x10 [ 135.733191][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.738086][ T5305] ? __pfx___lock_acquire+0x10/0x10 [ 135.743296][ T5305] ? find_held_lock+0x2d/0x110 [ 135.748094][ T5305] do_filp_open+0x1dc/0x430 [ 135.752624][ T5305] ? __pfx_do_filp_open+0x10/0x10 [ 135.757677][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.762577][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.767456][ T5305] ? find_held_lock+0x2d/0x110 [ 135.772262][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.777138][ T5305] ? _raw_spin_unlock+0x28/0x50 [ 135.782016][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.786896][ T5305] ? alloc_fd+0x2d9/0x6c0 [ 135.791424][ T5305] do_sys_openat2+0x17a/0x1e0 [ 135.796149][ T5305] ? __pfx_do_sys_openat2+0x10/0x10 [ 135.801363][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.806240][ T5305] ? ptrace_notify+0xf1/0x130 [ 135.810945][ T5305] ? __pfx_lock_release+0x10/0x10 [ 135.815993][ T5305] __x64_sys_openat+0x175/0x210 [ 135.820864][ T5305] ? __pfx___x64_sys_openat+0x10/0x10 [ 135.826256][ T5305] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.831482][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.836359][ T5305] ? _raw_spin_unlock_irq+0x2e/0x50 [ 135.841575][ T5305] ? srso_return_thunk+0x5/0x5f [ 135.846454][ T5305] ? ptrace_notify+0xf1/0x130 [ 135.851165][ T5305] do_syscall_64+0xd5/0x260 [ 135.855716][ T5305] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 135.862081][ T5305] RIP: 0033:0x7fcb23d052e9 [ 135.866507][ T5305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 135.886216][ T5305] RSP: 002b:00007ffc97734b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 135.894662][ T5305] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fcb23d052e9 [ 135.902641][ T5305] RDX: 0000000000143362 RSI: 00000000200000c0 RDI: 00000000ffffff9c [pid 5305] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5305] exit_group(0) = ? [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 135.910623][ T5305] RBP: 6c6c616c65646f6e R08: 00007ffc97734b60 R09: 00007ffc97734b60 [ 135.918604][ T5305] R10: 00000000fffffff6 R11: 0000000000000246 R12: 00007ffc97734b4c [ 135.926669][ T5305] R13: 0000000000000049 R14: 431bde82d7b634db R15: 00007ffc97734b80 [ 135.934658][ T5305] umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5310 ./strace-static-x86_64: Process 5310 attached [pid 5310] set_robust_list(0x55555b90b660, 24) = 0 [pid 5310] chdir("./74") = 0 [pid 5310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5310] setpgid(0, 0) = 0 [pid 5310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5310] write(3, "1000", 4) = 4 [pid 5310] close(3) = 0 [pid 5310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5310] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] close(4) = 0 [pid 5310] mkdir("./file1", 0777) = 0 [pid 5310] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5310] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] chdir("./file1") = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5310] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 136.129692][ T5310] loop0: detected capacity change from 0 to 1024 [ 136.154844][ T5310] EXT4-fs: Ignoring removed oldalloc option [pid 5310] write(4, "\xe0", 1) = 1 [pid 5310] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5310] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5310] exit_group(0) = ? [pid 5310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5310, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached , child_tidptr=0x55555b90b650) = 5313 [pid 5313] set_robust_list(0x55555b90b660, 24) = 0 [pid 5313] chdir("./75") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] memfd_create("syzkaller", 0) = 3 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5313] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5313] close(3) = 0 [pid 5313] close(4) = 0 [pid 5313] mkdir("./file1", 0777) = 0 [pid 5313] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5313] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5313] chdir("./file1") = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5313] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5313] write(4, "\xe0", 1) = 1 [pid 5313] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5313] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5313] exit_group(0) = ? [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 136.395766][ T5313] loop0: detected capacity change from 0 to 1024 [ 136.426948][ T5313] EXT4-fs: Ignoring removed oldalloc option restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5316 attached , child_tidptr=0x55555b90b650) = 5316 [pid 5316] set_robust_list(0x55555b90b660, 24) = 0 [pid 5316] chdir("./76") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] memfd_create("syzkaller", 0) = 3 [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5316] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5316] close(3) = 0 [pid 5316] close(4) = 0 [pid 5316] mkdir("./file1", 0777) = 0 [pid 5316] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5316] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5316] chdir("./file1") = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5316] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5316] write(4, "\xe0", 1) = 1 [pid 5316] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5316] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5316] exit_group(0) = ? [ 136.635509][ T5316] loop0: detected capacity change from 0 to 1024 [ 136.656129][ T5316] EXT4-fs: Ignoring removed oldalloc option [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5320 attached , child_tidptr=0x55555b90b650) = 5320 [pid 5320] set_robust_list(0x55555b90b660, 24) = 0 [pid 5320] chdir("./77") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] memfd_create("syzkaller", 0) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5320] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] close(4) = 0 [pid 5320] mkdir("./file1", 0777) = 0 [ 137.018879][ T5320] loop0: detected capacity change from 0 to 1024 [ 137.055868][ T5320] EXT4-fs: Ignoring removed oldalloc option [pid 