./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1486238031 <...> Warning: Permanently added '10.128.0.223' (ED25519) to the list of known hosts. execve("./syz-executor1486238031", ["./syz-executor1486238031"], 0x7ffc7afb09b0 /* 10 vars */) = 0 brk(NULL) = 0x55556a5dc000 brk(0x55556a5dcd00) = 0x55556a5dcd00 arch_prctl(ARCH_SET_FS, 0x55556a5dc380) = 0 set_tid_address(0x55556a5dc650) = 5078 set_robust_list(0x55556a5dc660, 24) = 0 rseq(0x55556a5dcca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1486238031", 4096) = 28 getrandom("\x67\xb2\x5d\xc6\x59\xe5\xb0\x5f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556a5dcd00 brk(0x55556a5fdd00) = 0x55556a5fdd00 brk(0x55556a5fe000) = 0x55556a5fe000 mprotect(0x7feae24ad000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.OJnHoc", 0700) = 0 chmod("./syzkaller.OJnHoc", 0777) = 0 chdir("./syzkaller.OJnHoc") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached , child_tidptr=0x55556a5dc650) = 5080 [pid 5080] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5080] chdir("./0") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5080] write(1, "executing program\n", 18) = 18 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5080] munmap(0x7fead9e00000, 138412032) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] close(4) = 0 [pid 5080] mkdir("./file1", 0777) = 0 [ 57.419245][ T5080] loop0: detected capacity change from 0 to 512 [ 57.453659][ T5080] EXT4-fs (loop0): 1 truncate cleaned up [pid 5080] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 57.459938][ T5080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5080] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5080] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5080] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5080] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./0/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/cpuset.effective_cpus") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/cgroup.controllers") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 [ 57.604524][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a5dc650) = 5083 ./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5083] chdir("./1") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5083] write(1, "executing program\n", 18) = 18 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5083] munmap(0x7fead9e00000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] close(4) = 0 [pid 5083] mkdir("./file1", 0777) = 0 [ 57.800214][ T5083] loop0: detected capacity change from 0 to 512 [ 57.832837][ T5083] EXT4-fs (loop0): 1 truncate cleaned up [pid 5083] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5083] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5083] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5083] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5083] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [ 57.839676][ T5083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./1/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/cpuset.effective_cpus") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/cgroup.controllers") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 57.917505][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5085] chdir("./2" [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5085 [pid 5085] <... chdir resumed>) = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5085] write(1, "executing program\n", 18) = 18 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5085] munmap(0x7fead9e00000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] close(4) = 0 [pid 5085] mkdir("./file1", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5085] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5085] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5085] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5085] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5085] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5085] exit_group(0) = ? [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 58.051199][ T5085] loop0: detected capacity change from 0 to 512 [ 58.078080][ T5085] EXT4-fs (loop0): 1 truncate cleaned up [ 58.085010][ T5085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./2/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/cpuset.effective_cpus") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/cgroup.controllers") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 58.180950][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./2/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x55556a5dc660, 24 [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5088 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5088] chdir("./3") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5088] write(1, "executing program\n", 18) = 18 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5088] munmap(0x7fead9e00000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] mkdir("./file1", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5088] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5088] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5088] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5088] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5088] exit_group(0) = ? [ 58.390157][ T5088] loop0: detected capacity change from 0 to 512 [ 58.420305][ T5088] EXT4-fs (loop0): 1 truncate cleaned up [ 58.426902][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./3/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/cpuset.effective_cpus") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/cgroup.controllers") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 58.487010][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x55556a5dc650) = 5090 [pid 5090] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5090] chdir("./4") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] write(1, "executing program\n", 18executing program ) = 18 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5090] munmap(0x7fead9e00000, 138412032) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] close(4) = 0 [pid 5090] mkdir("./file1", 0777) = 0 [ 58.630740][ T5090] loop0: detected capacity change from 0 to 512 [ 58.669016][ T5090] EXT4-fs (loop0): 1 truncate cleaned up [pid 5090] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5090] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5090] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5090] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5090] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5090] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5090] exit_group(0) = ? [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./4/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 58.675415][ T5090] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. unlink("./4/cpuset.effective_cpus") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/cgroup.controllers") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 58.789172][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x55556a5dc650) = 5092 [pid 5092] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5092] chdir("./5") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] write(1, "executing program\n", 18executing program ) = 18 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5092] munmap(0x7fead9e00000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("./file1", 0777) = 0 [ 59.012906][ T5092] loop0: detected capacity change from 0 to 512 [pid 5092] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5092] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5092] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5092] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5092] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./5/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/cpuset.effective_cpus") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/cgroup.controllers") = 0 [ 59.060097][ T5092] EXT4-fs (loop0): 1 truncate cleaned up [ 59.066501][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.121593][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x55556a5dc650) = 5094 [pid 5094] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5094] chdir("./6") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] write(1, "executing program\n", 18executing program ) = 18 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5094] munmap(0x7fead9e00000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file1", 0777) = 0 [ 59.251970][ T5094] loop0: detected capacity change from 0 to 512 [pid 5094] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5094] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5094] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5094] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5094] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5094] exit_group(0) = ? [ 59.299416][ T5094] EXT4-fs (loop0): 1 truncate cleaned up [ 59.305746][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./6/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/cpuset.effective_cpus") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/cgroup.controllers") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.391101][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x55556a5dc650) = 5096 [pid 5096] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5096] chdir("./7") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5096] write(1, "executing program\n", 18) = 18 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5096] munmap(0x7fead9e00000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [ 59.549952][ T5096] loop0: detected capacity change from 0 to 512 [ 59.583532][ T5096] EXT4-fs (loop0): 1 truncate cleaned up [pid 5096] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5096] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5096] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5096] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./7/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/cpuset.effective_cpus") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/cgroup.controllers") = 0 [ 59.589804][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 59.638111][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x55556a5dc650) = 5098 [pid 5098] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5098] chdir("./8") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5098] write(1, "executing program\n", 18) = 18 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5098] munmap(0x7fead9e00000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./file1", 0777) = 0 [ 59.838084][ T5098] loop0: detected capacity change from 0 to 512 [ 59.870462][ T5098] EXT4-fs (loop0): 1 truncate cleaned up [pid 5098] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5098] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5098] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5098] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5098] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 59.877354][ T5098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./8/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/cpuset.effective_cpus") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/cgroup.controllers") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.943773][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached , child_tidptr=0x55556a5dc650) = 5100 [pid 5100] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5100] chdir("./9") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] write(1, "executing program\n", 18executing program ) = 18 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5100] munmap(0x7fead9e00000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] close(4) = 0 [pid 5100] mkdir("./file1", 0777) = 0 [ 60.083645][ T5100] loop0: detected capacity change from 0 to 512 [ 60.121469][ T5100] EXT4-fs (loop0): 1 truncate cleaned up [pid 