./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3299435055 <...> truncate(3, 2097152) = 0 [pid 2387] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2387] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2387] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2387] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2387] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2387] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2387] mkdir("./file0", 0777) = 0 [pid 2387] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2387] ioctl(4, LOOP_CLR_FD) = 0 [pid 2387] close(4) = 0 [pid 2387] close(3) = 0 [pid 2387] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2387] exit_group(0) = ? [pid 2387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2387, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./520/binderfs") = 0 [ 68.823011][ T2387] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.836209][ T2387] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./520/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2391 ./strace-static-x86_64: Process 2391 attached [pid 2391] chdir("./521") = 0 [pid 2391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2391] setpgid(0, 0) = 0 [pid 2391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2391] write(3, "1000", 4) = 4 [pid 2391] close(3) = 0 [pid 2391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2391] memfd_create("syzkaller", 0) = 3 [pid 2391] ftruncate(3, 2097152) = 0 [pid 2391] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2391] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2391] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2391] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2391] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2391] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2391] mkdir("./file0", 0777) = 0 [pid 2391] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2391] ioctl(4, LOOP_CLR_FD) = 0 [pid 2391] close(4) = 0 [pid 2391] close(3) = 0 [pid 2391] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2391] exit_group(0) = ? [pid 2391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2391, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./521/binderfs") = 0 [ 68.913060][ T2391] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.924097][ T2391] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2395 ./strace-static-x86_64: Process 2395 attached [pid 2395] chdir("./522") = 0 [pid 2395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2395] setpgid(0, 0) = 0 [pid 2395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2395] write(3, "1000", 4) = 4 [pid 2395] close(3) = 0 [pid 2395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2395] memfd_create("syzkaller", 0) = 3 [pid 2395] ftruncate(3, 2097152) = 0 [pid 2395] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2395] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2395] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2395] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2395] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2395] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2395] mkdir("./file0", 0777) = 0 [pid 2395] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2395] ioctl(4, LOOP_CLR_FD) = 0 [pid 2395] close(4) = 0 [pid 2395] close(3) = 0 [pid 2395] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2395] exit_group(0) = ? [pid 2395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2395, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./522/binderfs") = 0 [ 69.063090][ T2395] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.075880][ T2395] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./522/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2399 attached , child_tidptr=0x5555564b55d0) = 2399 [pid 2399] chdir("./523") = 0 [pid 2399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2399] setpgid(0, 0) = 0 [pid 2399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2399] write(3, "1000", 4) = 4 [pid 2399] close(3) = 0 [pid 2399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2399] memfd_create("syzkaller", 0) = 3 [pid 2399] ftruncate(3, 2097152) = 0 [pid 2399] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2399] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2399] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2399] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2399] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2399] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2399] mkdir("./file0", 0777) = 0 [pid 2399] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2399] ioctl(4, LOOP_CLR_FD) = 0 [pid 2399] close(4) = 0 [pid 2399] close(3) = 0 [pid 2399] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2399] exit_group(0) = ? [pid 2399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2399, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./523/binderfs") = 0 [ 69.183315][ T2399] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.195912][ T2399] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./523/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2403 ./strace-static-x86_64: Process 2403 attached [pid 2403] chdir("./524") = 0 [pid 2403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2403] setpgid(0, 0) = 0 [pid 2403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2403] write(3, "1000", 4) = 4 [pid 2403] close(3) = 0 [pid 2403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2403] memfd_create("syzkaller", 0) = 3 [pid 2403] ftruncate(3, 2097152) = 0 [pid 2403] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2403] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2403] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2403] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2403] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2403] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2403] mkdir("./file0", 0777) = 0 [pid 2403] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2403] ioctl(4, LOOP_CLR_FD) = 0 [pid 2403] close(4) = 0 [pid 2403] close(3) = 0 [pid 2403] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2403] exit_group(0) = ? [pid 2403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2403, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./524/binderfs") = 0 [ 69.303030][ T2403] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.315563][ T2403] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./524/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2407 ./strace-static-x86_64: Process 2407 attached [pid 2407] chdir("./525") = 0 [pid 2407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2407] setpgid(0, 0) = 0 [pid 2407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2407] write(3, "1000", 4) = 4 [pid 2407] close(3) = 0 [pid 2407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2407] memfd_create("syzkaller", 0) = 3 [pid 2407] ftruncate(3, 2097152) = 0 [pid 2407] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2407] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2407] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2407] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2407] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2407] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2407] mkdir("./file0", 0777) = 0 [pid 2407] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2407] ioctl(4, LOOP_CLR_FD) = 0 [pid 2407] close(4) = 0 [pid 2407] close(3) = 0 [pid 2407] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2407] exit_group(0) = ? [pid 2407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2407, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./525/binderfs") = 0 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 69.403053][ T2407] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.414938][ T2407] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./525/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2411 ./strace-static-x86_64: Process 2411 attached [pid 2411] chdir("./526") = 0 [pid 2411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2411] setpgid(0, 0) = 0 [pid 2411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2411] write(3, "1000", 4) = 4 [pid 2411] close(3) = 0 [pid 2411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2411] memfd_create("syzkaller", 0) = 3 [pid 2411] ftruncate(3, 2097152) = 0 [pid 2411] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2411] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2411] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2411] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2411] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2411] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2411] mkdir("./file0", 0777) = 0 [pid 2411] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2411] ioctl(4, LOOP_CLR_FD) = 0 [pid 2411] close(4) = 0 [pid 2411] close(3) = 0 [pid 2411] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2411] exit_group(0) = ? [pid 2411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2411, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./526/binderfs") = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.493038][ T2411] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.506645][ T2411] EXT4-fs (loop0): re-mounted. Opts: (null) openat(AT_FDCWD, "./526/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./526/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2415 ./strace-static-x86_64: Process 2415 attached [pid 2415] chdir("./527") = 0 [pid 2415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2415] setpgid(0, 0) = 0 [pid 2415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2415] write(3, "1000", 4) = 4 [pid 2415] close(3) = 0 [pid 2415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2415] memfd_create("syzkaller", 0) = 3 [pid 2415] ftruncate(3, 2097152) = 0 [pid 2415] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2415] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2415] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2415] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2415] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2415] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2415] mkdir("./file0", 0777) = 0 [pid 2415] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2415] ioctl(4, LOOP_CLR_FD) = 0 [pid 2415] close(4) = 0 [pid 2415] close(3) = 0 [pid 2415] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2415] exit_group(0) = ? [pid 2415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2415, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./527/binderfs") = 0 [ 69.583333][ T2415] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.596240][ T2415] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./527/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2419 attached , child_tidptr=0x5555564b55d0) = 2419 [pid 2419] chdir("./528") = 0 [pid 2419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2419] setpgid(0, 0) = 0 [pid 2419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2419] write(3, "1000", 4) = 4 [pid 2419] close(3) = 0 [pid 2419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2419] memfd_create("syzkaller", 0) = 3 [pid 2419] ftruncate(3, 2097152) = 0 [pid 2419] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2419] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2419] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2419] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2419] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2419] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2419] mkdir("./file0", 0777) = 0 [pid 2419] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2419] ioctl(4, LOOP_CLR_FD) = 0 [pid 2419] close(4) = 0 [pid 2419] close(3) = 0 [pid 2419] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2419] exit_group(0) = ? [pid 2419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2419, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./528/binderfs") = 0 [ 69.713273][ T2419] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.727288][ T2419] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./528/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2423 ./strace-static-x86_64: Process 2423 attached [pid 2423] chdir("./529") = 0 [pid 2423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2423] setpgid(0, 0) = 0 [pid 2423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2423] write(3, "1000", 4) = 4 [pid 2423] close(3) = 0 [pid 2423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2423] memfd_create("syzkaller", 0) = 3 [pid 2423] ftruncate(3, 2097152) = 0 [pid 2423] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2423] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2423] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2423] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2423] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2423] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2423] mkdir("./file0", 0777) = 0 [pid 2423] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2423] ioctl(4, LOOP_CLR_FD) = 0 [pid 2423] close(4) = 0 [pid 2423] close(3) = 0 [pid 2423] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2423] exit_group(0) = ? [pid 2423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2423, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./529/binderfs") = 0 [ 69.863124][ T2423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.875562][ T2423] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2427 ./strace-static-x86_64: Process 2427 attached [pid 2427] chdir("./530") = 0 [pid 2427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2427] setpgid(0, 0) = 0 [pid 2427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2427] write(3, "1000", 4) = 4 [pid 2427] close(3) = 0 [pid 2427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2427] memfd_create("syzkaller", 0) = 3 [pid 2427] ftruncate(3, 2097152) = 0 [pid 2427] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2427] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2427] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2427] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2427] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2427] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2427] mkdir("./file0", 0777) = 0 [pid 2427] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2427] ioctl(4, LOOP_CLR_FD) = 0 [pid 2427] close(4) = 0 [pid 2427] close(3) = 0 [pid 2427] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2427] exit_group(0) = ? [pid 2427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2427, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./530/binderfs") = 0 [ 69.973552][ T2427] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.986957][ T2427] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./530/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2432 ./strace-static-x86_64: Process 2432 attached [pid 2432] chdir("./531") = 0 [pid 2432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2432] setpgid(0, 0) = 0 [pid 2432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2432] write(3, "1000", 4) = 4 [pid 2432] close(3) = 0 [pid 2432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2432] memfd_create("syzkaller", 0) = 3 [pid 2432] ftruncate(3, 2097152) = 0 [pid 2432] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2432] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2432] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2432] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2432] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2432] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2432] mkdir("./file0", 0777) = 0 [pid 2432] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2432] ioctl(4, LOOP_CLR_FD) = 0 [pid 2432] close(4) = 0 [pid 2432] close(3) = 0 [pid 2432] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2432] exit_group(0) = ? [pid 2432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2432, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./531/binderfs") = 0 [ 70.073184][ T2432] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.085523][ T2432] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./531/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2436 ./strace-static-x86_64: Process 2436 attached [pid 2436] chdir("./532") = 0 [pid 2436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2436] setpgid(0, 0) = 0 [pid 2436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2436] write(3, "1000", 4) = 4 [pid 2436] close(3) = 0 [pid 2436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2436] memfd_create("syzkaller", 0) = 3 [pid 2436] ftruncate(3, 2097152) = 0 [pid 2436] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2436] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2436] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2436] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2436] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2436] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2436] mkdir("./file0", 0777) = 0 [pid 2436] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2436] ioctl(4, LOOP_CLR_FD) = 0 [pid 2436] close(4) = 0 [pid 2436] close(3) = 0 [pid 2436] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2436] exit_group(0) = ? [pid 2436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2436, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./532/binderfs") = 0 umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 70.143207][ T2436] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.154884][ T2436] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./532/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2440 attached , child_tidptr=0x5555564b55d0) = 2440 [pid 2440] chdir("./533") = 0 [pid 2440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2440] setpgid(0, 0) = 0 [pid 2440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2440] write(3, "1000", 4) = 4 [pid 2440] close(3) = 0 [pid 2440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2440] memfd_create("syzkaller", 0) = 3 [pid 2440] ftruncate(3, 2097152) = 0 [pid 2440] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2440] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2440] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2440] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2440] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2440] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2440] mkdir("./file0", 0777) = 0 [pid 2440] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2440] ioctl(4, LOOP_CLR_FD) = 0 [pid 2440] close(4) = 0 [pid 2440] close(3) = 0 [pid 2440] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2440] exit_group(0) = ? [pid 2440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2440, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./533/binderfs") = 0 [ 70.233060][ T2440] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.247297][ T2440] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./533/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2444 ./strace-static-x86_64: Process 2444 attached [pid 2444] chdir("./534") = 0 [pid 2444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2444] setpgid(0, 0) = 0 [pid 2444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2444] write(3, "1000", 4) = 4 [pid 2444] close(3) = 0 [pid 2444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2444] memfd_create("syzkaller", 0) = 3 [pid 2444] ftruncate(3, 2097152) = 0 [pid 2444] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2444] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2444] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2444] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2444] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2444] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2444] mkdir("./file0", 0777) = 0 [pid 2444] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2444] ioctl(4, LOOP_CLR_FD) = 0 [pid 2444] close(4) = 0 [pid 2444] close(3) = 0 [pid 2444] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2444] exit_group(0) = ? [pid 2444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2444, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./534/binderfs") = 0 [ 70.323012][ T2444] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.337970][ T2444] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./534/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2448 ./strace-static-x86_64: Process 2448 attached [pid 2448] chdir("./535") = 0 [pid 2448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2448] setpgid(0, 0) = 0 [pid 2448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2448] write(3, "1000", 4) = 4 [pid 2448] close(3) = 0 [pid 2448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2448] memfd_create("syzkaller", 0) = 3 [pid 2448] ftruncate(3, 2097152) = 0 [pid 2448] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2448] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2448] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2448] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2448] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2448] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2448] mkdir("./file0", 0777) = 0 [pid 2448] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2448] ioctl(4, LOOP_CLR_FD) = 0 [pid 2448] close(4) = 0 [pid 2448] close(3) = 0 [pid 2448] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2448] exit_group(0) = ? [pid 2448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2448, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./535/binderfs") = 0 [ 70.433354][ T2448] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.448586][ T2448] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./535/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2452 ./strace-static-x86_64: Process 2452 attached [pid 2452] chdir("./536") = 0 [pid 2452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2452] setpgid(0, 0) = 0 [pid 2452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2452] write(3, "1000", 4) = 4 [pid 2452] close(3) = 0 [pid 2452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2452] memfd_create("syzkaller", 0) = 3 [pid 2452] ftruncate(3, 2097152) = 0 [pid 2452] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2452] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2452] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2452] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2452] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2452] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2452] mkdir("./file0", 0777) = 0 [pid 2452] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2452] ioctl(4, LOOP_CLR_FD) = 0 [pid 2452] close(4) = 0 [pid 2452] close(3) = 0 [pid 2452] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2452] exit_group(0) = ? [pid 2452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2452, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./536/binderfs") = 0 [ 70.553116][ T2452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.566985][ T2452] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./536/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2456 ./strace-static-x86_64: Process 2456 attached [pid 2456] chdir("./537") = 0 [pid 2456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2456] setpgid(0, 0) = 0 [pid 2456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2456] write(3, "1000", 4) = 4 [pid 2456] close(3) = 0 [pid 2456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2456] memfd_create("syzkaller", 0) = 3 [pid 2456] ftruncate(3, 2097152) = 0 [pid 2456] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2456] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2456] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2456] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2456] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2456] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2456] mkdir("./file0", 0777) = 0 [pid 2456] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2456] ioctl(4, LOOP_CLR_FD) = 0 [pid 2456] close(4) = 0 [pid 2456] close(3) = 0 [pid 2456] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2456] exit_group(0) = ? [pid 2456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2456, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./537/binderfs") = 0 [ 70.653471][ T2456] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.676354][ T2456] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./537/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2461 attached [pid 2461] chdir("./538" [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2461 [pid 2461] <... chdir resumed>) = 0 [pid 2461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2461] setpgid(0, 0) = 0 [pid 2461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2461] write(3, "1000", 4) = 4 [pid 2461] close(3) = 0 [pid 2461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2461] memfd_create("syzkaller", 0) = 3 [pid 2461] ftruncate(3, 2097152) = 0 [pid 2461] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2461] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2461] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2461] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2461] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2461] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2461] mkdir("./file0", 0777) = 0 [pid 2461] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2461] ioctl(4, LOOP_CLR_FD) = 0 [pid 2461] close(4) = 0 [pid 2461] close(3) = 0 [pid 2461] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2461] exit_group(0) = ? [pid 2461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2461, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./538/binderfs") = 0 [ 70.793281][ T2461] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.805338][ T2461] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./538/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./538/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./538/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./538/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2465 attached , child_tidptr=0x5555564b55d0) = 2465 [pid 2465] chdir("./539") = 0 [pid 2465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2465] setpgid(0, 0) = 0 [pid 2465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2465] write(3, "1000", 4) = 4 [pid 2465] close(3) = 0 [pid 2465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2465] memfd_create("syzkaller", 0) = 3 [pid 2465] ftruncate(3, 2097152) = 0 [pid 2465] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2465] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2465] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2465] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2465] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2465] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2465] mkdir("./file0", 0777) = 0 [pid 2465] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2465] ioctl(4, LOOP_CLR_FD) = 0 [pid 2465] close(4) = 0 [pid 2465] close(3) = 0 [pid 2465] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2465] exit_group(0) = ? [pid 2465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2465, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./539/binderfs") = 0 [ 70.893185][ T2465] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.908848][ T2465] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2469 ./strace-static-x86_64: Process 2469 attached [pid 2469] chdir("./540") = 0 [pid 2469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2469] setpgid(0, 0) = 0 [pid 2469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2469] write(3, "1000", 4) = 4 [pid 2469] close(3) = 0 [pid 2469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2469] memfd_create("syzkaller", 0) = 3 [pid 2469] ftruncate(3, 2097152) = 0 [pid 2469] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2469] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2469] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2469] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2469] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2469] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2469] mkdir("./file0", 0777) = 0 [pid 2469] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2469] ioctl(4, LOOP_CLR_FD) = 0 [pid 2469] close(4) = 0 [pid 2469] close(3) = 0 [pid 2469] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2469] exit_group(0) = ? [pid 2469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2469, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./540/binderfs") = 0 [ 70.991580][ T2469] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./540/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2473 attached , child_tidptr=0x5555564b55d0) = 2473 [pid 2473] chdir("./541") = 0 [pid 2473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2473] setpgid(0, 0) = 0 [pid 2473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2473] write(3, "1000", 4) = 4 [pid 2473] close(3) = 0 [pid 2473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2473] memfd_create("syzkaller", 0) = 3 [pid 2473] ftruncate(3, 2097152) = 0 [pid 2473] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2473] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2473] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2473] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2473] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2473] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2473] mkdir("./file0", 0777) = 0 [pid 2473] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2473] ioctl(4, LOOP_CLR_FD) = 0 [pid 2473] close(4) = 0 [pid 2473] close(3) = 0 [pid 2473] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2473] exit_group(0) = ? [pid 2473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2473, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./541/binderfs") = 0 [ 71.118570][ T2473] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2477 ./strace-static-x86_64: Process 2477 attached [pid 2477] chdir("./542") = 0 [pid 2477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2477] setpgid(0, 0) = 0 [pid 2477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2477] write(3, "1000", 4) = 4 [pid 2477] close(3) = 0 [pid 2477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2477] memfd_create("syzkaller", 0) = 3 [pid 2477] ftruncate(3, 2097152) = 0 [pid 2477] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2477] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2477] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2477] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2477] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2477] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2477] mkdir("./file0", 0777) = 0 [pid 2477] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2477] ioctl(4, LOOP_CLR_FD) = 0 [pid 2477] close(4) = 0 [pid 2477] close(3) = 0 [pid 2477] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2477] exit_group(0) = ? [pid 2477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2477, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./542/binderfs") = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./542/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2481 ./strace-static-x86_64: Process 2481 attached [pid 2481] chdir("./543") = 0 [pid 2481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2481] setpgid(0, 0) = 0 [pid 2481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2481] write(3, "1000", 4) = 4 [ 71.238201][ T2477] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2481] close(3) = 0 [pid 2481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2481] memfd_create("syzkaller", 0) = 3 [pid 2481] ftruncate(3, 2097152) = 0 [pid 2481] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2481] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2481] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2481] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2481] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2481] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2481] mkdir("./file0", 0777) = 0 [pid 2481] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2481] ioctl(4, LOOP_CLR_FD) = 