5320] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file1") = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5320] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5320] write(4, "\xe0", 1) = 1 [pid 5320] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5320] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5320] exit_group(0) = ? [ 137.089171][ T5320] EXT4-fs mount: 90 callbacks suppressed [ 137.089189][ T5320] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 137.208229][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./77/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5324 attached , child_tidptr=0x55555b90b650) = 5324 [pid 5324] set_robust_list(0x55555b90b660, 24) = 0 [pid 5324] chdir("./78") = 0 [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5324] setpgid(0, 0) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5324] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] close(4) = 0 [pid 5324] mkdir("./file1", 0777) = 0 [pid 5324] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file1") = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5324] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5324] write(4, "\xe0", 1) = 1 [pid 5324] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 137.420227][ T5324] loop0: detected capacity change from 0 to 1024 [ 137.431612][ T5324] EXT4-fs: Ignoring removed oldalloc option [ 137.450436][ T5324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5324] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5324] exit_group(0) = ? [pid 5324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5324, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 137.574521][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./78/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5327 attached , child_tidptr=0x55555b90b650) = 5327 [pid 5327] set_robust_list(0x55555b90b660, 24) = 0 [pid 5327] chdir("./79") = 0 [pid 5327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5327] setpgid(0, 0) = 0 [pid 5327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5327] write(3, "1000", 4) = 4 [pid 5327] close(3) = 0 [pid 5327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5327] memfd_create("syzkaller", 0) = 3 [pid 5327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5327] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5327] close(3) = 0 [pid 5327] close(4) = 0 [pid 5327] mkdir("./file1", 0777) = 0 [ 137.792511][ T5327] loop0: detected capacity change from 0 to 1024 [ 137.831945][ T5327] EXT4-fs: Ignoring removed oldalloc option [pid 5327] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5327] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5327] chdir("./file1") = 0 [pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5327] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5327] write(4, "\xe0", 1) = 1 [pid 5327] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5327] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5327] exit_group(0) = ? [pid 5327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5327, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 137.848731][ T5327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 137.928460][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x55555b90b660, 24) = 0 [pid 5331] chdir("./80") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] memfd_create("syzkaller", 0) = 3 [pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5331] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5331] close(3) = 0 [pid 5331] close(4) = 0 [pid 5331] mkdir("./file1", 0777) = 0 [ 138.179786][ T5331] loop0: detected capacity change from 0 to 1024 [pid 5331] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5331] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5331] chdir("./file1") = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5331] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5331] write(4, "\xe0", 1) = 1 [pid 5331] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5331] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5331] exit_group(0) = ? [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 138.225144][ T5331] EXT4-fs: Ignoring removed oldalloc option [ 138.238754][ T5331] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 138.346744][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./80/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5334 ./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x55555b90b660, 24) = 0 [pid 5334] chdir("./81") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] memfd_create("syzkaller", 0) = 3 [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5334] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5334] close(3) = 0 [pid 5334] close(4) = 0 [pid 5334] mkdir("./file1", 0777) = 0 [ 138.611947][ T5334] loop0: detected capacity change from 0 to 1024 [ 138.638718][ T5334] EXT4-fs: Ignoring removed oldalloc option [pid 5334] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5334] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./file1") = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5334] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5334] write(4, "\xe0", 1) = 1 [pid 5334] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5334] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5334] exit_group(0) = ? [pid 5334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 138.659493][ T5334] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 [ 138.726644][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5338 attached , child_tidptr=0x55555b90b650) = 5338 [pid 5338] set_robust_list(0x55555b90b660, 24) = 0 [pid 5338] chdir("./82") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] memfd_create("syzkaller", 0) = 3 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5338] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5338] close(3) = 0 [pid 5338] close(4) = 0 [pid 5338] mkdir("./file1", 0777) = 0 [ 138.946164][ T5338] loop0: detected capacity change from 0 to 1024 [ 138.984902][ T5338] EXT4-fs: Ignoring removed oldalloc option [pid 5338] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5338] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5338] chdir("./file1") = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5338] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5338] write(4, "\xe0", 