5100] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5100] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5100] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5100] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./9/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/cpuset.effective_cpus") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/cgroup.controllers") = 0 [ 60.128140][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 60.185133][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./9/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5102] chdir("./10" [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5102 [pid 5102] <... chdir resumed>) = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5102] write(1, "executing program\n", 18) = 18 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5102] munmap(0x7fead9e00000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] close(4) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [ 60.411564][ T5102] loop0: detected capacity change from 0 to 512 [ 60.443680][ T5102] EXT4-fs (loop0): 1 truncate cleaned up [pid 5102] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5102] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5102] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 60.449994][ T5102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5102] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5102] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./10/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/cpuset.effective_cpus") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/cgroup.controllers") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 60.524018][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x55556a5dc650) = 5104 [pid 5104] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5104] chdir("./11") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5104] write(1, "executing program\n", 18) = 18 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5104] munmap(0x7fead9e00000, 138412032) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] close(4) = 0 [pid 5104] mkdir("./file1", 0777) = 0 [pid 5104] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5104] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5104] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [ 60.651221][ T5104] loop0: detected capacity change from 0 to 512 [ 60.681934][ T5104] EXT4-fs (loop0): 1 truncate cleaned up [ 60.688362][ T5104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5104] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5104] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5104] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./11/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/cpuset.effective_cpus") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/cgroup.controllers") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 60.764672][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x55556a5dc650) = 5106 [pid 5106] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5106] chdir("./12") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5106] write(1, "executing program\n", 18) = 18 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5106] munmap(0x7fead9e00000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] close(4) = 0 [pid 5106] mkdir("./file1", 0777) = 0 [ 60.930685][ T5106] loop0: detected capacity change from 0 to 512 [pid 5106] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5106] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5106] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5106] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5106] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5106] exit_group(0) = ? [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./12/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/cpuset.effective_cpus") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/cgroup.controllers") = 0 [ 60.975267][ T5106] EXT4-fs (loop0): 1 truncate cleaned up [ 60.981595][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 61.031866][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a5dc650) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5108] chdir("./13") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] write(1, "executing program\n", 18executing program ) = 18 [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5108] munmap(0x7fead9e00000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] close(4) = 0 [pid 5108] mkdir("./file1", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5108] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5108] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5108] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5108] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5108] exit_group(0) = ? [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./13/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/cpuset.effective_cpus") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 61.170570][ T5108] loop0: detected capacity change from 0 to 512 [ 61.191632][ T5108] EXT4-fs (loop0): 1 truncate cleaned up [ 61.198562][ T5108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. unlink("./13/cgroup.controllers") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 61.254030][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5110] chdir("./14") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5110 [pid 5110] <... prctl resumed>) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5110] write(1, "executing program\n", 18) = 18 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5110] munmap(0x7fead9e00000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] close(4) = 0 [pid 5110] mkdir("./file1", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5110] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5110] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [ 61.386636][ T5110] loop0: detected capacity change from 0 to 512 [ 61.416944][ T5110] EXT4-fs (loop0): 1 truncate cleaned up [ 61.423522][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5110] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5110] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5110] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./14/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/cpuset.effective_cpus") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/cgroup.controllers") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 61.567367][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5112] chdir("./15" [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5112 [pid 5112] <... chdir resumed>) = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] write(1, "executing program\n", 18executing program ) = 18 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5112] munmap(0x7fead9e00000, 138412032) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] close(4) = 0 [pid 5112] mkdir("./file1", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5112] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5112] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5112] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 61.723750][ T5112] loop0: detected capacity change from 0 to 512 [ 61.751364][ T5112] EXT4-fs (loop0): 1 truncate cleaned up [ 61.757780][ T5112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5112] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5112] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5112] exit_group(0) = ? [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./15/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/cpuset.effective_cpus") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/cgroup.controllers") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 61.897522][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./15/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x55556a5dc650) = 5114 [pid 5114] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5114] chdir("./16") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5114] write(1, "executing program\n", 18) = 18 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5114] munmap(0x7fead9e00000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] close(4) = 0 [pid 5114] mkdir("./file1", 0777) = 0 [ 62.139405][ T5114] loop0: detected capacity change from 0 to 512 [ 62.177732][ T5114] EXT4-fs (loop0): 1 truncate cleaned up [pid 5114] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5114] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5114] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5114] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5114] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./16/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/cpuset.effective_cpus") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/cgroup.controllers") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 62.184180][ T5114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.222650][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached , child_tidptr=0x55556a5dc650) = 5117 [pid 5117] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5117] chdir("./17") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5117] write(1, "executing program\n", 18) = 18 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5117] munmap(0x7fead9e00000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] close(4) = 0 [pid 5117] mkdir("./file1", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5117] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 62.389938][ T5117] loop0: detected capacity change from 0 to 512 [ 62.420887][ T5117] EXT4-fs (loop0): 1 truncate cleaned up [ 62.427777][ T5117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5117] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5117] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5117] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5117] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5117] exit_group(0) = ? [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./17/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/cpuset.effective_cpus") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/cgroup.controllers") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 62.480058][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached , child_tidptr=0x55556a5dc650) = 5120 [pid 5120] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5120] chdir("./18") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] write(1, "executing program\n", 18executing program ) = 18 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5120] munmap(0x7fead9e00000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] close(4) = 0 [pid 5120] mkdir("./file1", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5120] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5120] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5120] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 62.641412][ T5120] loop0: detected capacity change from 0 to 512 [ 62.670525][ T5120] EXT4-fs (loop0): 1 truncate cleaned up [ 62.677725][ T5120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5120] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5120] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5120] exit_group(0) = ? [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./18/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/cpuset.effective_cpus") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/cgroup.controllers") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 62.796049][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached , child_tidptr=0x55556a5dc650) = 5122 [pid 5122] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5122] chdir("./19") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5122] write(1, "executing program\n", 18) = 18 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5122] munmap(0x7fead9e00000, 138412032) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] close(4) = 0 [pid 5122] mkdir("./file1", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5122] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5122] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 62.992205][ T5122] loop0: detected capacity change from 0 to 512 [ 63.023238][ T5122] EXT4-fs (loop0): 1 truncate cleaned up [ 63.029486][ T5122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5122] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5122] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5122] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./19/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/cpuset.effective_cpus") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/cgroup.controllers") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 63.157479][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached , child_tidptr=0x55556a5dc650) = 5124 [pid 5124] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5124] chdir("./20") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5124] write(1, "executing program\n", 18) = 18 [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5124] munmap(0x7fead9e00000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] close(4) = 0 [pid 5124] mkdir("./file1", 0777) = 0 [ 63.291421][ T5124] loop0: detected capacity change from 0 to 512 [ 63.327519][ T5124] EXT4-fs (loop0): 1 truncate cleaned up [pid 5124] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5124] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5124] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5124] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5124] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 [ 63.333838][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./20/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/cpuset.effective_cpus") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/cgroup.controllers") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 63.392935][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached , child_tidptr=0x55556a5dc650) = 5126 [pid 5126] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5126] chdir("./21") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] write(1, "executing program\n", 18executing program ) = 18 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5126] munmap(0x7fead9e00000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] close(4) = 0 [pid 5126] mkdir("./file1", 0777) = 0 [ 63.526781][ T5126] loop0: detected capacity change from 0 to 512 [pid 5126] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5126] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5126] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5126] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5126] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5126] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 63.569989][ T5126] EXT4-fs (loop0): 1 truncate cleaned up [ 63.576807][ T5126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./21/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/cpuset.effective_cpus") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/cgroup.controllers") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 63.661869][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x55556a5dc650) = 5129 [pid 5129] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5129] chdir("./22") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] write(1, "executing program\n", 18executing program ) = 18 [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5129] munmap(0x7fead9e00000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] close(4) = 0 [pid 5129] mkdir("./file1", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5129] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5129] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5129] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 63.841672][ T5129] loop0: detected capacity change from 0 to 512 [ 63.872913][ T5129] EXT4-fs (loop0): 1 truncate cleaned up [ 63.879204][ T5129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5129] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5129] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5129] exit_group(0) = ? [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./22/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/cpuset.effective_cpus") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/cgroup.controllers") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 64.000205][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x55556a5dc650) = 5131 [pid 5131] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5131] chdir("./23") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] write(1, "executing program\n", 18executing program ) = 18 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5131] munmap(0x7fead9e00000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] close(4) = 0 [pid 5131] mkdir("./file1", 0777) = 0 [ 64.190872][ T5131] loop0: detected capacity change from 0 to 512 [ 64.223742][ T5131] EXT4-fs (loop0): 1 truncate cleaned up [pid 5131] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5131] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5131] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5131] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5131] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5131] exit_group(0) = ? [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./23/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/cpuset.effective_cpus") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/cgroup.controllers") = 0 [ 64.230019][ T5131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 64.276163][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5133] chdir("./24" [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5133 [pid 5133] <... chdir resumed>) = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] write(1, "executing program\n", 18executing program ) = 18 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5133] munmap(0x7fead9e00000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] close(4) = 0 [pid 5133] mkdir("./file1", 0777) = 0 [pid 5133] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5133] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5133] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5133] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5133] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 64.450300][ T5133] loop0: detected capacity change from 0 to 512 [ 64.480490][ T5133] EXT4-fs (loop0): 1 truncate cleaned up [ 64.486900][ T5133] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./24/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/cpuset.effective_cpus") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/cgroup.controllers") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 64.590069][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x55556a5dc650) = 5135 [pid 5135] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5135] chdir("./25") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5135] write(1, "executing program\n", 18) = 18 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5135] munmap(0x7fead9e00000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] close(4) = 0 [pid 5135] mkdir("./file1", 0777) = 0 [ 64.742787][ T5135] loop0: detected capacity change from 0 to 512 [ 64.775520][ T5135] EXT4-fs (loop0): 1 truncate cleaned up [pid 5135] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5135] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5135] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5135] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5135] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5135] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 64.782108][ T5135] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./25/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/cpuset.effective_cpus") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/cgroup.controllers") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 64.884169][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x55556a5dc650) = 5137 [pid 5137] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5137] chdir("./26") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5137] write(1, "executing program\n", 18) = 18 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5137] munmap(0x7fead9e00000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] close(4) = 0 [pid 5137] mkdir("./file1", 0777) = 0 [ 65.024802][ T5137] loop0: detected capacity change from 0 to 512 [ 65.056855][ T5137] EXT4-fs (loop0): 1 truncate cleaned up [pid 5137] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5137] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5137] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5137] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5137] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5137] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 65.063400][ T5137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./26/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/cpuset.effective_cpus") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/cgroup.controllers") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 65.132377][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached , child_tidptr=0x55556a5dc650) = 5139 [pid 5139] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5139] chdir("./27") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] write(1, "executing program\n", 18executing program ) = 18 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5139] munmap(0x7fead9e00000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] close(4) = 0 [pid 5139] mkdir("./file1", 0777) = 0 [pid 5139] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5139] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5139] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5139] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5139] exit_group(0) = ? [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./27/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/cpuset.effective_cpus") = 0 [ 65.282443][ T5139] loop0: detected capacity change from 0 to 512 [ 65.312517][ T5139] EXT4-fs (loop0): 1 truncate cleaned up [ 65.319196][ T5139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/cgroup.controllers") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached [ 65.388887][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. , child_tidptr=0x55556a5dc650) = 5141 [pid 5141] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5141] chdir("./28") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] write(1, "executing program\n", 18executing program ) = 18 [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5141] munmap(0x7fead9e00000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] close(4) = 0 [pid 5141] mkdir("./file1", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 65.504006][ T5141] loop0: detected capacity change from 0 to 512 [ 65.535580][ T5141] EXT4-fs (loop0): 1 truncate cleaned up [ 65.541883][ T5141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5141] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5141] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5141] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5141] exit_group(0) = ? [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./28/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/cpuset.effective_cpus") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/cgroup.controllers") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 65.658904][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5143] chdir("./29") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0 [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5143 [pid 5143] <... setpgid resumed>) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5143] write(1, "executing program\n", 18) = 18 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5143] munmap(0x7fead9e00000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] close(4) = 0 [pid 5143] mkdir("./file1", 0777) = 0 [ 65.784833][ T5143] loop0: detected capacity change from 0 to 512 [ 65.820804][ T5143] EXT4-fs (loop0): 1 truncate cleaned up [pid 5143] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5143] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5143] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5143] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5143] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 