0 [pid 2481] close(4) = 0 [pid 2481] close(3) = 0 [pid 2481] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2481] exit_group(0) = ? [pid 2481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2481, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./543", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./543/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./543/binderfs") = 0 umount2("./543/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./543/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./543/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./543/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./543") = 0 mkdir("./544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2485 ./strace-static-x86_64: Process 2485 attached [pid 2485] chdir("./544") = 0 [pid 2485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2485] setpgid(0, 0) = 0 [pid 2485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2485] write(3, "1000", 4) = 4 [pid 2485] close(3) = 0 [pid 2485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2485] memfd_create("syzkaller", 0) = 3 [pid 2485] ftruncate(3, 2097152) = 0 [pid 2485] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2485] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2485] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2485] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2485] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2485] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2485] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2485] ioctl(4, LOOP_CLR_FD) = 0 [pid 2485] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2485] close(4) = 0 [pid 2485] close(3) = 0 [pid 2485] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = -1 ENOENT (No such file or directory) [pid 2485] exit_group(0) = ? [pid 2485] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2485, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 71.314264][ T2481] EXT4-fs (loop0): re-mounted. Opts: (null) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./544", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 3 entries */, 32768) = 80 umount2("./544/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./544/binderfs") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./544") = 0 mkdir("./545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2486 ./strace-static-x86_64: Process 2486 attached [pid 2486] chdir("./545") = 0 [pid 2486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2486] setpgid(0, 0) = 0 [pid 2486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2486] write(3, "1000", 4) = 4 [pid 2486] close(3) = 0 [pid 2486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2486] memfd_create("syzkaller", 0) = 3 [pid 2486] ftruncate(3, 2097152) = 0 [pid 2486] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2486] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2486] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2486] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2486] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2486] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2486] mkdir("./file0", 0777) = 0 [pid 2486] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2486] ioctl(4, LOOP_CLR_FD) = 0 [pid 2486] close(4) = 0 [pid 2486] close(3) = 0 [pid 2486] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2486] exit_group(0) = ? [pid 2486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2486, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./545", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./545/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./545/binderfs") = 0 umount2("./545/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./545/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./545/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./545/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./545") = 0 mkdir("./546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2490 ./strace-static-x86_64: Process 2490 attached [pid 2490] chdir("./546") = 0 [pid 2490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2490] setpgid(0, 0) = 0 [pid 2490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2490] write(3, "1000", 4) = 4 [pid 2490] close(3) = 0 [pid 2490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2490] memfd_create("syzkaller", 0) = 3 [pid 2490] ftruncate(3, 2097152) = 0 [pid 2490] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2490] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [ 71.397337][ T2486] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2490] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2490] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2490] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2490] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2490] mkdir("./file0", 0777) = 0 [pid 2490] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2490] ioctl(4, LOOP_CLR_FD) = 0 [pid 2490] close(4) = 0 [pid 2490] close(3) = 0 [pid 2490] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2490] exit_group(0) = ? [pid 2490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2490, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./546", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./546/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./546/binderfs") = 0 [ 71.478231][ T2490] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./546/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./546/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./546/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./546/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./546") = 0 mkdir("./547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2494 ./strace-static-x86_64: Process 2494 attached [pid 2494] chdir("./547") = 0 [pid 2494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2494] setpgid(0, 0) = 0 [pid 2494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2494] write(3, "1000", 4) = 4 [pid 2494] close(3) = 0 [pid 2494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2494] memfd_create("syzkaller", 0) = 3 [pid 2494] ftruncate(3, 2097152) = 0 [pid 2494] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2494] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2494] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2494] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2494] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2494] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2494] mkdir("./file0", 0777) = 0 [pid 2494] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2494] ioctl(4, LOOP_CLR_FD) = 0 [pid 2494] close(4) = 0 [pid 2494] close(3) = 0 [pid 2494] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2494] exit_group(0) = ? [pid 2494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2494, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./547", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./547/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./547/binderfs") = 0 umount2("./547/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./547/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./547/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./547/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./547") = 0 mkdir("./548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2498 ./strace-static-x86_64: Process 2498 attached [pid 2498] chdir("./548") = 0 [pid 2498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2498] setpgid(0, 0) = 0 [pid 2498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2498] write(3, "1000", 4) = 4 [pid 2498] close(3) = 0 [pid 2498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2498] memfd_create("syzkaller", 0) = 3 [pid 2498] ftruncate(3, 2097152) = 0 [pid 2498] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2498] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2498] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2498] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2498] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2498] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2498] mkdir("./file0", 0777) = 0 [pid 2498] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2498] ioctl(4, LOOP_CLR_FD) = 0 [pid 2498] close(4) = 0 [pid 2498] close(3) = 0 [ 71.587741][ T2494] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2498] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2498] exit_group(0) = ? [pid 2498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2498, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./548", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./548/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./548/binderfs") = 0 [ 71.648895][ T2498] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./548/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./548/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./548/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./548/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./548") = 0 mkdir("./549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2502 ./strace-static-x86_64: Process 2502 attached [pid 2502] chdir("./549") = 0 [pid 2502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2502] setpgid(0, 0) = 0 [pid 2502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2502] write(3, "1000", 4) = 4 [pid 2502] close(3) = 0 [pid 2502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2502] memfd_create("syzkaller", 0) = 3 [pid 2502] ftruncate(3, 2097152) = 0 [pid 2502] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2502] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2502] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2502] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2502] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2502] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2502] mkdir("./file0", 0777) = 0 [pid 2502] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2502] ioctl(4, LOOP_CLR_FD) = 0 [pid 2502] close(4) = 0 [pid 2502] close(3) = 0 [pid 2502] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2502] exit_group(0) = ? [pid 2502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2502, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./549", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./549/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./549/binderfs") = 0 umount2("./549/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./549/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./549/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./549/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./549") = 0 mkdir("./550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2506 ./strace-static-x86_64: Process 2506 attached [pid 2506] chdir("./550") = 0 [pid 2506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2506] setpgid(0, 0) = 0 [pid 2506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2506] write(3, "1000", 4) = 4 [pid 2506] close(3) = 0 [pid 2506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2506] memfd_create("syzkaller", 0) = 3 [pid 2506] ftruncate(3, 2097152) = 0 [pid 2506] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2506] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2506] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2506] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2506] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2506] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2506] ioctl(4, LOOP_SET_FD, 3) = 0 [ 71.748578][ T2502] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2506] mkdir("./file0", 0777) = 0 [pid 2506] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2506] ioctl(4, LOOP_CLR_FD) = 0 [pid 2506] close(4) = 0 [pid 2506] close(3) = 0 [pid 2506] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2506] exit_group(0) = ? [pid 2506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2506, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./550", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./550/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./550/binderfs") = 0 [ 71.816998][ T2506] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./550/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./550/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./550/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./550/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./550") = 0 mkdir("./551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2510 ./strace-static-x86_64: Process 2510 attached [pid 2510] chdir("./551") = 0 [pid 2510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2510] setpgid(0, 0) = 0 [pid 2510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2510] write(3, "1000", 4) = 4 [pid 2510] close(3) = 0 [pid 2510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2510] memfd_create("syzkaller", 0) = 3 [pid 2510] ftruncate(3, 2097152) = 0 [pid 2510] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2510] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2510] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2510] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2510] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2510] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2510] mkdir("./file0", 0777) = 0 [pid 2510] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2510] ioctl(4, LOOP_CLR_FD) = 0 [pid 2510] close(4) = 0 [pid 2510] close(3) = 0 [pid 2510] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2510] exit_group(0) = ? [pid 2510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2510, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./551", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./551/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./551/binderfs") = 0 umount2("./551/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./551/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./551/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./551/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./551") = 0 mkdir("./552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 71.907204][ T2510] EXT4-fs (loop0): re-mounted. Opts: (null) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2514 attached , child_tidptr=0x5555564b55d0) = 2514 [pid 2514] chdir("./552") = 0 [pid 2514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2514] setpgid(0, 0) = 0 [pid 2514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2514] write(3, "1000", 4) = 4 [pid 2514] close(3) = 0 [pid 2514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2514] memfd_create("syzkaller", 0) = 3 [pid 2514] ftruncate(3, 2097152) = 0 [pid 2514] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2514] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2514] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2514] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2514] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2514] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2514] mkdir("./file0", 0777) = 0 [pid 2514] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2514] ioctl(4, LOOP_CLR_FD) = 0 [pid 2514] close(4) = 0 [pid 2514] close(3) = 0 [pid 2514] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2514] exit_group(0) = ? [pid 2514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2514, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./552", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./552/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./552/binderfs") = 0 [ 71.998681][ T2514] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./552/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./552/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./552/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./552/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./552") = 0 mkdir("./553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2518 attached [pid 2518] chdir("./553") = 0 [pid 2518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2518] setpgid(0, 0) = 0 [pid 2518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2518 [pid 2518] <... openat resumed>) = 3 [pid 2518] write(3, "1000", 4) = 4 [pid 2518] close(3) = 0 [pid 2518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2518] memfd_create("syzkaller", 0) = 3 [pid 2518] ftruncate(3, 2097152) = 0 [pid 2518] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2518] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2518] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2518] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2518] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2518] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2518] mkdir("./file0", 0777) = 0 [pid 2518] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2518] ioctl(4, LOOP_CLR_FD) = 0 [pid 2518] close(4) = 0 [pid 2518] close(3) = 0 [pid 2518] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2518] exit_group(0) = ? [pid 2518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2518, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./553", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./553/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./553/binderfs") = 0 umount2("./553/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./553/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./553/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./553/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./553") = 0 mkdir("./554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2522 attached [pid 2522] chdir("./554") = 0 [pid 2522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2522] setpgid(0, 0) = 0 [pid 2522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2522] write(3, "1000", 4) = 4 [pid 2522] close(3) = 0 [pid 2522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2522] memfd_create("syzkaller", 0) = 3 [pid 2522] ftruncate(3, 2097152) = 0 [pid 2522] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2522] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2522] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2522] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2522] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2522] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2522] ioctl(4, LOOP_SET_FD, 3 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2522 [pid 2522] <... ioctl resumed>) = 0 [pid 2522] mkdir("./file0", 0777) = 0 [pid 2522] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [ 72.106756][ T2518] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2522] ioctl(4, LOOP_CLR_FD) = 0 [pid 2522] close(4) = 0 [pid 2522] close(3) = 0 [pid 2522] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2522] exit_group(0) = ? [pid 2522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2522, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./554", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./554/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./554/binderfs") = 0 [ 72.176771][ T2522] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./554/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./554/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./554/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./554/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./554") = 0 mkdir("./555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2526 ./strace-static-x86_64: Process 2526 attached [pid 2526] chdir("./555") = 0 [pid 2526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2526] setpgid(0, 0) = 0 [pid 2526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2526] write(3, "1000", 4) = 4 [pid 2526] close(3) = 0 [pid 2526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2526] memfd_create("syzkaller", 0) = 3 [pid 2526] ftruncate(3, 2097152) = 0 [pid 2526] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2526] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2526] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2526] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2526] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2526] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2526] mkdir("./file0", 0777) = 0 [pid 2526] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2526] ioctl(4, LOOP_CLR_FD) = 0 [pid 2526] close(4) = 0 [pid 2526] close(3) = 0 [pid 2526] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2526] exit_group(0) = ? [pid 2526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2526, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./555", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./555/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./555/binderfs") = 0 umount2("./555/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./555/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./555/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./555/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./555") = 0 mkdir("./556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2530 ./strace-static-x86_64: Process 2530 attached [pid 2530] chdir("./556") = 0 [pid 2530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2530] setpgid(0, 0) = 0 [pid 2530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2530] write(3, "1000", 4) = 4 [pid 2530] close(3) = 0 [pid 2530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2530] memfd_create("syzkaller", 0) = 3 [pid 2530] ftruncate(3, 2097152) = 0 [pid 2530] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2530] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2530] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2530] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2530] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2530] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [ 72.276436][ T2526] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2530] mkdir("./file0", 0777) = 0 [pid 2530] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2530] ioctl(4, LOOP_CLR_FD) = 0 [pid 2530] close(4) = 0 [pid 2530] close(3) = 0 [pid 2530] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2530] exit_group(0) = ? [pid 2530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2530, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./556", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./556/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./556/binderfs") = 0 [ 72.377073][ T2530] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./556/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./556/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./556/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./556/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./556") = 0 mkdir("./557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2534 ./strace-static-x86_64: Process 2534 attached [pid 2534] chdir("./557") = 0 [pid 2534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2534] setpgid(0, 0) = 0 [pid 2534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2534] write(3, "1000", 4) = 4 [pid 2534] close(3) = 0 [pid 2534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2534] memfd_create("syzkaller", 0) = 3 [pid 2534] ftruncate(3, 2097152) = 0 [pid 2534] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2534] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2534] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2534] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2534] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2534] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2534] mkdir("./file0", 0777) = 0 [pid 2534] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2534] ioctl(4, LOOP_CLR_FD) = 0 [pid 2534] close(4) = 0 [pid 2534] close(3) = 0 [pid 2534] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2534] exit_group(0) = ? [pid 2534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2534, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./557", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./557/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./557/binderfs") = 0 umount2("./557/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./557/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./557/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./557/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./557") = 0 mkdir("./558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2538 ./strace-static-x86_64: Process 2538 attached [pid 2538] chdir("./558") = 0 [pid 2538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2538] setpgid(0, 0) = 0 [pid 2538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2538] write(3, "1000", 4) = 4 [pid 2538] close(3) = 0 [pid 2538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2538] memfd_create("syzkaller", 0) = 3 [pid 2538] ftruncate(3, 2097152) = 0 [pid 2538] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2538] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2538] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2538] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2538] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2538] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2538] mkdir("./file0", 0777) = 0 [ 72.468907][ T2534] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2538] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2538] ioctl(4, LOOP_CLR_FD) = 0 [pid 2538] close(4) = 0 [pid 2538] close(3) = 0 [pid 2538] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2538] exit_group(0) = ? [pid 2538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2538, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./558", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./558/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./558/binderfs") = 0 [ 72.536363][ T2538] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./558/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./558/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./558/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./558/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./558") = 0 mkdir("./559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2542 ./strace-static-x86_64: Process 2542 attached [pid 2542] chdir("./559") = 0 [pid 2542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2542] setpgid(0, 0) = 0 [pid 2542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2542] write(3, "1000", 4) = 4 [pid 2542] close(3) = 0 [pid 2542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2542] memfd_create("syzkaller", 0) = 3 [pid 2542] ftruncate(3, 2097152) = 0 [pid 2542] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2542] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2542] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2542] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2542] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2542] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2542] mkdir("./file0", 0777) = 0 [pid 2542] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2542] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2542] ioctl(4, LOOP_CLR_FD) = 0 [pid 2542] close(4) = 0 [pid 2542] close(3) = 0 [pid 2542] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2542] exit_group(0) = ? [pid 2542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2542, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./559", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./559/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./559/binderfs") = 0 [ 72.625884][ T2542] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./559/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./559/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./559/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./559/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./559") = 0 mkdir("./560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2546 attached , child_tidptr=0x5555564b55d0) = 2546 [pid 2546] chdir("./560") = 0 [pid 2546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2546] setpgid(0, 0) = 0 [pid 2546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2546] write(3, "1000", 4) = 4 [pid 2546] close(3) = 0 [pid 2546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2546] memfd_create("syzkaller", 0) = 3 [pid 2546] ftruncate(3, 2097152) = 0 [pid 2546] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2546] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2546] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2546] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2546] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2546] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2546] mkdir("./file0", 0777) = 0 [pid 2546] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2546] ioctl(4, LOOP_CLR_FD) = 0 [pid 2546] close(4) = 0 [pid 2546] close(3) = 0 [pid 2546] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2546] exit_group(0) = ? [pid 2546] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2546, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./560", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./560/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./560/binderfs") = 0 umount2("./560/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./560/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./560/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./560/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./560") = 0 mkdir("./561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2550 attached , child_tidptr=0x5555564b55d0) = 2550 [pid 2550] chdir("./561") = 0 [pid 2550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2550] setpgid(0, 0) = 0 [pid 2550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2550] write(3, "1000", 4) = 4 [pid 2550] close(3) = 0 [pid 2550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2550] memfd_create("syzkaller", 0) = 3 [pid 2550] ftruncate(3, 2097152) = 0 [pid 2550] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2550] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2550] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2550] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2550] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2550] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 72.758053][ T2546] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2550] mkdir("./file0", 0777) = 0 [pid 2550] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2550] ioctl(4, LOOP_CLR_FD) = 0 [pid 2550] close(4) = 0 [pid 2550] close(3) = 0 [pid 2550] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2550] exit_group(0) = ? [pid 2550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2550, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./561", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./561/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./561/binderfs") = 0 [ 72.838113][ T2550] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./561/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./561/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./561/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./561/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./561") = 0 mkdir("./562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2554 ./strace-static-x86_64: Process 2554 attached [pid 2554] chdir("./562") = 0 [pid 2554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2554] setpgid(0, 0) = 0 [pid 2554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2554] write(3, "1000", 4) = 4 [pid 2554] close(3) = 0 [pid 2554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2554] memfd_create("syzkaller", 0) = 3 [pid 2554] ftruncate(3, 2097152) = 0 [pid 2554] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2554] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2554] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2554] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2554] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2554] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2554] mkdir("./file0", 0777) = 0 [pid 2554] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2554] ioctl(4, LOOP_CLR_FD) = 0 [pid 2554] close(4) = 0 [pid 2554] close(3) = 0 [pid 2554] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2554] exit_group(0) = ? [pid 