1) = 1 [pid 5338] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 139.001887][ T5338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5338] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5338] exit_group(0) = ? [pid 5338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 139.106400][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5343 attached , child_tidptr=0x55555b90b650) = 5343 [pid 5343] set_robust_list(0x55555b90b660, 24) = 0 [pid 5343] chdir("./83") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] memfd_create("syzkaller", 0) = 3 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5343] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5343] close(3) = 0 [pid 5343] close(4) = 0 [pid 5343] mkdir("./file1", 0777) = 0 [ 139.282374][ T5343] loop0: detected capacity change from 0 to 1024 [ 139.309443][ T5343] EXT4-fs: Ignoring removed oldalloc option [pid 5343] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5343] chdir("./file1") = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5343] write(4, "\xe0", 1) = 1 [pid 5343] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5343] exit_group(0) = ? [ 139.330474][ T5343] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 139.434090][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5346 attached , child_tidptr=0x55555b90b650) = 5346 [pid 5346] set_robust_list(0x55555b90b660, 24) = 0 [pid 5346] chdir("./84") = 0 [pid 5346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5346] setpgid(0, 0) = 0 [pid 5346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5346] write(3, "1000", 4) = 4 [pid 5346] close(3) = 0 [pid 5346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5346] memfd_create("syzkaller", 0) = 3 [pid 5346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5346] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5346] close(3) = 0 [pid 5346] close(4) = 0 [pid 5346] mkdir("./file1", 0777) = 0 [ 139.621897][ T5346] loop0: detected capacity change from 0 to 1024 [ 139.659721][ T5346] EXT4-fs: Ignoring removed oldalloc option [pid 5346] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5346] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5346] chdir("./file1") = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5346] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5346] write(4, "\xe0", 1) = 1 [ 139.679048][ T5346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5346] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5346] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5346] exit_group(0) = ? [pid 5346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5346, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 139.815469][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5349 attached , child_tidptr=0x55555b90b650) = 5349 [pid 5349] set_robust_list(0x55555b90b660, 24) = 0 [pid 5349] chdir("./85") = 0 [pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5349] setpgid(0, 0) = 0 [pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5349] write(3, "1000", 4) = 4 [pid 5349] close(3) = 0 [pid 5349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5349] memfd_create("syzkaller", 0) = 3 [pid 5349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5349] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5349] close(3) = 0 [pid 5349] close(4) = 0 [pid 5349] mkdir("./file1", 0777) = 0 [ 139.987637][ T5349] loop0: detected capacity change from 0 to 1024 [ 140.015395][ T5349] EXT4-fs: Ignoring removed oldalloc option [pid 5349] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5349] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5349] chdir("./file1") = 0 [pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5349] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5349] write(4, "\xe0", 1) = 1 [pid 5349] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5349] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5349] exit_group(0) = ? [pid 5349] +++ exited with 0 +++ [ 140.035309][ T5349] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5349, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 140.140416][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./85/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5352 attached , child_tidptr=0x55555b90b650) = 5352 [pid 5352] set_robust_list(0x55555b90b660, 24) = 0 [pid 5352] chdir("./86") = 0 [pid 5352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5352] setpgid(0, 0) = 0 [pid 5352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5352] write(3, "1000", 4) = 4 [pid 5352] close(3) = 0 [pid 5352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5352] memfd_create("syzkaller", 0) = 3 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5352] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5352] close(3) = 0 [pid 5352] close(4) = 0 [pid 5352] mkdir("./file1", 0777) = 0 [ 140.344348][ T5352] loop0: detected capacity change from 0 to 1024 [ 140.367752][ T5352] EXT4-fs: Ignoring removed oldalloc option [pid 5352] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5352] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5352] chdir("./file1") = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5352] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5352] write(4, "\xe0", 1) = 1 [pid 5352] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5352] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5352] exit_group(0) = ? [pid 5352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5352, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 140.396950][ T5352] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. unlink("./86/binderfs") = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 140.463651][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5355 attached , child_tidptr=0x55555b90b650) = 5355 [pid 5355] set_robust_list(0x55555b90b660, 24) = 0 [pid 5355] chdir("./87") = 0 [pid 5355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5355] setpgid(0, 0) = 0 [pid 5355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5355] write(3, "1000", 4) = 4 [pid 5355] close(3) = 0 [pid 5355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5355] memfd_create("syzkaller", 