65.827268][ T5143] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./29/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/cpuset.effective_cpus") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/cgroup.controllers") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 65.931816][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached , child_tidptr=0x55556a5dc650) = 5145 [pid 5145] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5145] chdir("./30") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5145] write(1, "executing program\n", 18) = 18 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5145] munmap(0x7fead9e00000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] close(4) = 0 [pid 5145] mkdir("./file1", 0777) = 0 [pid 5145] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5145] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5145] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5145] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5145] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5145] exit_group(0) = ? [ 66.080001][ T5145] loop0: detected capacity change from 0 to 512 [ 66.110087][ T5145] EXT4-fs (loop0): 1 truncate cleaned up [ 66.116512][ T5145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./30/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/cpuset.effective_cpus") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/cgroup.controllers") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 [ 66.248747][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x55556a5dc650) = 5147 [pid 5147] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5147] chdir("./31") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] write(1, "executing program\n", 18executing program ) = 18 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5147] munmap(0x7fead9e00000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] close(4) = 0 [pid 5147] mkdir("./file1", 0777) = 0 [ 66.453276][ T5147] loop0: detected capacity change from 0 to 512 [ 66.486104][ T5147] EXT4-fs (loop0): 1 truncate cleaned up [pid 5147] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5147] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5147] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5147] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5147] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5147] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5147] exit_group(0) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 66.492497][ T5147] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./31/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/cpuset.effective_cpus") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/cgroup.controllers") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 66.567132][ T5078] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x55556a5dc650) = 5149 [pid 5149] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5149] chdir("./32") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 executing program [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] write(1, "executing program\n", 18) = 18 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5149] munmap(0x7fead9e00000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] close(4) = 0 [pid 5149] mkdir("./file1", 0777) = 0 [pid 5149] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5149] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5149] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5149] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5149] exit_group(0) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./32/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/cpuset.effective_cpus") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/cgroup.controllers") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 [ 66.719906][ T5149] loop0: detected capacity change from 0 to 512 [ 66.748465][ T5149] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x55556a5dc650) = 5151 [pid 5151] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5151] chdir("./33") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5151] write(1, "executing program\n", 18) = 18 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5151] munmap(0x7fead9e00000, 138412032) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] close(4) = 0 [pid 5151] mkdir("./file1", 0777) = 0 [pid 5151] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5151] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5151] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5151] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5151] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5151] exit_group(0) = ? [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./33/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/cpuset.effective_cpus") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/cgroup.controllers") = 0 [ 66.930481][ T5151] loop0: detected capacity change from 0 to 512 [ 66.956902][ T5151] EXT4-fs (loop0): 1 truncate cleaned up umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5153] chdir("./34") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5153 [pid 5153] <... prctl resumed>) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5153] write(1, "executing program\n", 18) = 18 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5153] munmap(0x7fead9e00000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] close(4) = 0 [pid 5153] mkdir("./file1", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5153] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5153] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5153] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5153] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5153] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5153] exit_group(0) = ? [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./34/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/cpuset.effective_cpus") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/cgroup.controllers") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 67.140085][ T5153] loop0: detected capacity change from 0 to 512 [ 67.171782][ T5153] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5155] chdir("./35") = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5155 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5155] write(1, "executing program\n", 18) = 18 [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5155] munmap(0x7fead9e00000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] close(4) = 0 [pid 5155] mkdir("./file1", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5155] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5155] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5155] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 67.353038][ T5155] loop0: detected capacity change from 0 to 512 [ 67.385421][ T5155] EXT4-fs (loop0): 1 truncate cleaned up [pid 5155] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5155] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5155] exit_group(0) = ? [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./35/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/cpuset.effective_cpus") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/cgroup.controllers") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x55556a5dc650) = 5157 [pid 5157] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5157] chdir("./36") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5157] write(1, "executing program\n", 18) = 18 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5157] munmap(0x7fead9e00000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] close(4) = 0 [pid 5157] mkdir("./file1", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5157] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5157] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5157] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5157] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5157] exit_group(0) = ? [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./36/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/cpuset.effective_cpus") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/cgroup.controllers") = 0 [ 67.608903][ T5157] loop0: detected capacity change from 0 to 512 [ 67.639959][ T5157] EXT4-fs (loop0): 1 truncate cleaned up umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x55556a5dc650) = 5159 [pid 5159] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5159] chdir("./37") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5159] write(1, "executing program\n", 18) = 18 [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5159] munmap(0x7fead9e00000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] close(4) = 0 [pid 5159] mkdir("./file1", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5159] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5159] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5159] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5159] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5159] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5159] exit_group(0) = ? [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 67.859608][ T5159] loop0: detected capacity change from 0 to 512 [ 67.892890][ T5159] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./37/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/cpuset.effective_cpus") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/cgroup.controllers") = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x55556a5dc650) = 5161 [pid 5161] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5161] chdir("./38") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5161] write(1, "executing program\n", 18) = 18 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5161] munmap(0x7fead9e00000, 138412032) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] close(4) = 0 [pid 5161] mkdir("./file1", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5161] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5161] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5161] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5161] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5161] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5161] exit_group(0) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.112126][ T5161] loop0: detected capacity change from 0 to 512 [ 68.144718][ T5161] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./38/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/cpuset.effective_cpus") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/cgroup.controllers") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a5dc650) = 5163 ./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5163] chdir("./39") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5163] write(1, "executing program\n", 18) = 18 [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5163] munmap(0x7fead9e00000, 138412032) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] close(4) = 0 [pid 5163] mkdir("./file1", 0777) = 0 [pid 5163] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5163] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5163] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5163] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5163] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5163] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [ 68.381457][ T5163] loop0: detected capacity change from 0 to 512 [ 68.406581][ T5163] EXT4-fs (loop0): 1 truncate cleaned up [pid 5163] exit_group(0) = ? [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./39/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/cpuset.effective_cpus") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/cgroup.controllers") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5165] chdir("./40") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5165 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] write(1, "executing