2554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2554, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./562", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./562/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./562/binderfs") = 0 [ 72.939694][ T2554] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./562/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./562/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./562/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./562/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./562") = 0 mkdir("./563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2558 ./strace-static-x86_64: Process 2558 attached [pid 2558] chdir("./563") = 0 [pid 2558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2558] setpgid(0, 0) = 0 [pid 2558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2558] write(3, "1000", 4) = 4 [pid 2558] close(3) = 0 [pid 2558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2558] memfd_create("syzkaller", 0) = 3 [pid 2558] ftruncate(3, 2097152) = 0 [pid 2558] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2558] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2558] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2558] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2558] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2558] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2558] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2558] mkdir("./file0", 0777) = 0 [pid 2558] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2558] ioctl(4, LOOP_CLR_FD) = 0 [pid 2558] close(4) = 0 [pid 2558] close(3) = 0 [pid 2558] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2558] exit_group(0) = ? [pid 2558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2558, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./563", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./563/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./563/binderfs") = 0 [ 73.028905][ T2558] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./563/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./563/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./563/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./563/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./563") = 0 mkdir("./564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2562 ./strace-static-x86_64: Process 2562 attached [pid 2562] chdir("./564") = 0 [pid 2562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2562] setpgid(0, 0) = 0 [pid 2562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2562] write(3, "1000", 4) = 4 [pid 2562] close(3) = 0 [pid 2562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2562] memfd_create("syzkaller", 0) = 3 [pid 2562] ftruncate(3, 2097152) = 0 [pid 2562] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2562] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2562] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2562] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2562] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2562] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2562] mkdir("./file0", 0777) = 0 [pid 2562] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2562] ioctl(4, LOOP_CLR_FD) = 0 [pid 2562] close(4) = 0 [pid 2562] close(3) = 0 [pid 2562] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2562] exit_group(0) = ? [pid 2562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2562, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./564", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./564/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./564/binderfs") = 0 umount2("./564/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./564/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./564/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./564/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./564") = 0 mkdir("./565", 0777) = 0 [ 73.147449][ T2562] EXT4-fs (loop0): re-mounted. Opts: (null) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2566 ./strace-static-x86_64: Process 2566 attached [pid 2566] chdir("./565") = 0 [pid 2566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2566] setpgid(0, 0) = 0 [pid 2566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2566] write(3, "1000", 4) = 4 [pid 2566] close(3) = 0 [pid 2566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2566] memfd_create("syzkaller", 0) = 3 [pid 2566] ftruncate(3, 2097152) = 0 [pid 2566] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2566] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2566] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2566] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2566] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2566] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2566] mkdir("./file0", 0777) = 0 [pid 2566] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2566] ioctl(4, LOOP_CLR_FD) = 0 [pid 2566] close(4) = 0 [pid 2566] close(3) = 0 [pid 2566] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2566] exit_group(0) = ? [pid 2566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2566, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./565", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./565/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./565/binderfs") = 0 umount2("./565/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./565/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./565/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./565/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./565") = 0 mkdir("./566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2570 ./strace-static-x86_64: Process 2570 attached [pid 2570] chdir("./566") = 0 [pid 2570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2570] setpgid(0, 0) = 0 [pid 2570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2570] write(3, "1000", 4) = 4 [pid 2570] close(3) = 0 [pid 2570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2570] memfd_create("syzkaller", 0) = 3 [pid 2570] ftruncate(3, 2097152) = 0 [pid 2570] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2570] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2570] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2570] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2570] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2570] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2570] mkdir("./file0", 0777) = 0 [pid 2570] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2570] ioctl(4, LOOP_CLR_FD) = 0 [pid 2570] close(4) = 0 [pid 2570] close(3) = 0 [ 73.225427][ T2566] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2570] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2570] exit_group(0) = ? [pid 2570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2570, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./566", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./566/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./566/binderfs") = 0 [ 73.279223][ T2570] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./566/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./566/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./566/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./566/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./566") = 0 mkdir("./567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2574 ./strace-static-x86_64: Process 2574 attached [pid 2574] chdir("./567") = 0 [pid 2574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2574] setpgid(0, 0) = 0 [pid 2574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2574] write(3, "1000", 4) = 4 [pid 2574] close(3) = 0 [pid 2574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2574] memfd_create("syzkaller", 0) = 3 [pid 2574] ftruncate(3, 2097152) = 0 [pid 2574] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2574] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2574] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2574] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2574] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2574] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2574] mkdir("./file0", 0777) = 0 [pid 2574] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2574] ioctl(4, LOOP_CLR_FD) = 0 [pid 2574] close(4) = 0 [pid 2574] close(3) = 0 [pid 2574] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2574] exit_group(0) = ? [pid 2574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2574, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./567", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./567/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./567/binderfs") = 0 [ 73.398781][ T2574] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./567/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./567/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./567/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./567/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./567") = 0 mkdir("./568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2578 ./strace-static-x86_64: Process 2578 attached [pid 2578] chdir("./568") = 0 [pid 2578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2578] setpgid(0, 0) = 0 [pid 2578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2578] write(3, "1000", 4) = 4 [pid 2578] close(3) = 0 [pid 2578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2578] memfd_create("syzkaller", 0) = 3 [pid 2578] ftruncate(3, 2097152) = 0 [pid 2578] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2578] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2578] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2578] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2578] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2578] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2578] mkdir("./file0", 0777) = 0 [pid 2578] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2578] ioctl(4, LOOP_CLR_FD) = 0 [pid 2578] close(4) = 0 [pid 2578] close(3) = 0 [pid 2578] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2578] exit_group(0) = ? [pid 2578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2578, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./568", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./568/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./568/binderfs") = 0 [ 73.547496][ T2578] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./568/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./568/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./568/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./568/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./568") = 0 mkdir("./569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2582 ./strace-static-x86_64: Process 2582 attached [pid 2582] chdir("./569") = 0 [pid 2582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2582] setpgid(0, 0) = 0 [pid 2582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2582] write(3, "1000", 4) = 4 [pid 2582] close(3) = 0 [pid 2582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2582] memfd_create("syzkaller", 0) = 3 [pid 2582] ftruncate(3, 2097152) = 0 [pid 2582] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2582] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2582] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2582] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2582] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2582] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2582] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2582] mkdir("./file0", 0777) = 0 [pid 2582] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2582] ioctl(4, LOOP_CLR_FD) = 0 [pid 2582] close(4) = 0 [pid 2582] close(3) = 0 [pid 2582] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2582] exit_group(0) = ? [pid 2582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2582, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./569", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./569/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./569/binderfs") = 0 umount2("./569/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./569/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./569/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./569/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./569") = 0 mkdir("./570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 73.680064][ T2582] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2586 attached , child_tidptr=0x5555564b55d0) = 2586 [pid 2586] chdir("./570") = 0 [pid 2586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2586] setpgid(0, 0) = 0 [pid 2586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2586] write(3, "1000", 4) = 4 [pid 2586] close(3) = 0 [pid 2586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2586] memfd_create("syzkaller", 0) = 3 [pid 2586] ftruncate(3, 2097152) = 0 [pid 2586] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2586] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2586] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2586] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2586] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2586] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2586] mkdir("./file0", 0777) = 0 [pid 2586] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2586] ioctl(4, LOOP_CLR_FD) = 0 [pid 2586] close(4) = 0 [pid 2586] close(3) = 0 [pid 2586] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2586] exit_group(0) = ? [pid 2586] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2586, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./570", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./570/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./570/binderfs") = 0 umount2("./570/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./570/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./570/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./570/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./570") = 0 mkdir("./571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2590 attached [pid 2590] chdir("./571") = 0 [pid 2590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2590] setpgid(0, 0) = 0 [pid 2590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2590] write(3, "1000", 4) = 4 [pid 2590] close(3) = 0 [pid 2590] symlink("/dev/binderfs", "./binderfs" [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2590 [pid 2590] <... symlink resumed>) = 0 [pid 2590] memfd_create("syzkaller", 0) = 3 [pid 2590] ftruncate(3, 2097152) = 0 [pid 2590] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2590] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2590] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2590] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2590] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2590] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2590] mkdir("./file0", 0777) = 0 [ 73.757584][ T2586] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2590] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2590] ioctl(4, LOOP_CLR_FD) = 0 [pid 2590] close(4) = 0 [pid 2590] close(3) = 0 [pid 2590] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2590] exit_group(0) = ? [pid 2590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2590, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./571", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./571/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./571/binderfs") = 0 umount2("./571/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./571/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./571/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./571/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 73.826989][ T2590] EXT4-fs (loop0): re-mounted. Opts: (null) rmdir("./571") = 0 mkdir("./572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2594 ./strace-static-x86_64: Process 2594 attached [pid 2594] chdir("./572") = 0 [pid 2594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2594] setpgid(0, 0) = 0 [pid 2594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2594] write(3, "1000", 4) = 4 [pid 2594] close(3) = 0 [pid 2594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2594] memfd_create("syzkaller", 0) = 3 [pid 2594] ftruncate(3, 2097152) = 0 [pid 2594] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2594] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2594] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2594] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2594] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2594] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2594] mkdir("./file0", 0777) = 0 [pid 2594] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2594] ioctl(4, LOOP_CLR_FD) = 0 [pid 2594] close(4) = 0 [pid 2594] close(3) = 0 [pid 2594] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2594] exit_group(0) = ? [pid 2594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2594, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./572", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./572/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./572/binderfs") = 0 [ 73.918152][ T2594] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./572/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./572/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./572/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./572/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./572") = 0 mkdir("./573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2598 ./strace-static-x86_64: Process 2598 attached [pid 2598] chdir("./573") = 0 [pid 2598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2598] setpgid(0, 0) = 0 [pid 2598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2598] write(3, "1000", 4) = 4 [pid 2598] close(3) = 0 [pid 2598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2598] memfd_create("syzkaller", 0) = 3 [pid 2598] ftruncate(3, 2097152) = 0 [pid 2598] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2598] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2598] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2598] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2598] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2598] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2598] mkdir("./file0", 0777) = 0 [pid 2598] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2598] ioctl(4, LOOP_CLR_FD) = 0 [pid 2598] close(4) = 0 [pid 2598] close(3) = 0 [pid 2598] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2598] exit_group(0) = ? [pid 2598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2598, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./573", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./573/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./573/binderfs") = 0 [ 74.042964][ T2598] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./573/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./573/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./573/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./573/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./573") = 0 mkdir("./574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2602 attached , child_tidptr=0x5555564b55d0) = 2602 [pid 2602] chdir("./574") = 0 [pid 2602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2602] setpgid(0, 0) = 0 [pid 2602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2602] write(3, "1000", 4) = 4 [pid 2602] close(3) = 0 [pid 2602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2602] memfd_create("syzkaller", 0) = 3 [pid 2602] ftruncate(3, 2097152) = 0 [pid 2602] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2602] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2602] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2602] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2602] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2602] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2602] mkdir("./file0", 0777) = 0 [pid 2602] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2602] ioctl(4, LOOP_CLR_FD) = 0 [pid 2602] close(4) = 0 [pid 2602] close(3) = 0 [pid 2602] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2602] exit_group(0) = ? [pid 2602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2602, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./574", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./574/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./574/binderfs") = 0 [ 74.135863][ T2602] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./574/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./574/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./574/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./574/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./574") = 0 mkdir("./575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2606 ./strace-static-x86_64: Process 2606 attached [pid 2606] chdir("./575") = 0 [pid 2606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2606] setpgid(0, 0) = 0 [pid 2606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2606] write(3, "1000", 4) = 4 [pid 2606] close(3) = 0 [pid 2606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2606] memfd_create("syzkaller", 0) = 3 [pid 2606] ftruncate(3, 2097152) = 0 [pid 2606] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2606] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2606] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2606] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2606] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2606] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2606] mkdir("./file0", 0777) = 0 [pid 2606] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2606] ioctl(4, LOOP_CLR_FD) = 0 [pid 2606] close(4) = 0 [pid 2606] close(3) = 0 [pid 2606] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2606] exit_group(0) = ? [pid 2606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2606, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./575", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./575/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./575/binderfs") = 0 umount2("./575/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./575/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./575/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./575/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./575") = 0 mkdir("./576", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2611 ./strace-static-x86_64: Process 2611 attached [pid 2611] chdir("./576") = 0 [pid 2611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2611] setpgid(0, 0) = 0 [pid 2611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2611] write(3, "1000", 4) = 4 [pid 2611] close(3) = 0 [pid 2611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2611] memfd_create("syzkaller", 0) = 3 [pid 2611] ftruncate(3, 2097152) = 0 [pid 2611] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2611] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [ 74.228860][ T2606] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2611] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2611] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2611] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2611] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2611] mkdir("./file0", 0777) = 0 [pid 2611] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2611] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2611] ioctl(4, LOOP_CLR_FD) = 0 [pid 2611] close(4) = 0 [pid 2611] close(3) = 0 [pid 2611] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2611] exit_group(0) = ? [pid 2611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2611, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./576", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./576/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./576/binderfs") = 0 umount2("./576/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./576/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./576/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./576/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./576") = 0 mkdir("./577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2615 ./strace-static-x86_64: Process 2615 attached [pid 2615] chdir("./577") = 0 [ 74.308933][ T2611] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2615] setpgid(0, 0) = 0 [pid 2615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2615] write(3, "1000", 4) = 4 [pid 2615] close(3) = 0 [pid 2615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2615] memfd_create("syzkaller", 0) = 3 [pid 2615] ftruncate(3, 2097152) = 0 [pid 2615] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2615] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2615] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2615] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2615] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2615] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2615] mkdir("./file0", 0777) = 0 [pid 2615] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2615] ioctl(4, LOOP_CLR_FD) = 0 [pid 2615] close(4) = 0 [pid 2615] close(3) = 0 [pid 2615] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2615] exit_group(0) = ? [pid 2615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2615, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./577", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./577/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./577/binderfs") = 0 umount2("./577/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./577/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./577/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./577/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./577") = 0 mkdir("./578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2619 ./strace-static-x86_64: Process 2619 attached [pid 2619] chdir("./578") = 0 [pid 2619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2619] setpgid(0, 0) = 0 [pid 2619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2619] write(3, "1000", 4) = 4 [pid 2619] close(3) = 0 [pid 2619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2619] memfd_create("syzkaller", 0) = 3 [pid 2619] ftruncate(3, 2097152) = 0 [pid 2619] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2619] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2619] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2619] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2619] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2619] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2619] mkdir("./file0", 0777) = 0 [ 74.389379][ T2615] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2619] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2619] ioctl(4, LOOP_CLR_FD) = 0 [pid 2619] close(4) = 0 [pid 2619] close(3) = 0 [pid 2619] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2619] exit_group(0) = ? [pid 2619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2619, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./578", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./578/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./578/binderfs") = 0 [ 74.457036][ T2619] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./578/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./578/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./578/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./578/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./578") = 0 mkdir("./579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2623 ./strace-static-x86_64: Process 2623 attached [pid 2623] chdir("./579") = 0 [pid 2623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2623] setpgid(0, 0) = 0 [pid 2623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2623] write(3, "1000", 4) = 4 [pid 2623] close(3) = 0 [pid 2623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2623] memfd_create("syzkaller", 0) = 3 [pid 2623] ftruncate(3, 2097152) = 0 [pid 2623] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2623] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2623] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2623] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2623] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2623] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2623] mkdir("./file0", 0777) = 0 [pid 2623] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2623] ioctl(4, LOOP_CLR_FD) = 0 [pid 2623] close(4) = 0 [pid 2623] close(3) = 0 [pid 2623] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2623] exit_group(0) = ? [pid 2623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2623, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./579", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./579/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./579/binderfs") = 0 umount2("./579/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./579/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./579/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./579/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./579") = 0 mkdir("./580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2627 ./strace-static-x86_64: Process 2627 attached [pid 2627] chdir("./580") = 0 [pid 2627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2627] setpgid(0, 0) = 0 [pid 2627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2627] write(3, "1000", 4) = 4 [pid 2627] close(3) = 0 [pid 2627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2627] memfd_create("syzkaller", 0) = 3 [pid 2627] ftruncate(3, 2097152) = 0 [pid 2627] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2627] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2627] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2627] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2627] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2627] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2627] mkdir("./file0", 0777) = 0 [ 74.548729][ T2623] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2627] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2627] ioctl(4, LOOP_CLR_FD) = 0 [pid 2627] close(4) = 0 [pid 2627] close(3) = 0 [pid 2627] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2627] exit_group(0) = ? [pid 2627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2627, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./580", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./580/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./580/binderfs") = 0 umount2("./580/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./580/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./580/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./580/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./580") = 0 mkdir("./581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2631 ./strace-static-x86_64: Process 2631 attached [pid 2631] chdir("./581") = 0 [pid 2631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2631] setpgid(0, 0) = 0 [pid 2631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2631] write(3, "1000", 4) = 4 [pid 2631] close(3) = 0 [pid 2631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2631] memfd_create("syzkaller", 0) = 3 [pid 2631] ftruncate(3, 2097152) = 0 [pid 2631] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2631] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2631] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2631] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2631] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2631] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2631] mkdir("./file0", 0777) = 0 [ 74.617920][ T2627] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2631] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2631] ioctl(4, LOOP_CLR_FD) = 0 [pid 2631] close(4) = 0 [pid 2631] close(3) = 0 [pid 2631] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2631] exit_group(0) = ? [pid 2631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2631, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./581", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./581/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./581/binderfs") = 