0) = 3 [pid 5355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5355] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5355] close(3) = 0 [pid 5355] close(4) = 0 [pid 5355] mkdir("./file1", 0777) = 0 [ 140.633348][ T5355] loop0: detected capacity change from 0 to 1024 [pid 5355] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5355] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5355] chdir("./file1") = 0 [pid 5355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5355] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5355] write(4, "\xe0", 1) = 1 [pid 5355] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5355] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5355] exit_group(0) = ? [ 140.673811][ T5355] EXT4-fs: Ignoring removed oldalloc option [ 140.688272][ T5355] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5355, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 140.798199][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5358 ./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x55555b90b660, 24) = 0 [pid 5358] chdir("./88") = 0 [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5358] write(3, "1000", 4) = 4 [pid 5358] close(3) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5358] memfd_create("syzkaller", 0) = 3 [pid 5358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5358] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5358] close(3) = 0 [pid 5358] close(4) = 0 [pid 5358] mkdir("./file1", 0777) = 0 [ 140.977669][ T5358] loop0: detected capacity change from 0 to 1024 [ 141.003222][ T5358] EXT4-fs: Ignoring removed oldalloc option [pid 5358] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5358] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5358] chdir("./file1") = 0 [pid 5358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5358] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5358] write(4, "\xe0", 1) = 1 [ 141.019221][ T5358] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5358] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5358] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5358] exit_group(0) = ? [pid 5358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5358, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 141.107595][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./88/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5361 ./strace-static-x86_64: Process 5361 attached [pid 5361] set_robust_list(0x55555b90b660, 24) = 0 [pid 5361] chdir("./89") = 0 [pid 5361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5361] setpgid(0, 0) = 0 [pid 5361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5361] write(3, "1000", 4) = 4 [pid 5361] close(3) = 0 [pid 5361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5361] memfd_create("syzkaller", 0) = 3 [pid 5361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5361] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5361] close(3) = 0 [pid 5361] close(4) = 0 [pid 5361] mkdir("./file1", 0777) = 0 [ 141.299043][ T5361] loop0: detected capacity change from 0 to 1024 [ 141.319508][ T5361] EXT4-fs: Ignoring removed oldalloc option [pid 5361] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5361] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5361] chdir("./file1") = 0 [pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5361] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5361] write(4, "\xe0", 1) = 1 [pid 5361] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5361] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5361] exit_group(0) = ? [pid 5361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5361, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 141.348503][ T5361] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. unlink("./89/binderfs") = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 141.420109][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5364 attached , child_tidptr=0x55555b90b650) = 5364 [pid 5364] set_robust_list(0x55555b90b660, 24) = 0 [pid 5364] chdir("./90") = 0 [pid 5364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5364] setpgid(0, 0) = 0 [pid 5364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5364] write(3, "1000", 4) = 4 [pid 5364] close(3) = 0 [pid 5364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5364] memfd_create("syzkaller", 0) = 3 [pid 5364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5364] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5364] close(3) = 0 [pid 5364] close(4) = 0 [pid 5364] mkdir("./file1", 0777) = 0 [ 141.601797][ T5364] loop0: detected capacity change from 0 to 1024 [ 141.637002][ T5364] EXT4-fs: Ignoring removed oldalloc option [pid 5364] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5364] chdir("./file1") = 0 [pid 5364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5364] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5364] write(4, "\xe0", 1) = 1 [pid 5364] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5364] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5364] exit_group(0) = ? [pid 5364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5364, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 141.658270][ T5364] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 141.743950][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./90/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5367 ./strace-static-x86_64: Process 5367 attached [pid 5367] set_robust_list(0x55555b90b660, 24) = 0 [pid 5367] chdir("./91") = 0 [pid 5367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5367] setpgid(0, 0) = 0 [pid 5367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5367] write(3, "1000", 4) = 4 [pid 5367] close(3) = 0 [pid 5367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5367] memfd_create("syzkaller", 0) = 3 [pid 5367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5367] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5367] close(3) = 0 [pid 5367] close(4) = 0 [pid 5367] mkdir("./file1", 0777) = 0 [ 141.955386][ T5367] loop0: detected capacity change from 0 to 1024 [ 141.980934][ T5367] EXT4-fs: Ignoring removed oldalloc option [pid 