program\n", 18executing program ) = 18 [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5165] munmap(0x7fead9e00000, 138412032) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] close(4) = 0 [pid 5165] mkdir("./file1", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5165] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5165] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5165] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5165] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5165] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5165] exit_group(0) = ? [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./40/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/cpuset.effective_cpus") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/cgroup.controllers") = 0 [ 68.661863][ T5165] loop0: detected capacity change from 0 to 512 [ 68.694801][ T5165] EXT4-fs (loop0): 1 truncate cleaned up umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached , child_tidptr=0x55556a5dc650) = 5167 [pid 5167] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5167] chdir("./41") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] write(1, "executing program\n", 18executing program ) = 18 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5167] munmap(0x7fead9e00000, 138412032) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] close(4) = 0 [pid 5167] mkdir("./file1", 0777) = 0 [ 68.930118][ T5167] loop0: detected capacity change from 0 to 512 [pid 5167] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5167] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5167] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5167] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5167] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5167] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5167] exit_group(0) = ? [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./41/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/cpuset.effective_cpus") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/cgroup.controllers") = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 68.973758][ T5167] EXT4-fs (loop0): 1 truncate cleaned up umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached , child_tidptr=0x55556a5dc650) = 5169 [pid 5169] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5169] chdir("./42") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] write(1, "executing program\n", 18executing program ) = 18 [pid 5169] memfd_create("syzkaller", 0) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5169] munmap(0x7fead9e00000, 138412032) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] close(4) = 0 [pid 5169] mkdir("./file1", 0777) = 0 [pid 5169] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5169] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5169] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5169] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5169] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5169] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5169] exit_group(0) = ? [ 69.268509][ T5169] loop0: detected capacity change from 0 to 512 [ 69.302668][ T5169] EXT4-fs (loop0): 1 truncate cleaned up [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./42/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/cpuset.effective_cpus") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/cgroup.controllers") = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a5dc650) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5171] chdir("./43") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5171] write(1, "executing program\n", 18) = 18 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5171] munmap(0x7fead9e00000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] close(4) = 0 [pid 5171] mkdir("./file1", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5171] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5171] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5171] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5171] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5171] exit_group(0) = ? [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./43/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/cpuset.effective_cpus") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/cgroup.controllers") = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.616885][ T5171] loop0: detected capacity change from 0 to 512 [ 69.645866][ T5171] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5173] chdir("./44") = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5173 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] write(1, "executing program\n", 18executing program ) = 18 [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5173] munmap(0x7fead9e00000, 138412032) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5173] close(3) = 0 [pid 5173] close(4) = 0 [pid 5173] mkdir("./file1", 0777) = 0 [pid 5173] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5173] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5173] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5173] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5173] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5173] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5173] exit_group(0) = ? [ 69.842978][ T5173] loop0: detected capacity change from 0 to 512 [ 69.867413][ T5173] EXT4-fs (loop0): 1 truncate cleaned up [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./44/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/cpuset.effective_cpus") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/cgroup.controllers") = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x55556a5dc650) = 5175 [pid 5175] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5175] chdir("./45") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] write(1, "executing program\n", 18executing program ) = 18 [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5175] munmap(0x7fead9e00000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] close(4) = 0 [pid 5175] mkdir("./file1", 0777) = 0 [pid 5175] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5175] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5175] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5175] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5175] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5175] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5175] exit_group(0) = ? [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 70.151719][ T5175] loop0: detected capacity change from 0 to 512 [ 70.178907][ T5175] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./45/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/cpuset.effective_cpus") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/cgroup.controllers") = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached , child_tidptr=0x55556a5dc650) = 5177 [pid 5177] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5177] chdir("./46") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] write(1, "executing program\n", 18executing program ) = 18 [pid 5177] memfd_create("syzkaller", 0) = 3 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5177] munmap(0x7fead9e00000, 138412032) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] close(4) = 0 [pid 5177] mkdir("./file1", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5177] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5177] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5177] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5177] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5177] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5177] exit_group(0) = ? [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./46/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/cpuset.effective_cpus") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/cgroup.controllers") = 0 [ 70.442496][ T5177] loop0: detected capacity change from 0 to 512 [ 70.469974][ T5177] EXT4-fs (loop0): 1 truncate cleaned up umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x55556a5dc650) = 5179 [pid 5179] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5179] chdir("./47") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] write(1, "executing program\n", 18executing program ) = 18 [pid 5179] memfd_create("syzkaller", 0) = 3 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5179] munmap(0x7fead9e00000, 138412032) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5179] close(3) = 0 [pid 5179] close(4) = 0 [pid 5179] mkdir("./file1", 0777) = 0 [pid 5179] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5179] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5179] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5179] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5179] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 70.660209][ T5179] loop0: detected capacity change from 0 to 512 [ 70.698577][ T5179] EXT4-fs (loop0): 1 truncate cleaned up [pid 5179] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5179] exit_group(0) = ? [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./47/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/cpuset.effective_cpus") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/cgroup.controllers") = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x55556a5dc650) = 5181 [pid 5181] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5181] chdir("./48") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] write(1, "executing program\n", 18executing program ) = 18 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5181] munmap(0x7fead9e00000, 138412032) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] close(4) = 0 [pid 5181] mkdir("./file1", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5181] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5181] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5181] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5181] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5181] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5181] exit_group(0) = ? [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 70.924688][ T5181] loop0: detected capacity change from 0 to 512 [ 70.957122][ T5181] EXT4-fs (loop0): 1 truncate cleaned up umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./48/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/cpuset.effective_cpus") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/cgroup.controllers") = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x55556a5dc650) = 5183 [pid 5183] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5183] chdir("./49") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5183] write(1, "executing program\n", 18) = 18 [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5183] munmap(0x7fead9e00000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] close(4) = 0 [pid 5183] mkdir("./file1", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5183] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5183] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5183] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5183] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5183] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5183] exit_group(0) = ? [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./49/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/cpuset.effective_cpus") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/cgroup.controllers") = 0 [ 71.163362][ T5183] loop0: detected capacity change from 0 to 512 [ 71.194339][ T5183] EXT4-fs (loop0): 1 truncate cleaned up umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x55556a5dc650) = 5185 [pid 5185] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5185] chdir("./50") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] write(1, "executing program\n", 18executing program ) = 18 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5185] munmap(0x7fead9e00000, 138412032) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] close(4) = 