0 umount2("./581/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./581/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./581/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./581/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./581") = 0 mkdir("./582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2635 ./strace-static-x86_64: Process 2635 attached [pid 2635] chdir("./582") = 0 [pid 2635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2635] setpgid(0, 0) = 0 [pid 2635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2635] write(3, "1000", 4) = 4 [pid 2635] close(3) = 0 [pid 2635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2635] memfd_create("syzkaller", 0) = 3 [pid 2635] ftruncate(3, 2097152) = 0 [pid 2635] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2635] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2635] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2635] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2635] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2635] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2635] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2635] ioctl(4, LOOP_CLR_FD) = 0 [pid 2635] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2635] close(4) = 0 [pid 2635] close(3) = 0 [pid 2635] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = -1 ENOENT (No such file or directory) [pid 2635] exit_group(0) = ? [pid 2635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2635, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./582", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 3 entries */, 32768) = 80 umount2("./582/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./582/binderfs") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./582") = 0 mkdir("./583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2636 attached , child_tidptr=0x5555564b55d0) = 2636 [pid 2636] chdir("./583") = 0 [pid 2636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2636] setpgid(0, 0) = 0 [pid 2636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2636] write(3, "1000", 4) = 4 [pid 2636] close(3) = 0 [pid 2636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2636] memfd_create("syzkaller", 0) = 3 [pid 2636] ftruncate(3, 2097152) = 0 [pid 2636] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2636] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2636] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2636] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2636] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2636] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2636] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2636] ioctl(4, LOOP_CLR_FD) = 0 [pid 2636] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 2636] close(4) = 0 [pid 2636] close(3) = 0 [pid 2636] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = -1 ENOENT (No such file or directory) [pid 2636] exit_group(0) = ? [pid 2636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2636, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./583", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 3 entries */, 32768) = 80 umount2("./583/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./583/binderfs") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./583") = 0 mkdir("./584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2637 ./strace-static-x86_64: Process 2637 attached [pid 2637] chdir("./584") = 0 [pid 2637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2637] setpgid(0, 0) = 0 [pid 2637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2637] write(3, "1000", 4) = 4 [pid 2637] close(3) = 0 [pid 2637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2637] memfd_create("syzkaller", 0) = 3 [pid 2637] ftruncate(3, 2097152) = 0 [pid 2637] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2637] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2637] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2637] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2637] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2637] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 74.685302][ T2631] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2637] mkdir("./file0", 0777) = 0 [pid 2637] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2637] ioctl(4, LOOP_CLR_FD) = 0 [pid 2637] close(4) = 0 [pid 2637] close(3) = 0 [pid 2637] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2637] exit_group(0) = ? [pid 2637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2637, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./584", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./584/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./584/binderfs") = 0 [ 74.758621][ T2637] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./584/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./584/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./584/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./584/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./584") = 0 mkdir("./585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2641 attached , child_tidptr=0x5555564b55d0) = 2641 [pid 2641] chdir("./585") = 0 [pid 2641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2641] setpgid(0, 0) = 0 [pid 2641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2641] write(3, "1000", 4) = 4 [pid 2641] close(3) = 0 [pid 2641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2641] memfd_create("syzkaller", 0) = 3 [pid 2641] ftruncate(3, 2097152) = 0 [pid 2641] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2641] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2641] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2641] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2641] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2641] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2641] mkdir("./file0", 0777) = 0 [pid 2641] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2641] ioctl(4, LOOP_CLR_FD) = 0 [pid 2641] close(4) = 0 [pid 2641] close(3) = 0 [pid 2641] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2641] exit_group(0) = ? [pid 2641] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2641, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./585", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./585/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./585/binderfs") = 0 umount2("./585/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./585/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./585/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./585/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./585") = 0 mkdir("./586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 74.878707][ T2641] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2645 ./strace-static-x86_64: Process 2645 attached [pid 2645] chdir("./586") = 0 [pid 2645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2645] setpgid(0, 0) = 0 [pid 2645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2645] write(3, "1000", 4) = 4 [pid 2645] close(3) = 0 [pid 2645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2645] memfd_create("syzkaller", 0) = 3 [pid 2645] ftruncate(3, 2097152) = 0 [pid 2645] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2645] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2645] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2645] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2645] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2645] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2645] mkdir("./file0", 0777) = 0 [pid 2645] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2645] ioctl(4, LOOP_CLR_FD) = 0 [pid 2645] close(4) = 0 [pid 2645] close(3) = 0 [pid 2645] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2645] exit_group(0) = ? [pid 2645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2645, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./586", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./586/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./586/binderfs") = 0 [ 74.967361][ T2645] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./586/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./586/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./586/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./586/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./586") = 0 mkdir("./587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2649 ./strace-static-x86_64: Process 2649 attached [pid 2649] chdir("./587") = 0 [pid 2649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2649] setpgid(0, 0) = 0 [pid 2649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2649] write(3, "1000", 4) = 4 [pid 2649] close(3) = 0 [pid 2649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2649] memfd_create("syzkaller", 0) = 3 [pid 2649] ftruncate(3, 2097152) = 0 [pid 2649] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2649] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2649] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2649] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2649] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2649] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2649] mkdir("./file0", 0777) = 0 [pid 2649] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2649] ioctl(4, LOOP_CLR_FD) = 0 [pid 2649] close(4) = 0 [pid 2649] close(3) = 0 [pid 2649] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2649] exit_group(0) = ? [pid 2649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2649, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./587", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./587/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./587/binderfs") = 0 umount2("./587/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./587/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./587/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./587/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./587") = 0 mkdir("./588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2653 ./strace-static-x86_64: Process 2653 attached [pid 2653] chdir("./588") = 0 [pid 2653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2653] setpgid(0, 0) = 0 [pid 2653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2653] write(3, "1000", 4) = 4 [pid 2653] close(3) = 0 [pid 2653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2653] memfd_create("syzkaller", 0) = 3 [pid 2653] ftruncate(3, 2097152) = 0 [pid 2653] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2653] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2653] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2653] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2653] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2653] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2653] mkdir("./file0", 0777) = 0 [ 75.066192][ T2649] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2653] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2653] ioctl(4, LOOP_CLR_FD) = 0 [pid 2653] close(4) = 0 [pid 2653] close(3) = 0 [pid 2653] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2653] exit_group(0) = ? [pid 2653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2653, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./588", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./588/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./588/binderfs") = 0 [ 75.142983][ T2653] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./588/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./588/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./588/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./588/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./588") = 0 mkdir("./589", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2657 ./strace-static-x86_64: Process 2657 attached [pid 2657] chdir("./589") = 0 [pid 2657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2657] setpgid(0, 0) = 0 [pid 2657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2657] write(3, "1000", 4) = 4 [pid 2657] close(3) = 0 [pid 2657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2657] memfd_create("syzkaller", 0) = 3 [pid 2657] ftruncate(3, 2097152) = 0 [pid 2657] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2657] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2657] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2657] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2657] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2657] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2657] mkdir("./file0", 0777) = 0 [pid 2657] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2657] ioctl(4, LOOP_CLR_FD) = 0 [pid 2657] close(4) = 0 [pid 2657] close(3) = 0 [pid 2657] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2657] exit_group(0) = ? [pid 2657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2657, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./589", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./589/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./589/binderfs") = 0 umount2("./589/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./589/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./589/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./589/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./589") = 0 mkdir("./590", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 75.266823][ T2657] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2661 ./strace-static-x86_64: Process 2661 attached [pid 2661] chdir("./590") = 0 [pid 2661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2661] setpgid(0, 0) = 0 [pid 2661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2661] write(3, "1000", 4) = 4 [pid 2661] close(3) = 0 [pid 2661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2661] memfd_create("syzkaller", 0) = 3 [pid 2661] ftruncate(3, 2097152) = 0 [pid 2661] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2661] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2661] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2661] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2661] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2661] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2661] mkdir("./file0", 0777) = 0 [pid 2661] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2661] ioctl(4, LOOP_CLR_FD) = 0 [pid 2661] close(4) = 0 [pid 2661] close(3) = 0 [pid 2661] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2661] exit_group(0) = ? [pid 2661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2661, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./590", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./590/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./590/binderfs") = 0 umount2("./590/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./590/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./590/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./590/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./590") = 0 [ 75.347432][ T2661] EXT4-fs (loop0): re-mounted. Opts: (null) mkdir("./591", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2665 ./strace-static-x86_64: Process 2665 attached [pid 2665] chdir("./591") = 0 [pid 2665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2665] setpgid(0, 0) = 0 [pid 2665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2665] write(3, "1000", 4) = 4 [pid 2665] close(3) = 0 [pid 2665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2665] memfd_create("syzkaller", 0) = 3 [pid 2665] ftruncate(3, 2097152) = 0 [pid 2665] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2665] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2665] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2665] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2665] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2665] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2665] mkdir("./file0", 0777) = 0 [pid 2665] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2665] ioctl(4, LOOP_CLR_FD) = 0 [pid 2665] close(4) = 0 [pid 2665] close(3) = 0 [pid 2665] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2665] exit_group(0) = ? [pid 2665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2665, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./591", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./591/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./591/binderfs") = 0 umount2("./591/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./591/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./591/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./591/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./591") = 0 mkdir("./592", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2669 ./strace-static-x86_64: Process 2669 attached [pid 2669] chdir("./592") = 0 [pid 2669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2669] setpgid(0, 0) = 0 [pid 2669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2669] write(3, "1000", 4) = 4 [pid 2669] close(3) = 0 [pid 2669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2669] memfd_create("syzkaller", 0) = 3 [pid 2669] ftruncate(3, 2097152) = 0 [pid 2669] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2669] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2669] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2669] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2669] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2669] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2669] mkdir("./file0", 0777) = 0 [ 75.427544][ T2665] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2669] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2669] ioctl(4, LOOP_CLR_FD) = 0 [pid 2669] close(4) = 0 [pid 2669] close(3) = 0 [pid 2669] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2669] exit_group(0) = ? [pid 2669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2669, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./592", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./592/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./592/binderfs") = 0 umount2("./592/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./592/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./592/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./592/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./592") = 0 mkdir("./593", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2673 ./strace-static-x86_64: Process 2673 attached [pid 2673] chdir("./593") = 0 [pid 2673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2673] setpgid(0, 0) = 0 [pid 2673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2673] write(3, "1000", 4) = 4 [pid 2673] close(3) = 0 [pid 2673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2673] memfd_create("syzkaller", 0) = 3 [pid 2673] ftruncate(3, 2097152) = 0 [pid 2673] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2673] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2673] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2673] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2673] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2673] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2673] mkdir("./file0", 0777) = 0 [pid 2673] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2673] ioctl(4, LOOP_CLR_FD) = 0 [pid 2673] close(4) = 0 [pid 2673] close(3) = 0 [ 75.497989][ T2669] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2673] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2673] exit_group(0) = ? [pid 2673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2673, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./593", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./593/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./593/binderfs") = 0 umount2("./593/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./593/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./593/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./593/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./593") = 0 mkdir("./594", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2677 attached , child_tidptr=0x5555564b55d0) = 2677 [pid 2677] chdir("./594") = 0 [pid 2677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2677] setpgid(0, 0) = 0 [pid 2677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2677] write(3, "1000", 4) = 4 [pid 2677] close(3) = 0 [pid 2677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2677] memfd_create("syzkaller", 0) = 3 [pid 2677] ftruncate(3, 2097152) = 0 [pid 2677] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2677] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2677] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2677] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2677] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2677] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2677] mkdir("./file0", 0777) = 0 [ 75.559322][ T2673] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2677] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2677] ioctl(4, LOOP_CLR_FD) = 0 [pid 2677] close(4) = 0 [pid 2677] close(3) = 0 [pid 2677] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2677] exit_group(0) = ? [pid 2677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2677, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./594", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./594/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./594/binderfs") = 0 umount2("./594/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./594/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./594/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./594/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./594") = 0 mkdir("./595", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2681 ./strace-static-x86_64: Process 2681 attached [pid 2681] chdir("./595") = 0 [pid 2681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2681] setpgid(0, 0) = 0 [pid 2681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2681] write(3, "1000", 4) = 4 [pid 2681] close(3) = 0 [pid 2681] symlink("/dev/binderfs", "./binderfs") = 0 [ 75.628718][ T2677] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2681] memfd_create("syzkaller", 0) = 3 [pid 2681] ftruncate(3, 2097152) = 0 [pid 2681] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2681] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2681] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2681] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2681] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2681] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2681] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2681] mkdir("./file0", 0777) = 0 [pid 2681] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2681] ioctl(4, LOOP_CLR_FD) = 0 [pid 2681] close(4) = 0 [pid 2681] close(3) = 0 [pid 2681] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2681] exit_group(0) = ? [pid 2681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2681, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./595", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./595/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./595/binderfs") = 0 umount2("./595/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./595/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./595/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./595/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./595") = 0 mkdir("./596", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2685 ./strace-static-x86_64: Process 2685 attached [pid 2685] chdir("./596") = 0 [ 75.709633][ T2681] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2685] setpgid(0, 0) = 0 [pid 2685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2685] write(3, "1000", 4) = 4 [pid 2685] close(3) = 0 [pid 2685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2685] memfd_create("syzkaller", 0) = 3 [pid 2685] ftruncate(3, 2097152) = 0 [pid 2685] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2685] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2685] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2685] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2685] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2685] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2685] mkdir("./file0", 0777) = 0 [pid 2685] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2685] ioctl(4, LOOP_CLR_FD) = 0 [pid 2685] close(4) = 0 [pid 2685] close(3) = 0 [pid 2685] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2685] exit_group(0) = ? [pid 2685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2685, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./596", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./596/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./596/binderfs") = 0 umount2("./596/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./596/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./596/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./596/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./596") = 0 mkdir("./597", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2689 ./strace-static-x86_64: Process 2689 attached [pid 2689] chdir("./597") = 0 [pid 2689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2689] setpgid(0, 0) = 0 [pid 2689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2689] write(3, "1000", 4) = 4 [pid 2689] close(3) = 0 [pid 2689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2689] memfd_create("syzkaller", 0) = 3 [pid 2689] ftruncate(3, 2097152) = 0 [pid 2689] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2689] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2689] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2689] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2689] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2689] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2689] ioctl(4, LOOP_SET_FD, 3) = 0 [ 75.788448][ T2685] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2689] mkdir("./file0", 0777) = 0 [pid 2689] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2689] ioctl(4, LOOP_CLR_FD) = 0 [pid 2689] close(4) = 0 [pid 2689] close(3) = 0 [pid 2689] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2689] exit_group(0) = ? [pid 2689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2689, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./597", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./597/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./597/binderfs") = 0 [ 75.859859][ T2689] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./597/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./597/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./597/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./597/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./597") = 0 mkdir("./598", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2693 ./strace-static-x86_64: Process 2693 attached [pid 2693] chdir("./598") = 0 [pid 2693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2693] setpgid(0, 0) = 0 [pid 2693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2693] write(3, "1000", 4) = 4 [pid 2693] close(3) = 0 [pid 2693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2693] memfd_create("syzkaller", 0) = 3 [pid 2693] ftruncate(3, 2097152) = 0 [pid 2693] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2693] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2693] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2693] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2693] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2693] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2693] mkdir("./file0", 0777) = 0 [pid 2693] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2693] ioctl(4, LOOP_CLR_FD) = 0 [pid 2693] close(4) = 0 [pid 2693] close(3) = 0 [pid 2693] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2693] exit_group(0) = ? [pid 2693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2693, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./598", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./598/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./598/binderfs") = 0 [ 75.956992][ T2693] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./598/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./598/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./598/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./598/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./598") = 0 mkdir("./599", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2697 ./strace-static-x86_64: Process 2697 attached [pid 2697] chdir("./599") = 0 [pid 2697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2697] setpgid(0, 0) = 0 [pid 2697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2697] write(3, "1000", 4) = 4 [pid 2697] close(3) = 0 [pid 2697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2697] memfd_create("syzkaller", 0) = 3 [pid 2697] ftruncate(3, 2097152) = 0 [pid 2697] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2697] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2697] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2697] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2697] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2697] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2697] mkdir("./file0", 0777) = 0 [pid 2697] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2697] ioctl(4, LOOP_CLR_FD) = 0 [pid 2697] close(4) = 0 [pid 2697] close(3) = 0 [pid 2697] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2697] exit_group(0) = ? [pid 2697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2697, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./599", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./599/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./599/binderfs") = 0 umount2("./599/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./599/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./599/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./599/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./599/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./599") = 0 mkdir("./600", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2701 attached , child_tidptr=0x5555564b55d0) = 2701 [pid 2701] chdir("./600") = 0 [pid 2701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2701] setpgid(0, 0) = 0 [pid 2701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2701] write(3, "1000", 4) = 4 [pid 2701] close(3) = 0 [pid 2701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2701] memfd_create("syzkaller", 0) = 3 [pid 2701] ftruncate(3, 2097152) = 0 [pid 2701] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2701] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2701] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2701] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2701] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2701] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2701] mkdir("./file0", 0777) = 0 [ 76.066835][ T2697] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2701] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2701] ioctl(4, LOOP_CLR_FD) = 0 [pid 2701] close(4) = 0 [pid 2701] close(3) = 0 [pid 2701] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2701] exit_group(0) = ? [pid 2701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2701, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./600", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./600/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./600/binderfs") = 0 umount2("./600/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./600/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./600/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./600/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./600") = 0 mkdir("./601", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2705 ./strace-static-x86_64: Process 2705 attached [pid 