5367] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5367] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5367] chdir("./file1") = 0 [pid 5367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5367] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5367] write(4, "\xe0", 1) = 1 [pid 5367] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5367] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5367] exit_group(0) = ? [ 142.008507][ T5367] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5367, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 142.085897][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./91/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5370 ./strace-static-x86_64: Process 5370 attached [pid 5370] set_robust_list(0x55555b90b660, 24) = 0 [pid 5370] chdir("./92") = 0 [pid 5370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] setpgid(0, 0) = 0 [pid 5370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5370] write(3, "1000", 4) = 4 [pid 5370] close(3) = 0 [pid 5370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5370] memfd_create("syzkaller", 0) = 3 [pid 5370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5370] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5370] close(3) = 0 [pid 5370] close(4) = 0 [pid 5370] mkdir("./file1", 0777) = 0 [ 142.314388][ T5370] loop0: detected capacity change from 0 to 1024 [pid 5370] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5370] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5370] chdir("./file1") = 0 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5370] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5370] write(4, "\xe0", 1) = 1 [pid 5370] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5370] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5370] exit_group(0) = ? [ 142.355086][ T5370] EXT4-fs: Ignoring removed oldalloc option [ 142.368733][ T5370] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5370, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 142.488003][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5373 attached , child_tidptr=0x55555b90b650) = 5373 [pid 5373] set_robust_list(0x55555b90b660, 24) = 0 [pid 5373] chdir("./93") = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] memfd_create("syzkaller", 0) = 3 [pid 5373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5373] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5373] close(3) = 0 [pid 5373] close(4) = 0 [pid 5373] mkdir("./file1", 0777) = 0 [ 142.669726][ T5373] loop0: detected capacity change from 0 to 1024 [ 142.708628][ T5373] EXT4-fs: Ignoring removed oldalloc option [pid 5373] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5373] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5373] chdir("./file1") = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5373] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5373] write(4, "\xe0", 1) = 1 [pid 5373] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5373] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5373] exit_group(0) = ? [pid 5373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 142.737892][ T5373] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 142.840734][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b90b650) = 5376 ./strace-static-x86_64: Process 5376 attached [pid 5376] set_robust_list(0x55555b90b660, 24) = 0 [pid 5376] chdir("./94") = 0 [pid 5376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5376] setpgid(0, 0) = 0 [pid 5376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5376] write(3, "1000", 4) = 4 [pid 5376] close(3) = 0 [pid 5376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5376] memfd_create("syzkaller", 0) = 3 [pid 5376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5376] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5376] close(3) = 0 [pid 5376] close(4) = 0 [pid 5376] mkdir("./file1", 0777) = 0 [ 143.011514][ T5376] loop0: detected capacity change from 0 to 1024 [ 143.050642][ T5376] EXT4-fs: Ignoring removed oldalloc option [pid 5376] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5376] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5376] chdir("./file1") = 0 [pid 5376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5376] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5376] write(4, "\xe0", 1) = 1 [pid 5376] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5376] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5376] exit_group(0) = ? [pid 5376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5376, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 143.069523][ T5376] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 143.140503][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5380 attached , child_tidptr=0x55555b90b650) = 5380 [pid 5380] set_robust_list(0x55555b90b660, 24) = 0 [pid 5380] chdir("./95") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] memfd_create("syzkaller", 0) = 3 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5380] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5380] close(3) = 0 [pid 5380] close(4) = 0 [pid 5380] mkdir("./file1", 0777) = 0 [ 143.339410][ T5380] loop0: detected capacity change from 0 to 1024 [ 143.369154][ T5380] EXT4-fs: Ignoring removed oldalloc option [pid 5380] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5380] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5380] chdir("./file1") = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5380] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5380] write(4, "\xe0", 1) = 1 [pid 5380] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5380] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5380] exit_group(0) = ? [pid 5380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5380, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 143.388915][ T5380] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 143.495226][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5383 attached , child_tidptr=0x55555b90b650) = 5383 [pid 5383] set_robust_list(0x55555b90b660, 24) = 0 [pid 5383] chdir("./96") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] memfd_create("syzkaller", 0) = 3 [pid 