0 [pid 5185] mkdir("./file1", 0777) = 0 [pid 5185] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5185] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5185] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5185] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5185] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5185] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5185] exit_group(0) = ? [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./50/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/cpuset.effective_cpus") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/cgroup.controllers") = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 71.413930][ T5185] loop0: detected capacity change from 0 to 512 [ 71.446575][ T5185] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x55556a5dc650) = 5187 [pid 5187] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5187] chdir("./51") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] write(1, "executing program\n", 18executing program ) = 18 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5187] munmap(0x7fead9e00000, 138412032) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] close(4) = 0 [pid 5187] mkdir("./file1", 0777) = 0 [ 71.602143][ T5187] loop0: detected capacity change from 0 to 512 [pid 5187] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5187] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5187] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5187] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5187] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [ 71.643618][ T5187] EXT4-fs (loop0): 1 truncate cleaned up [pid 5187] exit_group(0) = ? [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./51/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/cpuset.effective_cpus") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/cgroup.controllers") = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached , child_tidptr=0x55556a5dc650) = 5190 [pid 5190] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5190] chdir("./52") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5190] write(1, "executing program\n", 18) = 18 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5190] munmap(0x7fead9e00000, 138412032) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] close(4) = 0 [pid 5190] mkdir("./file1", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5190] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5190] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5190] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5190] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5190] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5190] exit_group(0) = ? [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 72.119755][ T5190] loop0: detected capacity change from 0 to 512 [ 72.158255][ T5190] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./52/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/cpuset.effective_cpus") = 0 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/cgroup.controllers") = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5192] chdir("./53" [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5192 [pid 5192] <... chdir resumed>) = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5192] write(1, "executing program\n", 18) = 18 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5192] munmap(0x7fead9e00000, 138412032) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] close(4) = 0 [pid 5192] mkdir("./file1", 0777) = 0 [ 72.408545][ T5192] loop0: detected capacity change from 0 to 512 [pid 5192] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5192] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5192] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5192] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5192] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5192] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5192] exit_group(0) = ? [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./53/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/cpuset.effective_cpus") = 0 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/cgroup.controllers") = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 72.449174][ T5192] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x55556a5dc650) = 5194 [pid 5194] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5194] chdir("./54") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5194] write(1, "executing program\n", 18) = 18 [pid 5194] memfd_create("syzkaller", 0) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5194] munmap(0x7fead9e00000, 138412032) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] close(4) = 0 [pid 5194] mkdir("./file1", 0777) = 0 [pid 5194] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5194] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5194] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5194] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5194] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5194] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5194] exit_group(0) = ? [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./54/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/cpuset.effective_cpus") = 0 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/cgroup.controllers") = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.651593][ T5194] loop0: detected capacity change from 0 to 512 [ 72.683792][ T5194] EXT4-fs (loop0): 1 truncate cleaned up newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5196] chdir("./55") = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5196 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5196] write(1, "executing program\n", 18) = 18 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5196] munmap(0x7fead9e00000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] close(4) = 0 [pid 5196] mkdir("./file1", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5196] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5196] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5196] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5196] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5196] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5196] exit_group(0) = ? [ 72.931091][ T5196] loop0: detected capacity change from 0 to 512 [ 72.969748][ T5196] EXT4-fs (loop0): 1 truncate cleaned up [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./55/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/cpuset.effective_cpus") = 0 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/cgroup.controllers") = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5199 attached , child_tidptr=0x55556a5dc650) = 5199 [pid 5199] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5199] chdir("./56") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] write(1, "executing program\n", 18executing program ) = 18 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5199] munmap(0x7fead9e00000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] close(4) = 0 [pid 5199] mkdir("./file1", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5199] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5199] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5199] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5199] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 73.209053][ T5199] loop0: detected capacity change from 0 to 512 [ 73.238476][ T5199] EXT4-fs (loop0): 1 truncate cleaned up [pid 5199] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5199] exit_group(0) = ? [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./56/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/cpuset.effective_cpus") = 0 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/cgroup.controllers") = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x55556a5dc650) = 5201 [pid 5201] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5201] chdir("./57") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5201] write(1, "executing program\n", 18) = 18 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5201] munmap(0x7fead9e00000, 138412032) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] close(4) = 0 [pid 5201] mkdir("./file1", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5201] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5201] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5201] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5201] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5201] exit_group(0) = ? [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./57/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/cpuset.effective_cpus") = 0 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/cgroup.controllers") = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 [ 73.519749][ T5201] loop0: detected capacity change from 0 to 512 [ 73.550632][ T5201] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5203 attached , child_tidptr=0x55556a5dc650) = 5203 [pid 5203] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5203] chdir("./58") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] write(1, "executing program\n", 18executing program ) = 18 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5203] munmap(0x7fead9e00000, 138412032) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] close(4) = 0 [pid 5203] mkdir("./file1", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5203] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5203] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5203] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5203] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5203] exit_group(0) = ? [ 73.731280][ T5203] loop0: detected capacity change from 0 to 512 [ 73.760929][ T5203] EXT4-fs (loop0): 1 truncate cleaned up [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./58/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/cpuset.effective_cpus") = 0 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/cgroup.controllers") = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached , child_tidptr=0x55556a5dc650) = 5205 [pid 5205] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5205] chdir("./59") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] write(1, "executing program\n", 18executing program ) = 18 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5205] munmap(0x7fead9e00000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] close(4) = 0 [pid 5205] mkdir("./file1", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5205] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5205] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5205] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5205] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5205] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5205] exit_group(0) = ? [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./59/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/cpuset.effective_cpus") = 0 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/cgroup.controllers") = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 [ 74.083041][ T5205] loop0: detected capacity change from 0 to 512 [ 74.116507][ T5205] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x55556a5dc650) = 5207 [pid 5207] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5207] chdir("./60") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5207] write(1, "executing program\n", 18) = 18 [pid 5207] memfd_create("syzkaller", 0) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5207] munmap(0x7fead9e00000, 138412032) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] close(4) = 0 [pid 5207] mkdir("./file1", 0777) = 0 [ 74.310512][ T5207] loop0: detected capacity change from 0 to 512 [pid 5207] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5207] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5207] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5207] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5207] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5207] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5207] exit_group(0) = ? [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./60/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/cpuset.effective_cpus") = 