2705] chdir("./601") = 0 [pid 2705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2705] setpgid(0, 0) = 0 [ 76.137324][ T2701] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2705] write(3, "1000", 4) = 4 [pid 2705] close(3) = 0 [pid 2705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2705] memfd_create("syzkaller", 0) = 3 [pid 2705] ftruncate(3, 2097152) = 0 [pid 2705] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2705] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2705] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2705] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2705] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2705] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2705] mkdir("./file0", 0777) = 0 [pid 2705] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2705] ioctl(4, LOOP_CLR_FD) = 0 [pid 2705] close(4) = 0 [pid 2705] close(3) = 0 [pid 2705] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2705] exit_group(0) = ? [pid 2705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2705, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./601", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./601/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./601/binderfs") = 0 umount2("./601/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./601/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./601/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./601/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./601") = 0 mkdir("./602", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2709 attached , child_tidptr=0x5555564b55d0) = 2709 [pid 2709] chdir("./602") = 0 [pid 2709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2709] setpgid(0, 0) = 0 [pid 2709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2709] write(3, "1000", 4) = 4 [pid 2709] close(3) = 0 [pid 2709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2709] memfd_create("syzkaller", 0) = 3 [pid 2709] ftruncate(3, 2097152) = 0 [pid 2709] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2709] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2709] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2709] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2709] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2709] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2709] mkdir("./file0", 0777) = 0 [ 76.226527][ T2705] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2709] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2709] ioctl(4, LOOP_CLR_FD) = 0 [pid 2709] close(4) = 0 [pid 2709] close(3) = 0 [pid 2709] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2709] exit_group(0) = ? [pid 2709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2709, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./602", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./602/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./602/binderfs") = 0 [ 76.297737][ T2709] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./602/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./602/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./602/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./602/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./602") = 0 mkdir("./603", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2713 ./strace-static-x86_64: Process 2713 attached [pid 2713] chdir("./603") = 0 [pid 2713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2713] setpgid(0, 0) = 0 [pid 2713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2713] write(3, "1000", 4) = 4 [pid 2713] close(3) = 0 [pid 2713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2713] memfd_create("syzkaller", 0) = 3 [pid 2713] ftruncate(3, 2097152) = 0 [pid 2713] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2713] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2713] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2713] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2713] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2713] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2713] mkdir("./file0", 0777) = 0 [pid 2713] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2713] ioctl(4, LOOP_CLR_FD) = 0 [pid 2713] close(4) = 0 [pid 2713] close(3) = 0 [pid 2713] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2713] exit_group(0) = ? [pid 2713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2713, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./603", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./603/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./603/binderfs") = 0 umount2("./603/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./603/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./603/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./603/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./603") = 0 mkdir("./604", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 76.386692][ T2713] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2717 ./strace-static-x86_64: Process 2717 attached [pid 2717] chdir("./604") = 0 [pid 2717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2717] setpgid(0, 0) = 0 [pid 2717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2717] write(3, "1000", 4) = 4 [pid 2717] close(3) = 0 [pid 2717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2717] memfd_create("syzkaller", 0) = 3 [pid 2717] ftruncate(3, 2097152) = 0 [pid 2717] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2717] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2717] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2717] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2717] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2717] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2717] mkdir("./file0", 0777) = 0 [pid 2717] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2717] ioctl(4, LOOP_CLR_FD) = 0 [pid 2717] close(4) = 0 [pid 2717] close(3) = 0 [pid 2717] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2717] exit_group(0) = ? [pid 2717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2717, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./604", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./604/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./604/binderfs") = 0 umount2("./604/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./604/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./604/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./604/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./604") = 0 mkdir("./605", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2721 ./strace-static-x86_64: Process 2721 attached [pid 2721] chdir("./605") = 0 [pid 2721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2721] setpgid(0, 0) = 0 [pid 2721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2721] write(3, "1000", 4) = 4 [pid 2721] close(3) = 0 [pid 2721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2721] memfd_create("syzkaller", 0) = 3 [pid 2721] ftruncate(3, 2097152) = 0 [pid 2721] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2721] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2721] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2721] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2721] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2721] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2721] mkdir("./file0", 0777) = 0 [ 76.477614][ T2717] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2721] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2721] ioctl(4, LOOP_CLR_FD) = 0 [pid 2721] close(4) = 0 [pid 2721] close(3) = 0 [pid 2721] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2721] exit_group(0) = ? [pid 2721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2721, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./605", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./605/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./605/binderfs") = 0 umount2("./605/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./605/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./605/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./605/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./605") = 0 mkdir("./606", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2725 ./strace-static-x86_64: Process 2725 attached [pid 2725] chdir("./606") = 0 [pid 2725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2725] setpgid(0, 0) = 0 [pid 2725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2725] write(3, "1000", 4) = 4 [pid 2725] close(3) = 0 [ 76.548203][ T2721] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2725] memfd_create("syzkaller", 0) = 3 [pid 2725] ftruncate(3, 2097152) = 0 [pid 2725] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2725] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2725] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2725] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2725] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2725] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2725] mkdir("./file0", 0777) = 0 [pid 2725] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2725] ioctl(4, LOOP_CLR_FD) = 0 [pid 2725] close(4) = 0 [pid 2725] close(3) = 0 [pid 2725] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2725] exit_group(0) = ? [pid 2725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2725, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./606", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./606/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./606/binderfs") = 0 umount2("./606/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./606/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./606/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./606/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./606") = 0 mkdir("./607", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 76.626445][ T2725] EXT4-fs (loop0): re-mounted. Opts: (null) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2729 attached , child_tidptr=0x5555564b55d0) = 2729 [pid 2729] chdir("./607") = 0 [pid 2729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2729] setpgid(0, 0) = 0 [pid 2729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2729] write(3, "1000", 4) = 4 [pid 2729] close(3) = 0 [pid 2729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2729] memfd_create("syzkaller", 0) = 3 [pid 2729] ftruncate(3, 2097152) = 0 [pid 2729] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2729] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2729] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2729] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2729] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2729] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2729] mkdir("./file0", 0777) = 0 [pid 2729] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2729] ioctl(4, LOOP_CLR_FD) = 0 [pid 2729] close(4) = 0 [pid 2729] close(3) = 0 [pid 2729] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2729] exit_group(0) = ? [pid 2729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2729, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./607", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./607/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./607/binderfs") = 0 umount2("./607/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./607/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./607/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./607/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./607") = 0 mkdir("./608", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2733 attached [pid 2733] chdir("./608" [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2733 [pid 2733] <... chdir resumed>) = 0 [pid 2733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2733] setpgid(0, 0) = 0 [pid 2733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2733] write(3, "1000", 4) = 4 [pid 2733] close(3) = 0 [pid 2733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2733] memfd_create("syzkaller", 0) = 3 [pid 2733] ftruncate(3, 2097152) = 0 [pid 2733] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2733] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2733] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2733] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2733] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2733] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2733] mkdir("./file0", 0777) = 0 [pid 2733] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2733] ioctl(4, LOOP_CLR_FD) = 0 [pid 2733] close(4) = 0 [ 76.707266][ T2729] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2733] close(3) = 0 [pid 2733] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2733] exit_group(0) = ? [pid 2733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2733, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./608", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./608/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./608/binderfs") = 0 [ 76.768965][ T2733] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./608/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./608/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./608/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./608/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./608") = 0 mkdir("./609", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2737 ./strace-static-x86_64: Process 2737 attached [pid 2737] chdir("./609") = 0 [pid 2737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2737] setpgid(0, 0) = 0 [pid 2737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2737] write(3, "1000", 4) = 4 [pid 2737] close(3) = 0 [pid 2737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2737] memfd_create("syzkaller", 0) = 3 [pid 2737] ftruncate(3, 2097152) = 0 [pid 2737] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2737] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2737] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2737] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2737] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2737] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2737] mkdir("./file0", 0777) = 0 [pid 2737] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2737] ioctl(4, LOOP_CLR_FD) = 0 [pid 2737] close(4) = 0 [pid 2737] close(3) = 0 [pid 2737] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2737] exit_group(0) = ? [pid 2737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2737, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./609", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./609/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./609/binderfs") = 0 [ 76.916103][ T2737] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./609/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./609/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./609/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./609/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./609") = 0 mkdir("./610", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2741 ./strace-static-x86_64: Process 2741 attached [pid 2741] chdir("./610") = 0 [pid 2741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2741] setpgid(0, 0) = 0 [pid 2741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2741] write(3, "1000", 4) = 4 [pid 2741] close(3) = 0 [pid 2741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2741] memfd_create("syzkaller", 0) = 3 [pid 2741] ftruncate(3, 2097152) = 0 [pid 2741] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2741] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2741] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2741] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2741] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2741] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2741] mkdir("./file0", 0777) = 0 [pid 2741] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2741] ioctl(4, LOOP_CLR_FD) = 0 [pid 2741] close(4) = 0 [pid 2741] close(3) = 0 [pid 2741] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2741] exit_group(0) = ? [pid 2741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2741, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./610", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./610/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./610/binderfs") = 0 umount2("./610/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./610/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./610/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./610/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./610/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./610") = 0 mkdir("./611", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 77.029555][ T2741] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2745 ./strace-static-x86_64: Process 2745 attached [pid 2745] chdir("./611") = 0 [pid 2745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2745] setpgid(0, 0) = 0 [pid 2745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2745] write(3, "1000", 4) = 4 [pid 2745] close(3) = 0 [pid 2745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2745] memfd_create("syzkaller", 0) = 3 [pid 2745] ftruncate(3, 2097152) = 0 [pid 2745] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2745] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2745] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2745] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2745] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2745] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2745] mkdir("./file0", 0777) = 0 [pid 2745] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2745] ioctl(4, LOOP_CLR_FD) = 0 [pid 2745] close(4) = 0 [pid 2745] close(3) = 0 [pid 2745] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2745] exit_group(0) = ? [pid 2745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2745, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./611", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./611/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./611/binderfs") = 0 umount2("./611/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./611/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./611/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./611/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./611") = 0 mkdir("./612", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2749 ./strace-static-x86_64: Process 2749 attached [pid 2749] chdir("./612") = 0 [ 77.107517][ T2745] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2749] setpgid(0, 0) = 0 [pid 2749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2749] write(3, "1000", 4) = 4 [pid 2749] close(3) = 0 [pid 2749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2749] memfd_create("syzkaller", 0) = 3 [pid 2749] ftruncate(3, 2097152) = 0 [pid 2749] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2749] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2749] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2749] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2749] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2749] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2749] mkdir("./file0", 0777) = 0 [pid 2749] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2749] ioctl(4, LOOP_CLR_FD) = 0 [pid 2749] close(4) = 0 [pid 2749] close(3) = 0 [pid 2749] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2749] exit_group(0) = ? [pid 2749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2749, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./612", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./612/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./612/binderfs") = 0 umount2("./612/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./612/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./612/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./612/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 77.206313][ T2749] EXT4-fs (loop0): re-mounted. Opts: (null) rmdir("./612") = 0 mkdir("./613", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2753 ./strace-static-x86_64: Process 2753 attached [pid 2753] chdir("./613") = 0 [pid 2753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2753] setpgid(0, 0) = 0 [pid 2753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2753] write(3, "1000", 4) = 4 [pid 2753] close(3) = 0 [pid 2753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2753] memfd_create("syzkaller", 0) = 3 [pid 2753] ftruncate(3, 2097152) = 0 [pid 2753] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2753] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2753] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2753] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2753] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2753] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2753] mkdir("./file0", 0777) = 0 [pid 2753] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2753] ioctl(4, LOOP_CLR_FD) = 0 [pid 2753] close(4) = 0 [pid 2753] close(3) = 0 [pid 2753] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2753] exit_group(0) = ? [pid 2753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2753, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./613", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./613/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./613/binderfs") = 0 [ 77.288068][ T2753] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./613/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./613/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./613/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./613/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./613") = 0 mkdir("./614", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2757 ./strace-static-x86_64: Process 2757 attached [pid 2757] chdir("./614") = 0 [pid 2757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2757] setpgid(0, 0) = 0 [pid 2757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2757] write(3, "1000", 4) = 4 [pid 2757] close(3) = 0 [pid 2757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2757] memfd_create("syzkaller", 0) = 3 [pid 2757] ftruncate(3, 2097152) = 0 [pid 2757] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2757] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2757] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2757] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2757] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2757] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2757] mkdir("./file0", 0777) = 0 [pid 2757] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2757] ioctl(4, LOOP_CLR_FD) = 0 [pid 2757] close(4) = 0 [pid 2757] close(3) = 0 [pid 2757] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2757] exit_group(0) = ? [pid 2757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2757, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./614", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./614/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./614/binderfs") = 0 umount2("./614/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./614/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./614/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./614/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./614") = 0 mkdir("./615", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2761 ./strace-static-x86_64: Process 2761 attached [pid 2761] chdir("./615") = 0 [pid 2761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2761] setpgid(0, 0) = 0 [pid 2761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2761] write(3, "1000", 4) = 4 [pid 2761] close(3) = 0 [pid 2761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2761] memfd_create("syzkaller", 0) = 3 [pid 2761] ftruncate(3, 2097152) = 0 [pid 2761] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2761] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2761] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2761] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2761] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2761] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2761] mkdir("./file0", 0777) = 0 [ 77.388559][ T2757] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2761] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2761] ioctl(4, LOOP_CLR_FD) = 0 [pid 2761] close(4) = 0 [pid 2761] close(3) = 0 [pid 2761] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2761] exit_group(0) = ? [pid 2761] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2761, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./615", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./615/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./615/binderfs") = 0 [ 77.458628][ T2761] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./615/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./615/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./615/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./615/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./615") = 0 mkdir("./616", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2765 ./strace-static-x86_64: Process 2765 attached [pid 2765] chdir("./616") = 0 [pid 2765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2765] setpgid(0, 0) = 0 [pid 2765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2765] write(3, "1000", 4) = 4 [pid 2765] close(3) = 0 [pid 2765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2765] memfd_create("syzkaller", 0) = 3 [pid 2765] ftruncate(3, 2097152) = 0 [pid 2765] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2765] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2765] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2765] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2765] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2765] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2765] mkdir("./file0", 0777) = 0 [pid 2765] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2765] ioctl(4, LOOP_CLR_FD) = 0 [pid 2765] close(4) = 0 [pid 2765] close(3) = 0 [pid 2765] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2765] exit_group(0) = ? [pid 2765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2765, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./616", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./616/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./616/binderfs") = 0 [ 77.556158][ T2765] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./616/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./616/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./616/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./616/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./616") = 0 mkdir("./617", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2769 attached , child_tidptr=0x5555564b55d0) = 2769 [pid 2769] chdir("./617") = 0 [pid 2769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2769] setpgid(0, 0) = 0 [pid 2769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2769] write(3, "1000", 4) = 4 [pid 2769] close(3) = 0 [pid 2769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2769] memfd_create("syzkaller", 0) = 3 [pid 2769] ftruncate(3, 2097152) = 0 [pid 2769] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2769] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2769] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2769] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2769] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2769] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2769] mkdir("./file0", 0777) = 0 [pid 2769] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2769] ioctl(4, LOOP_CLR_FD) = 0 [pid 2769] close(4) = 0 [pid 2769] close(3) = 0 [pid 2769] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2769] exit_group(0) = ? [pid 2769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2769, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./617", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./617/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./617/binderfs") = 0 umount2("./617/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./617/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./617/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./617/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./617") = 0 mkdir("./618", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2773 ./strace-static-x86_64: Process 2773 attached [pid 2773] chdir("./618") = 0 [pid 2773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2773] setpgid(0, 0) = 0 [pid 2773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2773] write(3, "1000", 4) = 4 [pid 2773] close(3) = 0 [pid 2773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2773] memfd_create("syzkaller", 0) = 3 [pid 2773] ftruncate(3, 2097152) = 0 [pid 2773] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2773] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2773] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2773] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2773] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2773] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2773] mkdir("./file0", 0777) = 0 [pid 2773] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2773] ioctl(4, LOOP_CLR_FD) = 0 [pid 2773] close(4) = 0 [pid 2773] close(3) = 0 [ 77.678689][ T2769] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2773] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2773] exit_group(0) = ? [pid 2773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2773, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./618", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./618/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./618/binderfs") = 0 umount2("./618/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./618/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./618/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./618/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./618") = 0 mkdir("./619", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2777 attached , child_tidptr=0x5555564b55d0) = 2777 [pid 2777] chdir("./619") = 0 [pid 2777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2777] setpgid(0, 0) = 0 [pid 2777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2777] write(3, "1000", 4) = 4 [pid 2777] close(3) = 0 [pid 2777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2777] memfd_create("syzkaller", 0) = 3 [pid 2777] ftruncate(3, 2097152) = 0 [pid 2777] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2777] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2777] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2777] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2777] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2777] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2777] ioctl(4, LOOP_SET_FD, 3) = 0 [ 77.738521][ T2773] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2777] mkdir("./file0", 0777) = 0 [pid 2777] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2777] ioctl(4, LOOP_CLR_FD) = 0 [pid 2777] close(4) = 0 [pid 2777] close(3) = 0 [pid 2777] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2777] exit_group(0) = ? [pid 2777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2777, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./619", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./619/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./619/binderfs") = 0 umount2("./619/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./619/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./619/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./619/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./619") = 0 mkdir("./620", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2782 ./strace-static-x86_64: Process 2782 attached [pid 2782] chdir("./620") = 0 [pid 2782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2782] setpgid(0, 0) = 0 [pid 2782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2782] write(3, "1000", 4) = 4 [pid 2782] close(3) = 0 [pid 