5383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5383] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5383] close(3) = 0 [pid 5383] close(4) = 0 [pid 5383] mkdir("./file1", 0777) = 0 [ 143.715775][ T5383] loop0: detected capacity change from 0 to 1024 [ 143.742218][ T5383] EXT4-fs: Ignoring removed oldalloc option [pid 5383] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5383] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5383] chdir("./file1") = 0 [pid 5383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5383] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5383] write(4, "\xe0", 1) = 1 [pid 5383] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 143.760256][ T5383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5383] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5383] exit_group(0) = ? [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 143.894966][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./96/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5386 attached , child_tidptr=0x55555b90b650) = 5386 [pid 5386] set_robust_list(0x55555b90b660, 24) = 0 [pid 5386] chdir("./97") = 0 [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5386] setpgid(0, 0) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5386] write(3, "1000", 4) = 4 [pid 5386] close(3) = 0 [pid 5386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5386] memfd_create("syzkaller", 0) = 3 [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5386] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [pid 5386] close(4) = 0 [pid 5386] mkdir("./file1", 0777) = 0 [ 144.092994][ T5386] loop0: detected capacity change from 0 to 1024 [ 144.118916][ T5386] EXT4-fs: Ignoring removed oldalloc option [pid 5386] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5386] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5386] chdir("./file1") = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5386] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5386] write(4, "\xe0", 1) = 1 [pid 5386] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5386] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5386] exit_group(0) = ? [ 144.138417][ T5386] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5386, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 144.242736][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./97/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5389 attached , child_tidptr=0x55555b90b650) = 5389 [pid 5389] set_robust_list(0x55555b90b660, 24) = 0 [pid 5389] chdir("./98") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] memfd_create("syzkaller", 0) = 3 [pid 5389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5389] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5389] close(3) = 0 [pid 5389] close(4) = 0 [pid 5389] mkdir("./file1", 0777) = 0 [ 144.431029][ T5389] loop0: detected capacity change from 0 to 1024 [ 144.470437][ T5389] EXT4-fs: Ignoring removed oldalloc option [pid 5389] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5389] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5389] chdir("./file1") = 0 [pid 5389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5389] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5389] write(4, "\xe0", 1) = 1 [pid 5389] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5389] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5389] exit_group(0) = ? [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 [ 144.488562][ T5389] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 144.549157][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5392 attached , child_tidptr=0x55555b90b650) = 5392 [pid 5392] set_robust_list(0x55555b90b660, 24) = 0 [pid 5392] chdir("./99") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] memfd_create("syzkaller", 0) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5392] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] close(4) = 0 [pid 5392] mkdir("./file1", 0777) = 0 [ 144.700164][ T5392] loop0: detected capacity change from 0 to 1024 [ 144.717679][ T5392] EXT4-fs: Ignoring removed oldalloc option [pid 5392] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5392] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./file1") = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5392] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5392] write(4, "\xe0", 1) = 1 [pid 5392] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5392] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5392] exit_group(0) = ? [ 144.739629][ T5392] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5392, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555b90c6f0 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555b914730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555b914730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x55555b90c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 144.833133][ T5074] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5396 attached , child_tidptr=0x55555b90b650) = 5396 [pid 5396] set_robust_list(0x55555b90b660, 24) = 0 [pid 5396] chdir("./100") = 0 [pid 5396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5396] setpgid(0, 0) = 0 [pid 5396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5396] write(3, "1000", 4) = 4 [pid 5396] close(3) = 0 [pid 5396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb1b800000 [pid 5396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5396] munmap(0x7fcb1b800000, 138412032) = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] close(3) = 0 [pid 5396] close(4) = 0 [pid 5396] mkdir("./file1", 0777) = 0 [ 145.009436][ T5396] loop0: detected capacity change from 0 to 1024 [ 145.046175][ T5396] EXT4-fs: Ignoring removed oldalloc option [pid 5396] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5396] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5396] chdir("./file1") = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5396] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5396] write(4, "\xe0", 1) = 1 [pid 5396] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5396] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 0177766) = 5 [pid 5396] exit_group(0) = ?