0 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/cgroup.controllers") = 0 [ 74.354791][ T5207] EXT4-fs (loop0): 1 truncate cleaned up umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached , child_tidptr=0x55556a5dc650) = 5209 [pid 5209] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5209] chdir("./61") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] write(1, "executing program\n", 18executing program ) = 18 [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5209] munmap(0x7fead9e00000, 138412032) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] close(4) = 0 [pid 5209] mkdir("./file1", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5209] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5209] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5209] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5209] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5209] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5209] exit_group(0) = ? [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 74.671193][ T5209] loop0: detected capacity change from 0 to 512 [ 74.705222][ T5209] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./61/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/cpuset.effective_cpus") = 0 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/cgroup.controllers") = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a5dc650) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5211] chdir("./62") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5211] write(1, "executing program\n", 18) = 18 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5211] munmap(0x7fead9e00000, 138412032) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] close(4) = 0 [pid 5211] mkdir("./file1", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5211] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5211] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5211] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5211] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5211] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5211] exit_group(0) = ? [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./62/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/cpuset.effective_cpus") = 0 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/cgroup.controllers") = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 [ 74.999903][ T5211] loop0: detected capacity change from 0 to 512 [ 75.028181][ T5211] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached , child_tidptr=0x55556a5dc650) = 5213 [pid 5213] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5213] chdir("./63") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5213] write(1, "executing program\n", 18) = 18 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5213] munmap(0x7fead9e00000, 138412032) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] close(4) = 0 [pid 5213] mkdir("./file1", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5213] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5213] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5213] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5213] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5213] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5213] exit_group(0) = ? [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 75.199233][ T5213] loop0: detected capacity change from 0 to 512 [ 75.228246][ T5213] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./63/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/cpuset.effective_cpus") = 0 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/cgroup.controllers") = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5215] chdir("./64" [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5215 [pid 5215] <... chdir resumed>) = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] write(1, "executing program\n", 18executing program ) = 18 [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5215] munmap(0x7fead9e00000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] close(4) = 0 [pid 5215] mkdir("./file1", 0777) = 0 [pid 5215] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5215] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5215] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5215] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5215] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5215] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5215] exit_group(0) = ? [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./64/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.481406][ T5215] loop0: detected capacity change from 0 to 512 [ 75.512360][ T5215] EXT4-fs (loop0): 1 truncate cleaned up unlink("./64/cpuset.effective_cpus") = 0 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/cgroup.controllers") = 0 umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556a5dc650) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5218] chdir("./65") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] write(1, "executing program\n", 18executing program ) = 18 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5218] munmap(0x7fead9e00000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] close(4) = 0 [pid 5218] mkdir("./file1", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5218] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5218] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5218] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5218] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 75.777760][ T5218] loop0: detected capacity change from 0 to 512 [ 75.815868][ T5218] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./65/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/cpuset.effective_cpus") = 0 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/cgroup.controllers") = 0 umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached , child_tidptr=0x55556a5dc650) = 5220 [pid 5220] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5220] chdir("./66") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] write(1, "executing program\n", 18executing program ) = 18 [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5220] munmap(0x7fead9e00000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] close(4) = 0 [pid 5220] mkdir("./file1", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5220] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5220] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5220] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5220] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5220] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5220] exit_group(0) = ? [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./66/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/cpuset.effective_cpus") = 0 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 76.023091][ T5220] loop0: detected capacity change from 0 to 512 [ 76.051861][ T5220] EXT4-fs (loop0): 1 truncate cleaned up umount2("./66/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/cgroup.controllers") = 0 umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x55556a5dc650) = 5222 [pid 5222] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5222] chdir("./67") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] write(1, "executing program\n", 18executing program ) = 18 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5222] munmap(0x7fead9e00000, 138412032) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] close(4) = 0 [pid 5222] mkdir("./file1", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5222] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5222] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5222] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5222] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5222] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5222] exit_group(0) = ? [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./67/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/cpuset.effective_cpus") = 0 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/cgroup.controllers") = 0 [ 76.250188][ T5222] loop0: detected capacity change from 0 to 512 [ 76.277208][ T5222] EXT4-fs (loop0): 1 truncate cleaned up umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5224] chdir("./68" [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5224 [pid 5224] <... chdir resumed>) = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5224] write(1, "executing program\n", 18) = 18 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5224] munmap(0x7fead9e00000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./file1", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5224] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5224] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5224] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5224] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [ 76.480843][ T5224] loop0: detected capacity change from 0 to 512 [ 76.520077][ T5224] EXT4-fs (loop0): 1 truncate cleaned up [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./68/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/cpuset.effective_cpus") = 0 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/cgroup.controllers") = 0 umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x55556a5dc650) = 5226 [pid 5226] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5226] chdir("./69") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] write(1, "executing program\n", 18executing program ) = 18 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5226] munmap(0x7fead9e00000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file1", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [ 76.710460][ T5226] loop0: detected capacity change from 0 to 512 [ 76.743500][ T5226] EXT4-fs (loop0): 1 truncate cleaned up [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5226] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5226] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5226] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5226] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5226] exit_group(0) = ? [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 76.755332][ T8] cfg80211: failed to load regulatory.db newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 umount2("./69/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/cpuset.effective_cpus") = 0 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/cgroup.controllers") = 0 umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x55556a5dc650) = 5228 [pid 5228] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5228] chdir("./70") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5228] write(1, "executing program\n", 18) = 18 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5228] munmap(0x7fead9e00000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] close(4) = 0 [pid 5228] mkdir("./file1", 0777) = 0 [ 77.021243][ T5228] loop0: detected capacity change from 0 to 512 [pid 5228] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5228] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5228] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5228] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5228] ioctl(5, _IOC(_IOC_READ|_IOC_WRITE, 0x66, 0xf, 0x28), 0x20000000) = -1 EINVAL (Invalid argument) [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556a5dd6f0 /* 6 entries */, 32768) = 200 [ 77.062820][ T5228] EXT4-fs (loop0): 1 truncate cleaned up umount2("./70/cpuset.effective_cpus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/cpuset.effective_cpus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/cpuset.effective_cpus") = 0 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/cgroup.controllers", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/cgroup.controllers", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/cgroup.controllers") = 