2782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2782] memfd_create("syzkaller", 0) = 3 [pid 2782] ftruncate(3, 2097152) = 0 [pid 2782] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2782] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2782] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2782] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2782] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2782] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2782] mkdir("./file0", 0777) = 0 [ 77.810655][ T2777] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2782] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2782] ioctl(4, LOOP_CLR_FD) = 0 [pid 2782] close(4) = 0 [pid 2782] close(3) = 0 [pid 2782] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2782] exit_group(0) = ? [pid 2782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2782, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./620", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./620/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./620/binderfs") = 0 [ 77.876760][ T2782] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./620/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./620/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./620/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./620/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./620") = 0 mkdir("./621", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2786 attached , child_tidptr=0x5555564b55d0) = 2786 [pid 2786] chdir("./621") = 0 [pid 2786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2786] setpgid(0, 0) = 0 [pid 2786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2786] write(3, "1000", 4) = 4 [pid 2786] close(3) = 0 [pid 2786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2786] memfd_create("syzkaller", 0) = 3 [pid 2786] ftruncate(3, 2097152) = 0 [pid 2786] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2786] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2786] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2786] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2786] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2786] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2786] mkdir("./file0", 0777) = 0 [pid 2786] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2786] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2786] ioctl(4, LOOP_CLR_FD) = 0 [pid 2786] close(4) = 0 [pid 2786] close(3) = 0 [pid 2786] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2786] exit_group(0) = ? [pid 2786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2786, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./621", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./621/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./621/binderfs") = 0 umount2("./621/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./621/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./621/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 77.994700][ T2786] EXT4-fs (loop0): re-mounted. Opts: (null) getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./621/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./621") = 0 mkdir("./622", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2790 ./strace-static-x86_64: Process 2790 attached [pid 2790] chdir("./622") = 0 [pid 2790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2790] setpgid(0, 0) = 0 [pid 2790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2790] write(3, "1000", 4) = 4 [pid 2790] close(3) = 0 [pid 2790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2790] memfd_create("syzkaller", 0) = 3 [pid 2790] ftruncate(3, 2097152) = 0 [pid 2790] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2790] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2790] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2790] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2790] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2790] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2790] mkdir("./file0", 0777) = 0 [pid 2790] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2790] ioctl(4, LOOP_CLR_FD) = 0 [pid 2790] close(4) = 0 [pid 2790] close(3) = 0 [pid 2790] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2790] exit_group(0) = ? [pid 2790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2790, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./622", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./622/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./622/binderfs") = 0 [ 78.078541][ T2790] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./622/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./622/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./622/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./622/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./622") = 0 mkdir("./623", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2794 ./strace-static-x86_64: Process 2794 attached [pid 2794] chdir("./623") = 0 [pid 2794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2794] setpgid(0, 0) = 0 [pid 2794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2794] write(3, "1000", 4) = 4 [pid 2794] close(3) = 0 [pid 2794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2794] memfd_create("syzkaller", 0) = 3 [pid 2794] ftruncate(3, 2097152) = 0 [pid 2794] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2794] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2794] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2794] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2794] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2794] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2794] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2794] mkdir("./file0", 0777) = 0 [pid 2794] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2794] ioctl(4, LOOP_CLR_FD) = 0 [pid 2794] close(4) = 0 [pid 2794] close(3) = 0 [pid 2794] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2794] exit_group(0) = ? [pid 2794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2794, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./623", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./623/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./623/binderfs") = 0 umount2("./623/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./623/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./623/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./623/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./623") = 0 mkdir("./624", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2798 attached , child_tidptr=0x5555564b55d0) = 2798 [pid 2798] chdir("./624") = 0 [pid 2798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2798] setpgid(0, 0) = 0 [pid 2798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2798] write(3, "1000", 4) = 4 [pid 2798] close(3) = 0 [pid 2798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2798] memfd_create("syzkaller", 0) = 3 [pid 2798] ftruncate(3, 2097152) = 0 [pid 2798] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2798] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2798] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2798] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2798] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2798] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [ 78.197690][ T2794] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2798] mkdir("./file0", 0777) = 0 [pid 2798] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2798] ioctl(4, LOOP_CLR_FD) = 0 [pid 2798] close(4) = 0 [pid 2798] close(3) = 0 [pid 2798] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2798] exit_group(0) = ? [pid 2798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2798, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./624", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./624/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./624/binderfs") = 0 umount2("./624/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./624/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./624/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./624/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./624") = 0 mkdir("./625", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2802 ./strace-static-x86_64: Process 2802 attached [pid 2802] chdir("./625") = 0 [pid 2802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2802] setpgid(0, 0) = 0 [pid 2802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2802] write(3, "1000", 4) = 4 [pid 2802] close(3) = 0 [pid 2802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2802] memfd_create("syzkaller", 0) = 3 [pid 2802] ftruncate(3, 2097152) = 0 [pid 2802] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2802] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2802] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2802] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2802] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2802] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2802] mkdir("./file0", 0777) = 0 [pid 2802] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2802] ioctl(4, LOOP_CLR_FD) = 0 [pid 2802] close(4) = 0 [pid 2802] close(3) = 0 [ 78.277140][ T2798] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2802] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2802] exit_group(0) = ? [pid 2802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2802, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./625", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./625/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./625/binderfs") = 0 [ 78.339588][ T2802] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./625/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./625/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./625/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./625/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./625") = 0 mkdir("./626", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2806 attached , child_tidptr=0x5555564b55d0) = 2806 [pid 2806] chdir("./626") = 0 [pid 2806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2806] setpgid(0, 0) = 0 [pid 2806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2806] write(3, "1000", 4) = 4 [pid 2806] close(3) = 0 [pid 2806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2806] memfd_create("syzkaller", 0) = 3 [pid 2806] ftruncate(3, 2097152) = 0 [pid 2806] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2806] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2806] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2806] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2806] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2806] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2806] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2806] mkdir("./file0", 0777) = 0 [pid 2806] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2806] ioctl(4, LOOP_CLR_FD) = 0 [pid 2806] close(4) = 0 [pid 2806] close(3) = 0 [pid 2806] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2806] exit_group(0) = ? [pid 2806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2806, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./626", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./626/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./626/binderfs") = 0 [ 78.438325][ T2806] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./626/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./626/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./626/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./626/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./626") = 0 mkdir("./627", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2810 ./strace-static-x86_64: Process 2810 attached [pid 2810] chdir("./627") = 0 [pid 2810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2810] setpgid(0, 0) = 0 [pid 2810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2810] write(3, "1000", 4) = 4 [pid 2810] close(3) = 0 [pid 2810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2810] memfd_create("syzkaller", 0) = 3 [pid 2810] ftruncate(3, 2097152) = 0 [pid 2810] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2810] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2810] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2810] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2810] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2810] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2810] mkdir("./file0", 0777) = 0 [pid 2810] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2810] ioctl(4, LOOP_CLR_FD) = 0 [pid 2810] close(4) = 0 [pid 2810] close(3) = 0 [pid 2810] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2810] exit_group(0) = ? [pid 2810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2810, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./627", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./627/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./627/binderfs") = 0 [ 78.536917][ T2810] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./627/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./627/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./627/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./627/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./627") = 0 mkdir("./628", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2814 ./strace-static-x86_64: Process 2814 attached [pid 2814] chdir("./628") = 0 [pid 2814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2814] setpgid(0, 0) = 0 [pid 2814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2814] write(3, "1000", 4) = 4 [pid 2814] close(3) = 0 [pid 2814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2814] memfd_create("syzkaller", 0) = 3 [pid 2814] ftruncate(3, 2097152) = 0 [pid 2814] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2814] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2814] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2814] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2814] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2814] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2814] mkdir("./file0", 0777) = 0 [pid 2814] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2814] ioctl(4, LOOP_CLR_FD) = 0 [pid 2814] close(4) = 0 [pid 2814] close(3) = 0 [pid 2814] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2814] exit_group(0) = ? [pid 2814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2814, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./628", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./628/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./628/binderfs") = 0 [ 78.668647][ T2814] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./628/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./628/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./628/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./628/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./628/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./628") = 0 mkdir("./629", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2818 ./strace-static-x86_64: Process 2818 attached [pid 2818] chdir("./629") = 0 [pid 2818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2818] setpgid(0, 0) = 0 [pid 2818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2818] write(3, "1000", 4) = 4 [pid 2818] close(3) = 0 [pid 2818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2818] memfd_create("syzkaller", 0) = 3 [pid 2818] ftruncate(3, 2097152) = 0 [pid 2818] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2818] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2818] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2818] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2818] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2818] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2818] mkdir("./file0", 0777) = 0 [pid 2818] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2818] ioctl(4, LOOP_CLR_FD) = 0 [pid 2818] close(4) = 0 [pid 2818] close(3) = 0 [pid 2818] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2818] exit_group(0) = ? [pid 2818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2818, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./629", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./629/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./629/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./629/binderfs") = 0 umount2("./629/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./629/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./629/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./629/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./629/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./629") = 0 mkdir("./630", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 78.796755][ T2818] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2822 ./strace-static-x86_64: Process 2822 attached [pid 2822] chdir("./630") = 0 [pid 2822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2822] setpgid(0, 0) = 0 [pid 2822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2822] write(3, "1000", 4) = 4 [pid 2822] close(3) = 0 [pid 2822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2822] memfd_create("syzkaller", 0) = 3 [pid 2822] ftruncate(3, 2097152) = 0 [pid 2822] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2822] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2822] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2822] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2822] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2822] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2822] mkdir("./file0", 0777) = 0 [pid 2822] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2822] ioctl(4, LOOP_CLR_FD) = 0 [pid 2822] close(4) = 0 [pid 2822] close(3) = 0 [pid 2822] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2822] exit_group(0) = ? [pid 2822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2822, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./630", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./630/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./630/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./630/binderfs") = 0 [ 78.876309][ T2822] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./630/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./630/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./630/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./630/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./630/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./630") = 0 mkdir("./631", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2826 ./strace-static-x86_64: Process 2826 attached [pid 2826] chdir("./631") = 0 [pid 2826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2826] setpgid(0, 0) = 0 [pid 2826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2826] write(3, "1000", 4) = 4 [pid 2826] close(3) = 0 [pid 2826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2826] memfd_create("syzkaller", 0) = 3 [pid 2826] ftruncate(3, 2097152) = 0 [pid 2826] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2826] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2826] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2826] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2826] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2826] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2826] mkdir("./file0", 0777) = 0 [pid 2826] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2826] ioctl(4, LOOP_CLR_FD) = 0 [pid 2826] close(4) = 0 [pid 2826] close(3) = 0 [pid 2826] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2826] exit_group(0) = ? [pid 2826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2826, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./631", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./631/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./631/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./631/binderfs") = 0 [ 78.997853][ T2826] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./631/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./631/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./631/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./631/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./631/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./631") = 0 mkdir("./632", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2830 ./strace-static-x86_64: Process 2830 attached [pid 2830] chdir("./632") = 0 [pid 2830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2830] setpgid(0, 0) = 0 [pid 2830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2830] write(3, "1000", 4) = 4 [pid 2830] close(3) = 0 [pid 2830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2830] memfd_create("syzkaller", 0) = 3 [pid 2830] ftruncate(3, 2097152) = 0 [pid 2830] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2830] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2830] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2830] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2830] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2830] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2830] mkdir("./file0", 0777) = 0 [pid 2830] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2830] ioctl(4, LOOP_CLR_FD) = 0 [pid 2830] close(4) = 0 [pid 2830] close(3) = 0 [pid 2830] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2830] exit_group(0) = ? [pid 2830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2830, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./632", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./632/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./632/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./632/binderfs") = 0 [ 79.116855][ T2830] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./632/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./632/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./632/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./632/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./632/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./632") = 0 mkdir("./633", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2834 attached [pid 2834] chdir("./633") = 0 [pid 2834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2834] setpgid(0, 0) = 0 [pid 2834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2834 [pid 2834] write(3, "1000", 4) = 4 [pid 2834] close(3) = 0 [pid 2834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2834] memfd_create("syzkaller", 0) = 3 [pid 2834] ftruncate(3, 2097152) = 0 [pid 2834] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2834] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2834] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2834] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2834] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2834] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2834] mkdir("./file0", 0777) = 0 [pid 2834] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2834] ioctl(4, LOOP_CLR_FD) = 0 [pid 2834] close(4) = 0 [pid 2834] close(3) = 0 [pid 2834] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2834] exit_group(0) = ? [pid 2834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2834, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./633", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./633/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./633/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./633/binderfs") = 0 umount2("./633/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./633/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./633/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./633/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./633/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./633") = 0 mkdir("./634", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2838 ./strace-static-x86_64: Process 2838 attached [pid 2838] chdir("./634") = 0 [pid 2838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2838] setpgid(0, 0) = 0 [pid 2838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2838] write(3, "1000", 4) = 4 [pid 2838] close(3) = 0 [pid 2838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2838] memfd_create("syzkaller", 0) = 3 [pid 2838] ftruncate(3, 2097152) = 0 [pid 2838] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2838] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2838] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2838] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2838] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2838] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2838] mkdir("./file0", 0777) = 0 [ 79.217580][ T2834] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2838] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2838] ioctl(4, LOOP_CLR_FD) = 0 [pid 2838] close(4) = 0 [pid 2838] close(3) = 0 [pid 2838] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2838] exit_group(0) = ? [pid 2838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2838, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./634", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./634/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./634/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./634/binderfs") = 0 [ 79.284407][ T2838] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./634/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./634/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./634/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./634/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./634/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./634") = 0 mkdir("./635", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2842 ./strace-static-x86_64: Process 2842 attached [pid 2842] chdir("./635") = 0 [pid 2842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2842] setpgid(0, 0) = 0 [pid 2842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2842] write(3, "1000", 4) = 4 [pid 2842] close(3) = 0 [pid 2842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2842] memfd_create("syzkaller", 0) = 3 [pid 2842] ftruncate(3, 2097152) = 0 [pid 2842] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2842] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2842] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2842] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2842] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2842] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2842] mkdir("./file0", 0777) = 0 [pid 2842] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2842] ioctl(4, LOOP_CLR_FD) = 0 [pid 2842] close(4) = 0 [pid 2842] close(3) = 0 [pid 2842] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2842] exit_group(0) = ? [pid 2842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2842, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./635", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./635/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./635/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./635/binderfs") = 0 [ 79.377941][ T2842] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./635/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./635/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./635/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./635/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./635/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./635") = 0 mkdir("./636", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2846 attached , child_tidptr=0x5555564b55d0) = 2846 [pid 2846] chdir("./636") = 0 [pid 2846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2846] setpgid(0, 0) = 0 [pid 2846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2846] write(3, "1000", 4) = 4 [pid 2846] close(3) = 0 [pid 2846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2846] memfd_create("syzkaller", 0) = 3 [pid 2846] ftruncate(3, 2097152) = 0 [pid 2846] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2846] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2846] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2846] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2846] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2846] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2846] mkdir("./file0", 0777) = 0 [pid 2846] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2846] ioctl(4, LOOP_CLR_FD) = 0 [pid 2846] close(4) = 0 [pid 2846] close(3) = 0 [pid 2846] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2846] exit_group(0) = ? [pid 2846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2846, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./636", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./636/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./636/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./636/binderfs") = 0 [ 79.476643][ T2846] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./636/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./636/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./636/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./636/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./636/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./636") = 0 mkdir("./637", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2850 attached , child_tidptr=0x5555564b55d0) = 2850 [pid 2850] chdir("./637") = 0 [pid 2850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2850] setpgid(0, 0) = 0 [pid 2850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2850] write(3, "1000", 4) = 4 [pid 2850] close(3) = 0 [pid 2850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2850] memfd_create("syzkaller", 0) = 3 [pid 2850] ftruncate(3, 2097152) = 0 [pid 2850] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2850] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2850] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2850] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2850] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2850] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2850] mkdir("./file0", 0777) = 0 [pid 2850] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2850] ioctl(4, LOOP_CLR_FD) = 0 [pid 2850] close(4) = 0 [pid 2850] close(3) = 0 [pid 2850] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2850] exit_group(0) = ? [pid 2850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2850, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./637", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./637/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./637/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./637/binderfs") = 0 [ 79.592685][ T2850] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./637/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./637/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./637/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./637/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./637/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./637") = 0 mkdir("./638", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2854 ./strace-static-x86_64: Process 2854 attached [pid 2854] chdir("./638") = 0 [pid 2854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2854] setpgid(0, 0) = 0 [pid 2854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2854] write(3, "1000", 4) = 4 [pid 2854] close(3) = 0 [pid 2854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2854] memfd_create("syzkaller", 0) = 3 [pid 2854] ftruncate(3, 2097152) = 0 [pid 2854] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2854] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2854] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2854] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2854] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2854] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2854] mkdir("./file0", 0777) = 0 [pid 2854] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2854] ioctl(4, LOOP_CLR_FD) = 