0 umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556a5e5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556a5e5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x55556a5dd6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x55556a5dc660, 24) = 0 [pid 5230] chdir("./71") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] <... clone resumed>, child_tidptr=0x55556a5dc650) = 5230 [pid 5230] <... prctl resumed>) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] write(1, "executing program\n", 18executing program ) = 18 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fead9e00000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5230] munmap(0x7fead9e00000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] close(4) = 0 [pid 5230] mkdir("./file1", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file1", "ext4", 0, ",errors=continue") = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5230] lsetxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x10\xd1\xf5\x41\x88\xa7\x9d\x16\x92\x3c\x02\xb6\x56\x88\xc1\x1a\x02\xe2\xcf\x9b\x6f\xc1\x06\x4b\x52\x0f\xd0\x04\x32\xb8\xe1\xab\x30\xcf\x0b\xdb\xd0\xff\x92\x28\x70\xcd\xa9\xa6\x6e\x2d\xdc\x47\x28\x11\x5c\x17\x54\x53\x84\x20\x1d\xc0\x29\x42\x1b\x56\xb6\x87\x79\xb8\x34\x2f\x14\x5c\x91\xdc\x38\xec\x75\x99\xdd\x2a\x61\xcf\xd9\x72\xaa\xf5\xfd\x77\x24\x17\xa7\x58\xcc\x81\xf7\x49\xc6"..., 2049, 0) = 0 [pid 5230] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5230] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 77.295256][ T5230] loop0: detected capacity change from 0 to 512 [ 77.316068][ T5230] EXT4-fs (loop0): 1 truncate cleaned up [ 77.331691][ T5230] ------------[ cut here ]------------ [ 77.337154][ T5230] Looking for class "&ei->i_data_sem" with key init_once.__key.799, but found a different class "&ei->i_data_sem" with the same key [ 77.350737][ T5230] WARNING: CPU: 0 PID: 5230 at kernel/locking/lockdep.c:935 look_up_lock_class+0xdc/0x160 [ 77.360636][ T5230] Modules linked in: [ 77.364535][ T5230] CPU: 0 PID: 5230 Comm: syz-executor148 Not tainted 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848 #0 [ 77.375036][ T5230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 77.385087][ T5230] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 77.390794][ T5230] Code: 01 0f 85 80 00 00 00 c6 05 5c 02 19 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 20 db ca 8b e8 25 b7 da f5 90 <0f> 0b 90 90 eb 57 90 e8 38 a2 25 f9 48 c7 c7 60 da ca 8b 89 de e8 [ 77.410390][ T5230] RSP: 0018:ffffc900037173f0 EFLAGS: 00010046 [ 77.416447][ T5230] RAX: 88c2a724edca5600 RBX: ffffffff92ca7a08 RCX: ffff88802b1a5a00 [ 77.424407][ T5230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 77.432364][ T5230] RBP: ffffc90003717500 R08: ffffffff815846c2 R09: 1ffff1101728519a [ 77.440323][ T5230] R10: dffffc0000000000 R11: ffffed101728519b R12: ffff88807e99e688 [ 77.448279][ T5230] R13: ffff88807e99e688 R14: ffff88807e99e688 R15: ffffffff9489b421 [ 77.456237][ T5230] FS: 000055556a5dc380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 77.465154][ T5230] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.471727][ T5230] CR2: 00007feae24b1100 CR3: 0000000022ada000 CR4: 00000000003506f0 [ 77.479685][ T5230] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.487644][ T5230] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.495604][ T5230] Call Trace: [ 77.498879][ T5230] [ 77.501797][ T5230] ? __warn+0x163/0x4e0 [ 77.505943][ T5230] ? look_up_lock_class+0xdc/0x160 [ 77.511041][ T5230] ? report_bug+0x2b3/0x500 [ 77.515528][ T5230] ? look_up_lock_class+0xdc/0x160 [ 77.520622][ T5230] ? handle_bug+0x3e/0x70 [ 77.524936][ T5230] ? exc_invalid_op+0x1a/0x50 [ 77.529598][ T5230] ? asm_exc_invalid_op+0x1a/0x20 [ 77.534609][ T5230] ? __warn_printk+0x292/0x360 [ 77.539359][ T5230] ? look_up_lock_class+0xdc/0x160 [ 77.544454][ T5230] register_lock_class+0x102/0x980 [ 77.549554][ T5230] ? __pfx_register_lock_class+0x10/0x10 [ 77.555187][ T5230] ? __pfx_register_lock_class+0x10/0x10 [ 77.560808][ T5230] __lock_acquire+0xda/0x1fd0 [ 77.565478][ T5230] lock_acquire+0x1ed/0x550 [ 77.569966][ T5230] ? ext4_move_extents+0x39d/0xec0 [ 77.575069][ T5230] ? __pfx_lock_acquire+0x10/0x10 [ 77.580081][ T5230] ? __pfx___might_resched+0x10/0x10 [ 77.585356][ T5230] ? __down_write_common+0x162/0x200 [ 77.590630][ T5230] ? __pfx_inode_dio_wait+0x10/0x10 [ 77.595817][ T5230] ? __pfx___down_write_common+0x10/0x10 [ 77.601436][ T5230] ? __pfx___down_write_common+0x10/0x10 [ 77.607057][ T5230] down_write_nested+0x3d/0x50 [ 77.611836][ T5230] ? ext4_move_extents+0x39d/0xec0 [ 77.616931][ T5230] ext4_move_extents+0x39d/0xec0 [ 77.621856][ T5230] ? rcu_read_lock_any_held+0xb7/0x160 [ 77.627304][ T5230] ? __pfx_ext4_move_extents+0x10/0x10 [ 77.632750][ T5230] ext4_ioctl+0x34bd/0x55a0 [ 77.637236][ T5230] ? kasan_save_track+0x51/0x80 [ 77.642075][ T5230] ? kfree+0x149/0x360 [ 77.646132][ T5230] ? do_syscall_64+0xf3/0x230 [ 77.650798][ T5230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.656853][ T5230] ? do_vfs_ioctl+0x1e77/0x2e50 [ 77.661694][ T5230] ? __pfx_ext4_ioctl+0x10/0x10 [ 77.666531][ T5230] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 77.671547][ T5230] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.677858][ T5230] ? tomoyo_path_number_perm+0x208/0x880 [ 77.683486][ T5230] ? __pfx_lock_release+0x10/0x10 [ 77.688498][ T5230] ? kfree+0x149/0x360 [ 77.692554][ T5230] ? tomoyo_path_number_perm+0x71a/0x880 [ 77.698171][ T5230] ? tomoyo_path_number_perm+0x208/0x880 [ 77.703788][ T5230] ? smack_log+0x123/0x540 [ 77.708194][ T5230] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 77.714162][ T5230] ? __pfx_smack_log+0x10/0x10 [ 77.718915][ T5230] ? smk_access+0x4ab/0x4e0 [ 77.723412][ T5230] ? smk_tskacc+0x300/0x370 [ 77.727904][ T5230] ? smack_file_ioctl+0x2fa/0x3a0 [ 77.732916][ T5230] ? __pfx_smack_file_ioctl+0x10/0x10 [ 77.738272][ T5230] ? __pfx_ptrace_notify+0x10/0x10 [ 77.743376][ T5230] ? bpf_lsm_file_ioctl+0x9/0x10 [ 77.748300][ T5230] ? security_file_ioctl+0x87/0xb0 [ 77.753402][ T5230] ? __pfx_ext4_ioctl+0x10/0x10 [ 77.758236][ T5230] __se_sys_ioctl+0xfc/0x170 [ 77.762903][ T5230] do_syscall_64+0xf3/0x230 [ 77.767392][ T5230] ? clear_bhb_loop+0x35/0x90 [ 77.772056][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.777934][ T5230] RIP: 0033:0x7feae24392a9 [ 77.782342][ T5230] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.801931][ T5230] RSP: 002b:00007ffd6cab1d58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.810331][ T5230] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007feae24392a9 [ 77.818288][ T5230] RDX: 0000000020000000 RSI: 00000000c028660f RDI: 0000000000000005 [ 77.826243][ T5230] RBP: 0000000000000000 R08: 00007ffd6cab1d90 R09: 00007ffd6cab1d90 [ 77.834205][ T5230] R10: 00007ffd6cab1d90 R11: 0000000000000246 R12: 00007ffd6cab1d7c [ 77.842159][ T5230] R13: 0000000000000047 R14: 431bde82d7b634db R15: 00007ffd6cab1db0 [ 77.850127][ T5230] [ 77.853136][ T5230] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 77.860396][ T5230] CPU: 0 PID: 5230 Comm: syz-executor148 Not tainted 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848 #0 [ 77.870875][ T5230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 77.880926][ T5230] Call Trace: [ 77.884206][ T5230] [ 77.887130][ T5230] dump_stack_lvl+0x241/0x360 [ 77.891808][ T5230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.896992][ T5230] ? __pfx__printk+0x10/0x10 [ 77.901568][ T5230] ? _printk+0xd5/0x120 [ 77.905712][ T5230] ? vscnprintf+0x5d/0x90 [ 77.910030][ T5230] panic+0x349/0x860 [ 77.913911][ T5230] ? __warn+0x172/0x4e0 [ 77.918057][ T5230] ? __pfx_panic+0x10/0x10 [ 77.922457][ T5230] ? show_trace_log_lvl+0x4e6/0x520 [ 77.927653][ T5230] __warn+0x346/0x4e0 [ 77.931624][ T5230] ? look_up_lock_class+0xdc/0x160 [ 77.936725][ T5230] report_bug+0x2b3/0x500 [ 77.941038][ T5230] ? look_up_lock_class+0xdc/0x160 [ 77.946140][ T5230] handle_bug+0x3e/0x70 [ 77.950284][ T5230] exc_invalid_op+0x1a/0x50 [ 77.954776][ T5230] asm_exc_invalid_op+0x1a/0x20 [ 77.959613][ T5230] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 77.965320][ T5230] Code: 01 0f 85 80 00 00 00 c6 05 5c 02 19 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 20 db ca 8b e8 25 b7 da f5 90 <0f> 0b 90 90 eb 57 90 e8 38 a2 25 f9 48 c7 c7 60 da ca 8b 89 de e8 [ 77.984911][ T5230] RSP: 0018:ffffc900037173f0 EFLAGS: 00010046 [ 77.990966][ T5230] RAX: 88c2a724edca5600 RBX: ffffffff92ca7a08 RCX: ffff88802b1a5a00 [ 77.998925][ T5230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 78.006885][ T5230] RBP: ffffc90003717500 R08: ffffffff815846c2 R09: 1ffff1101728519a [ 78.014844][ T5230] R10: dffffc0000000000 R11: ffffed101728519b R12: ffff88807e99e688 [ 78.022801][ T5230] R13: ffff88807e99e688 R14: ffff88807e99e688 R15: ffffffff9489b421 [ 78.030761][ T5230] ? __warn_printk+0x292/0x360 [ 78.035520][ T5230] register_lock_class+0x102/0x980 [ 78.040619][ T5230] ? __pfx_register_lock_class+0x10/0x10 [ 78.046239][ T5230] ? __pfx_register_lock_class+0x10/0x10 [ 78.051864][ T5230] __lock_acquire+0xda/0x1fd0 [ 78.056534][ T5230] lock_acquire+0x1ed/0x550 [ 78.061023][ T5230] ? ext4_move_extents+0x39d/0xec0 [ 78.066129][ T5230] ? __pfx_lock_acquire+0x10/0x10 [ 78.071139][ T5230] ? __pfx___might_resched+0x10/0x10 [ 78.076413][ T5230] ? __down_write_common+0x162/0x200 [ 78.081688][ T5230] ? __pfx_inode_dio_wait+0x10/0x10 [ 78.086874][ T5230] ? __pfx___down_write_common+0x10/0x10 [ 78.092497][ T5230] ? __pfx___down_write_common+0x10/0x10 [ 78.098126][ T5230] down_write_nested+0x3d/0x50 [ 78.102877][ T5230] ? ext4_move_extents+0x39d/0xec0 [ 78.107973][ T5230] ext4_move_extents+0x39d/0xec0 [ 78.112899][ T5230] ? rcu_read_lock_any_held+0xb7/0x160 [ 78.118346][ T5230] ? __pfx_ext4_move_extents+0x10/0x10 [ 78.123795][ T5230] ext4_ioctl+0x34bd/0x55a0 [ 78.128283][ T5230] ? kasan_save_track+0x51/0x80 [ 78.133141][ T5230] ? kfree+0x149/0x360 [ 78.137207][ T5230] ? do_syscall_64+0xf3/0x230 [ 78.141887][ T5230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.147953][ T5230] ? do_vfs_ioctl+0x1e77/0x2e50 [ 78.152802][ T5230] ? __pfx_ext4_ioctl+0x10/0x10 [ 78.157641][ T5230] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 78.162664][ T5230] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.168984][ T5230] ? tomoyo_path_number_perm+0x208/0x880 [ 78.174608][ T5230] ? __pfx_lock_release+0x10/0x10 [ 78.179624][ T5230] ? kfree+0x149/0x360 [ 78.183684][ T5230] ? tomoyo_path_number_perm+0x71a/0x880 [ 78.189309][ T5230] ? tomoyo_path_number_perm+0x208/0x880 [ 78.194948][ T5230] ? smack_log+0x123/0x540 [ 78.199370][ T5230] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 78.205342][ T5230] ? __pfx_smack_log+0x10/0x10 [ 78.210102][ T5230] ? smk_access+0x4ab/0x4e0 [ 78.214601][ T5230] ? smk_tskacc+0x300/0x370 [ 78.219104][ T5230] ? smack_file_ioctl+0x2fa/0x3a0 [ 78.224124][ T5230] ? __pfx_smack_file_ioctl+0x10/0x10 [ 78.229490][ T5230] ? __pfx_ptrace_notify+0x10/0x10 [ 78.234600][ T5230] ? bpf_lsm_file_ioctl+0x9/0x10 [ 78.239528][ T5230] ? security_file_ioctl+0x87/0xb0 [ 78.244629][ T5230] ? __pfx_ext4_ioctl+0x10/0x10 [ 78.249470][ T5230] __se_sys_ioctl+0xfc/0x170 [ 78.254056][ T5230] do_syscall_64+0xf3/0x230 [ 78.258549][ T5230] ? clear_bhb_loop+0x35/0x90 [ 78.263217][ T5230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.269098][ T5230] RIP: 0033:0x7feae24392a9 [ 78.273499][ T5230] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 78.293089][ T5230] RSP: 002b:00007ffd6cab1d58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.301490][ T5230] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007feae24392a9 [ 78.309447][ T5230] RDX: 0000000020000000 RSI: 00000000c028660f RDI: 0000000000000005 [ 78.317404][ T5230] RBP: 0000000000000000 R08: 00007ffd6cab1d90 R09: 00007ffd6cab1d90 [ 78.325361][ T5230] R10: 00007ffd6cab1d90 R11: 0000000000000246 R12: 00007ffd6cab1d7c [ 78.333319][ T5230] R13: 0000000000000047 R14: 431bde82d7b634db R15: 00007ffd6cab1db0 [ 78.341292][ T5230] [ 78.344502][ T5230] Kernel Offset: disabled [ 78.348811][ T5230] Rebooting in 86400 seconds..