0 [pid 2854] close(4) = 0 [pid 2854] close(3) = 0 [pid 2854] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2854] exit_group(0) = ? [pid 2854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2854, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./638", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./638/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./638/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./638/binderfs") = 0 [ 79.716803][ T2854] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./638/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./638/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./638/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./638/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./638/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./638") = 0 mkdir("./639", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2858 attached , child_tidptr=0x5555564b55d0) = 2858 [pid 2858] chdir("./639") = 0 [pid 2858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2858] setpgid(0, 0) = 0 [pid 2858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2858] write(3, "1000", 4) = 4 [pid 2858] close(3) = 0 [pid 2858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2858] memfd_create("syzkaller", 0) = 3 [pid 2858] ftruncate(3, 2097152) = 0 [pid 2858] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2858] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2858] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2858] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2858] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2858] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2858] mkdir("./file0", 0777) = 0 [pid 2858] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2858] ioctl(4, LOOP_CLR_FD) = 0 [pid 2858] close(4) = 0 [pid 2858] close(3) = 0 [pid 2858] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2858] exit_group(0) = ? [pid 2858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2858, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./639", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./639/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./639/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./639/binderfs") = 0 [ 79.825556][ T2858] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./639/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./639/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./639/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./639/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./639/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./639") = 0 mkdir("./640", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2863 ./strace-static-x86_64: Process 2863 attached [pid 2863] chdir("./640") = 0 [pid 2863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2863] setpgid(0, 0) = 0 [pid 2863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2863] write(3, "1000", 4) = 4 [pid 2863] close(3) = 0 [pid 2863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2863] memfd_create("syzkaller", 0) = 3 [pid 2863] ftruncate(3, 2097152) = 0 [pid 2863] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2863] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2863] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2863] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2863] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2863] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2863] mkdir("./file0", 0777) = 0 [pid 2863] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2863] ioctl(4, LOOP_CLR_FD) = 0 [pid 2863] close(4) = 0 [pid 2863] close(3) = 0 [pid 2863] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2863] exit_group(0) = ? [pid 2863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2863, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./640", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./640/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./640/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./640/binderfs") = 0 [ 79.900394][ T2863] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./640/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./640/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./640/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./640/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./640/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./640") = 0 mkdir("./641", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2867 attached , child_tidptr=0x5555564b55d0) = 2867 [pid 2867] chdir("./641") = 0 [pid 2867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2867] setpgid(0, 0) = 0 [pid 2867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2867] write(3, "1000", 4) = 4 [pid 2867] close(3) = 0 [pid 2867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2867] memfd_create("syzkaller", 0) = 3 [pid 2867] ftruncate(3, 2097152) = 0 [pid 2867] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2867] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2867] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2867] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2867] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2867] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2867] mkdir("./file0", 0777) = 0 [pid 2867] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2867] ioctl(4, LOOP_CLR_FD) = 0 [pid 2867] close(4) = 0 [pid 2867] close(3) = 0 [pid 2867] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2867] exit_group(0) = ? [pid 2867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2867, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./641", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./641/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./641/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./641/binderfs") = 0 [ 80.006447][ T2867] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./641/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./641/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./641/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./641/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./641/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./641") = 0 mkdir("./642", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2871 ./strace-static-x86_64: Process 2871 attached [pid 2871] chdir("./642") = 0 [pid 2871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2871] setpgid(0, 0) = 0 [pid 2871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2871] write(3, "1000", 4) = 4 [pid 2871] close(3) = 0 [pid 2871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2871] memfd_create("syzkaller", 0) = 3 [pid 2871] ftruncate(3, 2097152) = 0 [pid 2871] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2871] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2871] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2871] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2871] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2871] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2871] mkdir("./file0", 0777) = 0 [pid 2871] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2871] ioctl(4, LOOP_CLR_FD) = 0 [pid 2871] close(4) = 0 [pid 2871] close(3) = 0 [pid 2871] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2871] exit_group(0) = ? [pid 2871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2871, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./642", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./642/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./642/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./642/binderfs") = 0 umount2("./642/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./642/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./642/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./642/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./642/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./642") = 0 mkdir("./643", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2875 attached , child_tidptr=0x5555564b55d0) = 2875 [pid 2875] chdir("./643") = 0 [pid 2875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2875] setpgid(0, 0) = 0 [pid 2875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2875] write(3, "1000", 4) = 4 [pid 2875] close(3) = 0 [pid 2875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2875] memfd_create("syzkaller", 0) = 3 [pid 2875] ftruncate(3, 2097152) = 0 [pid 2875] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2875] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2875] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2875] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2875] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2875] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2875] mkdir("./file0", 0777) = 0 [ 80.118724][ T2871] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2875] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2875] ioctl(4, LOOP_CLR_FD) = 0 [pid 2875] close(4) = 0 [pid 2875] close(3) = 0 [pid 2875] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2875] exit_group(0) = ? [pid 2875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2875, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./643", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./643/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./643/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./643/binderfs") = 0 umount2("./643/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./643/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./643/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./643/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./643/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./643") = 0 mkdir("./644", 0777) = 0 [ 80.187128][ T2875] EXT4-fs (loop0): re-mounted. Opts: (null) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2879 ./strace-static-x86_64: Process 2879 attached [pid 2879] chdir("./644") = 0 [pid 2879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2879] setpgid(0, 0) = 0 [pid 2879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2879] write(3, "1000", 4) = 4 [pid 2879] close(3) = 0 [pid 2879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2879] memfd_create("syzkaller", 0) = 3 [pid 2879] ftruncate(3, 2097152) = 0 [pid 2879] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2879] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2879] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2879] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2879] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2879] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2879] mkdir("./file0", 0777) = 0 [pid 2879] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2879] ioctl(4, LOOP_CLR_FD) = 0 [pid 2879] close(4) = 0 [pid 2879] close(3) = 0 [pid 2879] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2879] exit_group(0) = ? [pid 2879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2879, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./644", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./644/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./644/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./644/binderfs") = 0 umount2("./644/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./644/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./644/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./644/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./644/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./644") = 0 mkdir("./645", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2883 ./strace-static-x86_64: Process 2883 attached [pid 2883] chdir("./645") = 0 [pid 2883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2883] setpgid(0, 0) = 0 [pid 2883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2883] write(3, "1000", 4) = 4 [pid 2883] close(3) = 0 [pid 2883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2883] memfd_create("syzkaller", 0) = 3 [pid 2883] ftruncate(3, 2097152) = 0 [pid 2883] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2883] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2883] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2883] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2883] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2883] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2883] mkdir("./file0", 0777) = 0 [ 80.287134][ T2879] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2883] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2883] ioctl(4, LOOP_CLR_FD) = 0 [pid 2883] close(4) = 0 [pid 2883] close(3) = 0 [pid 2883] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2883] exit_group(0) = ? [pid 2883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2883, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./645", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./645/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./645/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./645/binderfs") = 0 [ 80.359544][ T2883] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./645/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./645/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./645/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./645/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./645/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./645") = 0 mkdir("./646", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2887 ./strace-static-x86_64: Process 2887 attached [pid 2887] chdir("./646") = 0 [pid 2887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2887] setpgid(0, 0) = 0 [pid 2887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2887] write(3, "1000", 4) = 4 [pid 2887] close(3) = 0 [pid 2887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2887] memfd_create("syzkaller", 0) = 3 [pid 2887] ftruncate(3, 2097152) = 0 [pid 2887] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2887] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2887] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2887] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2887] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2887] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2887] mkdir("./file0", 0777) = 0 [pid 2887] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2887] ioctl(4, LOOP_CLR_FD) = 0 [pid 2887] close(4) = 0 [pid 2887] close(3) = 0 [pid 2887] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2887] exit_group(0) = ? [pid 2887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2887, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./646", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./646/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./646/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./646/binderfs") = 0 umount2("./646/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./646/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./646/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./646/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./646/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./646") = 0 mkdir("./647", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2891 ./strace-static-x86_64: Process 2891 attached [pid 2891] chdir("./647") = 0 [pid 2891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 80.508708][ T2887] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2891] setpgid(0, 0) = 0 [pid 2891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2891] write(3, "1000", 4) = 4 [pid 2891] close(3) = 0 [pid 2891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2891] memfd_create("syzkaller", 0) = 3 [pid 2891] ftruncate(3, 2097152) = 0 [pid 2891] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2891] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2891] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2891] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2891] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2891] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2891] mkdir("./file0", 0777) = 0 [pid 2891] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2891] ioctl(4, LOOP_CLR_FD) = 0 [pid 2891] close(4) = 0 [pid 2891] close(3) = 0 [pid 2891] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2891] exit_group(0) = ? [pid 2891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2891, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./647", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./647/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./647/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./647/binderfs") = 0 [ 80.592911][ T2891] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./647/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./647/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./647/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./647/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./647/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./647") = 0 mkdir("./648", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2895 ./strace-static-x86_64: Process 2895 attached [pid 2895] chdir("./648") = 0 [pid 2895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2895] setpgid(0, 0) = 0 [pid 2895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2895] write(3, "1000", 4) = 4 [pid 2895] close(3) = 0 [pid 2895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2895] memfd_create("syzkaller", 0) = 3 [pid 2895] ftruncate(3, 2097152) = 0 [pid 2895] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2895] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2895] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2895] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2895] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2895] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2895] mkdir("./file0", 0777) = 0 [pid 2895] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2895] ioctl(4, LOOP_CLR_FD) = 0 [pid 2895] close(4) = 0 [pid 2895] close(3) = 0 [pid 2895] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2895] exit_group(0) = ? [pid 2895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2895, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./648", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./648/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./648/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./648/binderfs") = 0 umount2("./648/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./648/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./648/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./648/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./648/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./648") = 0 mkdir("./649", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 80.707717][ T2895] EXT4-fs (loop0): re-mounted. Opts: (null) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2899 ./strace-static-x86_64: Process 2899 attached [pid 2899] chdir("./649") = 0 [pid 2899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2899] setpgid(0, 0) = 0 [pid 2899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2899] write(3, "1000", 4) = 4 [pid 2899] close(3) = 0 [pid 2899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2899] memfd_create("syzkaller", 0) = 3 [pid 2899] ftruncate(3, 2097152) = 0 [pid 2899] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2899] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2899] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2899] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2899] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2899] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2899] mkdir("./file0", 0777) = 0 [pid 2899] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2899] ioctl(4, LOOP_CLR_FD) = 0 [pid 2899] close(4) = 0 [pid 2899] close(3) = 0 [pid 2899] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2899] exit_group(0) = ? [pid 2899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2899, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./649", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./649/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./649/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./649/binderfs") = 0 umount2("./649/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./649/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./649/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./649/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./649/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./649") = 0 mkdir("./650", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2903 ./strace-static-x86_64: Process 2903 attached [pid 2903] chdir("./650") = 0 [pid 2903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2903] setpgid(0, 0) = 0 [ 80.788258][ T2899] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2903] write(3, "1000", 4) = 4 [pid 2903] close(3) = 0 [pid 2903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2903] memfd_create("syzkaller", 0) = 3 [pid 2903] ftruncate(3, 2097152) = 0 [pid 2903] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2903] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2903] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2903] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2903] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2903] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2903] mkdir("./file0", 0777) = 0 [pid 2903] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2903] ioctl(4, LOOP_CLR_FD) = 0 [pid 2903] close(4) = 0 [pid 2903] close(3) = 0 [pid 2903] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2903] exit_group(0) = ? [pid 2903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2903, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./650", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./650/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./650/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./650/binderfs") = 0 umount2("./650/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./650/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./650/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./650/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./650/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./650") = 0 mkdir("./651", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2907 ./strace-static-x86_64: Process 2907 attached [pid 2907] chdir("./651") = 0 [pid 2907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2907] setpgid(0, 0) = 0 [ 80.867728][ T2903] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2907] write(3, "1000", 4) = 4 [pid 2907] close(3) = 0 [pid 2907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2907] memfd_create("syzkaller", 0) = 3 [pid 2907] ftruncate(3, 2097152) = 0 [pid 2907] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2907] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2907] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2907] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2907] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2907] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2907] mkdir("./file0", 0777) = 0 [pid 2907] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2907] ioctl(4, LOOP_CLR_FD) = 0 [pid 2907] close(4) = 0 [pid 2907] close(3) = 0 [pid 2907] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2907] exit_group(0) = ? [pid 2907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2907, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./651", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./651/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./651/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./651/binderfs") = 0 umount2("./651/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./651/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./651/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./651/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./651/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./651") = 0 mkdir("./652", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2911 ./strace-static-x86_64: Process 2911 attached [pid 2911] chdir("./652") = 0 [pid 2911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2911] setpgid(0, 0) = 0 [pid 2911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2911] write(3, "1000", 4) = 4 [pid 2911] close(3) = 0 [pid 2911] symlink("/dev/binderfs", "./binderfs") = 0 [ 80.949456][ T2907] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2911] memfd_create("syzkaller", 0) = 3 [pid 2911] ftruncate(3, 2097152) = 0 [pid 2911] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2911] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2911] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2911] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2911] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2911] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2911] mkdir("./file0", 0777) = 0 [pid 2911] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2911] ioctl(4, LOOP_CLR_FD) = 0 [pid 2911] close(4) = 0 [pid 2911] close(3) = 0 [pid 2911] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2911] exit_group(0) = ? [pid 2911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2911, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./652", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./652/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./652/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./652/binderfs") = 0 umount2("./652/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./652/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./652/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./652/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./652/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./652") = 0 mkdir("./653", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2915 ./strace-static-x86_64: Process 2915 attached [pid 2915] chdir("./653") = 0 [pid 2915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2915] setpgid(0, 0) = 0 [pid 2915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 81.026845][ T2911] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2915] write(3, "1000", 4) = 4 [pid 2915] close(3) = 0 [pid 2915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2915] memfd_create("syzkaller", 0) = 3 [pid 2915] ftruncate(3, 2097152) = 0 [pid 2915] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2915] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2915] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2915] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2915] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2915] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2915] mkdir("./file0", 0777) = 0 [pid 2915] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2915] ioctl(4, LOOP_CLR_FD) = 0 [pid 2915] close(4) = 0 [pid 2915] close(3) = 0 [pid 2915] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2915] exit_group(0) = ? [pid 2915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2915, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./653", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./653/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./653/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./653/binderfs") = 0 umount2("./653/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./653/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./653/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./653/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./653/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./653") = 0 mkdir("./654", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2919 ./strace-static-x86_64: Process 2919 attached [pid 2919] chdir("./654") = 0 [pid 2919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2919] setpgid(0, 0) = 0 [pid 2919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2919] write(3, "1000", 4) = 4 [pid 2919] close(3) = 0 [pid 2919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2919] memfd_create("syzkaller", 0) = 3 [pid 2919] ftruncate(3, 2097152) = 0 [pid 2919] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2919] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2919] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [ 81.113400][ T2915] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2919] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2919] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2919] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2919] mkdir("./file0", 0777) = 0 [pid 2919] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2919] ioctl(4, LOOP_CLR_FD) = 0 [pid 2919] close(4) = 0 [pid 2919] close(3) = 0 [pid 2919] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2919] exit_group(0) = ? [pid 2919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2919, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./654", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./654/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./654/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./654/binderfs") = 0 umount2("./654/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./654/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./654/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./654/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./654/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./654") = 0 mkdir("./655", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 81.189927][ T2919] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2923 ./strace-static-x86_64: Process 2923 attached [pid 2923] chdir("./655") = 0 [pid 2923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2923] setpgid(0, 0) = 0 [pid 2923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2923] write(3, "1000", 4) = 4 [pid 2923] close(3) = 0 [pid 2923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2923] memfd_create("syzkaller", 0) = 3 [pid 2923] ftruncate(3, 2097152) = 0 [pid 2923] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2923] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2923] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2923] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2923] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2923] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2923] mkdir("./file0", 0777) = 0 [pid 2923] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2923] ioctl(4, LOOP_CLR_FD) = 0 [pid 2923] close(4) = 0 [pid 2923] close(3) = 0 [pid 2923] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2923] exit_group(0) = ? [pid 2923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2923, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./655", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./655/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./655/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./655/binderfs") = 0 umount2("./655/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./655/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./655/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./655/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./655/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./655") = 0 mkdir("./656", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2927 ./strace-static-x86_64: Process 2927 attached [pid 2927] chdir("./656") = 0 [pid 2927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2927] setpgid(0, 0) = 0 [pid 2927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2927] write(3, "1000", 4) = 4 [pid 2927] close(3) = 0 [pid 2927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2927] memfd_create("syzkaller", 0) = 3 [pid 2927] ftruncate(3, 2097152) = 0 [pid 2927] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2927] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2927] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2927] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2927] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2927] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2927] ioctl(4, LOOP_SET_FD, 3) = 0 [ 81.268414][ T2923] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2927] mkdir("./file0", 0777) = 0 [pid 2927] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2927] ioctl(4, LOOP_CLR_FD) = 0 [pid 2927] close(4) = 0 [pid 2927] close(3) = 0 [pid 2927] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2927] exit_group(0) = ? [pid 2927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2927, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./656", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./656/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./656/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./656/binderfs") = 0 [ 81.337052][ T2927] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./656/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./656/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./656/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./656/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./656/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./656") = 0 mkdir("./657", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2931 ./strace-static-x86_64: Process 2931 attached [pid 2931] chdir("./657") = 0 [pid 2931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2931] setpgid(0, 0) = 0 [pid 2931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2931] write(3, "1000", 4) = 4 [pid 2931] close(3) = 0 [pid 2931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2931] memfd_create("syzkaller", 0) = 3 [pid 2931] ftruncate(3, 2097152) = 0 [pid 2931] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2931] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2931] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2931] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2931] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2931] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2931] mkdir("./file0", 0777) = 0 [pid 2931] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2931] ioctl(4, LOOP_CLR_FD) = 0 [pid 2931] close(4) = 0 [pid 2931] close(3) = 0 [pid 2931] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2931] exit_group(0) = ? [pid 2931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2931, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./657", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./657/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./657/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./657/binderfs") = 0 umount2("./657/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./657/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./657/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./657/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./657/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./657") = 0 mkdir("./658", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2935 ./strace-static-x86_64: Process 2935 attached [ 81.428111][ T2931] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2935] chdir("./658") = 0 [pid 2935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2935] setpgid(0, 0) = 0 [pid 2935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2935] write(3, "1000", 4) = 4 [pid 2935] close(3) = 0 [pid 2935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2935] memfd_create("syzkaller", 0) = 3 [pid 2935] ftruncate(3, 2097152) = 0 [pid 2935] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2935] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2935] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2935] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2935] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2935] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2935] mkdir("./file0", 0777) = 0 [pid 2935] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2935] ioctl(4, LOOP_CLR_FD) = 0 [pid 2935] close(4) = 0 [pid 2935] close(3) = 0 [pid 2935] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2935] exit_group(0) = ? [pid 2935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2935, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./658", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./658/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./658/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./658/binderfs") = 0 umount2("./658/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./658/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./658/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./658/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./658/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./658") = 0 mkdir("./659", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 81.508946][ T2935] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2939 attached [pid 2939] chdir("./659") = 0 [pid 2939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2939] setpgid(0, 0) = 0 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2939 [pid 2939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2939] write(3, "1000", 4) = 4 [pid 2939] close(3) = 0 [pid 2939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2939] memfd_create("syzkaller", 0) = 3 [pid 2939] ftruncate(3, 2097152) = 0 [pid 2939] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2939] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2939] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2939] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2939] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2939] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2939] mkdir("./file0", 0777) = 0 [pid 2939] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2939] ioctl(4, LOOP_CLR_FD) = 0 [pid 2939] close(4) = 0 [pid 2939] close(3) = 0 [pid 2939] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2939] exit_group(0) = ? [pid 2939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2939, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./659", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./659/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./659/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./659/binderfs") = 0 umount2("./659/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./659/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./659/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./659/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./659/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./659") = 0 mkdir("./660", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2943 ./strace-static-x86_64: Process 2943 attached [pid 2943] chdir("./660") = 0 [pid 2943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2943] setpgid(0, 0) = 0 [pid 2943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2943] write(3, "1000", 4) = 4 [pid 2943] close(3) = 0 [pid 2943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2943] memfd_create("syzkaller", 0) = 3 [pid 2943] ftruncate(3, 2097152) = 0 [pid 2943] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2943] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2943] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2943] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2943] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2943] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2943] mkdir("./file0", 0777) = 0 [pid 2943] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2943] ioctl(4, LOOP_CLR_FD) = 0 [pid 2943] close(4) = 0 [pid 2943] close(3) = 0 [ 81.586292][ T2939] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2943] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2943] exit_group(0) = ? [pid 2943] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2943, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./660", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./660/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./660/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./660/binderfs") = 0 [ 81.647725][ T2943] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./660/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./660/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./660/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./660/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./660/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./660") = 0 mkdir("./661", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2947 attached , child_tidptr=0x5555564b55d0) = 2947 [pid 2947] chdir("./661") = 0 [pid 2947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2947] setpgid(0, 0) = 0 [pid 2947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2947] write(3, "1000", 4) = 4 [pid 2947] close(3) = 0 [pid 2947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2947] memfd_create("syzkaller", 0) = 3 [pid 2947] ftruncate(3, 2097152) = 0 [pid 2947] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2947] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2947] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2947] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2947] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2947] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2947] mkdir("./file0", 0777) = 0 [pid 2947] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2947] ioctl(4, LOOP_CLR_FD) = 0 [pid 2947] close(4) = 0 [pid 2947] close(3) = 0 [pid 2947] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2947] exit_group(0) = ? [pid 2947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2947, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./661", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./661/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./661/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./661/binderfs") = 0 umount2("./661/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./661/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./661/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./661/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./661/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./661") = 0 [ 81.748281][ T2947] EXT4-fs (loop0): re-mounted. Opts: (null) mkdir("./662", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2951 ./strace-static-x86_64: Process 2951 attached [pid 2951] chdir("./662") = 0 [pid 2951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2951] setpgid(0, 0) = 0 [pid 2951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2951] write(3, "1000", 4) = 4 [pid 2951] close(3) = 0 [pid 2951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2951] memfd_create("syzkaller", 0) = 3 [pid 2951] ftruncate(3, 2097152) = 0 [pid 2951] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2951] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2951] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2951] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2951] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2951] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2951] mkdir("./file0", 0777) = 0 [pid 2951] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2951] ioctl(4, LOOP_CLR_FD) = 0 [pid 2951] close(4) = 0 [pid 2951] close(3) = 0 [pid 2951] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2951] exit_group(0) = ? [pid 2951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2951, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./662", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./662/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./662/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./662/binderfs") = 0 umount2("./662/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./662/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./662/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./662/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./662/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./662") = 0 mkdir("./663", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2955 ./strace-static-x86_64: Process 2955 attached [pid 2955] chdir("./663") = 0 [pid 2955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2955] setpgid(0, 0) = 0 [pid 2955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2955] write(3, "1000", 4) = 4 [pid 2955] close(3) = 0 [pid 2955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2955] memfd_create("syzkaller", 0) = 3 [pid 2955] ftruncate(3, 2097152) = 0 [pid 2955] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2955] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2955] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2955] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2955] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2955] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2955] mkdir("./file0", 0777) = 0 [pid 2955] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2955] ioctl(4, LOOP_CLR_FD) = 0 [pid 2955] close(4) = 0 [pid 2955] close(3) = 0 [ 81.828198][ T2951] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2955] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2955] exit_group(0) = ? [pid 2955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2955, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./663", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./663/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./663/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./663/binderfs") = 0 [ 81.875754][ T2955] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./663/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./663/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./663/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./663/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./663/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./663") = 0 mkdir("./664", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2959 ./strace-static-x86_64: Process 2959 attached [pid 2959] chdir("./664") = 0 [pid 2959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2959] setpgid(0, 0) = 0 [pid 2959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2959] write(3, "1000", 4) = 4 [pid 2959] close(3) = 0 [pid 2959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2959] memfd_create("syzkaller", 0) = 3 [pid 2959] ftruncate(3, 2097152) = 0 [pid 2959] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2959] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2959] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2959] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2959] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2959] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2959] mkdir("./file0", 0777) = 0 [pid 2959] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2959] ioctl(4, LOOP_CLR_FD) = 0 [pid 2959] close(4) = 0 [pid 2959] close(3) = 0 [pid 2959] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2959] exit_group(0) = ? [pid 2959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2959, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./664", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./664/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./664/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./664/binderfs") = 0 [ 81.993666][ T2959] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./664/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./664/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./664/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./664/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./664/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./664") = 0 mkdir("./665", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2963 ./strace-static-x86_64: Process 2963 attached [pid 2963] chdir("./665") = 0 [pid 2963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2963] setpgid(0, 0) = 0 [pid 2963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2963] write(3, "1000", 4) = 4 [pid 2963] close(3) = 0 [pid 2963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2963] memfd_create("syzkaller", 0) = 3 [pid 2963] ftruncate(3, 2097152) = 0 [pid 2963] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2963] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2963] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2963] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2963] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2963] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2963] mkdir("./file0", 0777) = 0 [pid 2963] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2963] ioctl(4, LOOP_CLR_FD) = 0 [pid 2963] close(4) = 0 [pid 2963] close(3) = 0 [pid 2963] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2963] exit_group(0) = ? [pid 2963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2963, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./665", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./665/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./665/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./665/binderfs") = 0 umount2("./665/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./665/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./665/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./665/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./665/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./665") = 0 mkdir("./666", 0777) = 0 [ 82.109039][ T2963] EXT4-fs (loop0): re-mounted. Opts: (null) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2967 attached [pid 2967] chdir("./666" [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 2967 [pid 2967] <... chdir resumed>) = 0 [pid 2967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2967] setpgid(0, 0) = 0 [pid 2967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2967] write(3, "1000", 4) = 4 [pid 2967] close(3) = 0 [pid 2967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2967] memfd_create("syzkaller", 0) = 3 [pid 2967] ftruncate(3, 2097152) = 0 [pid 2967] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2967] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2967] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2967] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2967] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2967] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2967] mkdir("./file0", 0777) = 0 [pid 2967] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2967] ioctl(4, LOOP_CLR_FD) = 0 [pid 2967] close(4) = 0 [pid 2967] close(3) = 0 [pid 2967] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2967] exit_group(0) = ? [pid 2967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2967, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./666", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./666/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./666/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./666/binderfs") = 0 [ 82.198852][ T2967] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./666/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./666/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./666/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./666/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./666/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./666") = 0 mkdir("./667", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2971 ./strace-static-x86_64: Process 2971 attached [pid 2971] chdir("./667") = 0 [pid 2971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2971] setpgid(0, 0) = 0 [pid 2971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2971] write(3, "1000", 4) = 4 [pid 2971] close(3) = 0 [pid 2971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2971] memfd_create("syzkaller", 0) = 3 [pid 2971] ftruncate(3, 2097152) = 0 [pid 2971] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2971] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2971] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2971] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2971] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2971] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2971] mkdir("./file0", 0777) = 0 [pid 2971] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2971] ioctl(4, LOOP_CLR_FD) = 0 [pid 2971] close(4) = 0 [pid 2971] close(3) = 0 [pid 2971] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2971] exit_group(0) = ? [pid 2971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2971, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./667", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./667/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./667/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./667/binderfs") = 0 umount2("./667/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./667/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./667/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./667/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./667/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./667") = 0 mkdir("./668", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2975 ./strace-static-x86_64: Process 2975 attached [pid 2975] chdir("./668") = 0 [pid 2975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2975] setpgid(0, 0) = 0 [pid 2975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2975] write(3, "1000", 4) = 4 [pid 2975] close(3) = 0 [pid 2975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2975] memfd_create("syzkaller", 0) = 3 [pid 2975] ftruncate(3, 2097152) = 0 [pid 2975] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2975] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2975] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2975] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2975] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2975] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2975] mkdir("./file0", 0777) = 0 [ 82.318103][ T2971] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2975] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2975] ioctl(4, LOOP_CLR_FD) = 0 [pid 2975] close(4) = 0 [pid 2975] close(3) = 0 [pid 2975] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2975] exit_group(0) = ? [pid 2975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2975, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./668", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./668/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./668/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./668/binderfs") = 0 umount2("./668/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./668/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./668/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./668/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./668/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./668") = 0 mkdir("./669", 0777) = 0 [ 82.387874][ T2975] EXT4-fs (loop0): re-mounted. Opts: (null) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2979 attached , child_tidptr=0x5555564b55d0) = 2979 [pid 2979] chdir("./669") = 0 [pid 2979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2979] setpgid(0, 0) = 0 [pid 2979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2979] write(3, "1000", 4) = 4 [pid 2979] close(3) = 0 [pid 2979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2979] memfd_create("syzkaller", 0) = 3 [pid 2979] ftruncate(3, 2097152) = 0 [pid 2979] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2979] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2979] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2979] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2979] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2979] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2979] mkdir("./file0", 0777) = 0 [pid 2979] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2979] ioctl(4, LOOP_CLR_FD) = 0 [pid 2979] close(4) = 0 [pid 2979] close(3) = 0 [pid 2979] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2979] exit_group(0) = ? [pid 2979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2979, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./669", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./669/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./669/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./669/binderfs") = 0 [ 82.478797][ T2979] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./669/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./669/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./669/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./669/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./669/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./669") = 0 mkdir("./670", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2983 attached , child_tidptr=0x5555564b55d0) = 2983 [pid 2983] chdir("./670") = 0 [pid 2983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2983] setpgid(0, 0) = 0 [pid 2983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2983] write(3, "1000", 4) = 4 [pid 2983] close(3) = 0 [pid 2983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2983] memfd_create("syzkaller", 0) = 3 [pid 2983] ftruncate(3, 2097152) = 0 [pid 2983] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2983] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2983] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2983] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2983] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2983] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2983] mkdir("./file0", 0777) = 0 [pid 2983] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2983] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2983] ioctl(4, LOOP_CLR_FD) = 0 [pid 2983] close(4) = 0 [pid 2983] close(3) = 0 [pid 2983] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2983] exit_group(0) = ? [pid 2983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2983, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./670", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./670/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./670/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./670/binderfs") = 0 umount2("./670/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./670/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./670/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./670/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./670/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./670") = 0 mkdir("./671", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2987 ./strace-static-x86_64: Process 2987 attached [pid 2987] chdir("./671") = 0 [pid 2987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2987] setpgid(0, 0) = 0 [pid 2987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2987] write(3, "1000", 4) = 4 [pid 2987] close(3) = 0 [pid 2987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2987] memfd_create("syzkaller", 0) = 3 [pid 2987] ftruncate(3, 2097152) = 0 [pid 2987] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2987] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2987] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2987] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2987] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2987] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2987] mkdir("./file0", 0777) = 0 [ 82.587653][ T2983] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 2987] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2987] ioctl(4, LOOP_CLR_FD) = 0 [pid 2987] close(4) = 0 [pid 2987] close(3) = 0 [pid 2987] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2987] exit_group(0) = ? [pid 2987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2987, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./671", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./671/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./671/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./671/binderfs") = 0 [ 82.664141][ T2987] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./671/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./671/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./671/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./671/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./671/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./671") = 0 mkdir("./672", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2991 ./strace-static-x86_64: Process 2991 attached [pid 2991] chdir("./672") = 0 [pid 2991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2991] setpgid(0, 0) = 0 [pid 2991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2991] write(3, "1000", 4) = 4 [pid 2991] close(3) = 0 [pid 2991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2991] memfd_create("syzkaller", 0) = 3 [pid 2991] ftruncate(3, 2097152) = 0 [pid 2991] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2991] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2991] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2991] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2991] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2991] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2991] mkdir("./file0", 0777) = 0 [pid 2991] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2991] ioctl(4, LOOP_CLR_FD) = 0 [pid 2991] close(4) = 0 [pid 2991] close(3) = 0 [pid 2991] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2991] exit_group(0) = ? [pid 2991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2991, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./672", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./672/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./672/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./672/binderfs") = 0 [ 82.768899][ T2991] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./672/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./672/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./672/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./672/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./672/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./672") = 0 mkdir("./673", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 2995 ./strace-static-x86_64: Process 2995 attached [pid 2995] chdir("./673") = 0 [pid 2995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2995] setpgid(0, 0) = 0 [pid 2995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2995] write(3, "1000", 4) = 4 [pid 2995] close(3) = 0 [pid 2995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2995] memfd_create("syzkaller", 0) = 3 [pid 2995] ftruncate(3, 2097152) = 0 [pid 2995] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2995] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2995] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2995] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2995] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2995] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2995] mkdir("./file0", 0777) = 0 [pid 2995] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2995] ioctl(4, LOOP_CLR_FD) = 0 [pid 2995] close(4) = 0 [pid 2995] close(3) = 0 [pid 2995] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2995] exit_group(0) = ? [pid 2995] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2995, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./673", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./673/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./673/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./673/binderfs") = 0 [ 82.874427][ T2995] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./673/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./673/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./673/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./673/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./673/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./673") = 0 mkdir("./674", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2999 attached , child_tidptr=0x5555564b55d0) = 2999 [pid 2999] chdir("./674") = 0 [pid 2999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2999] setpgid(0, 0) = 0 [pid 2999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2999] write(3, "1000", 4) = 4 [pid 2999] close(3) = 0 [pid 2999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2999] memfd_create("syzkaller", 0) = 3 [pid 2999] ftruncate(3, 2097152) = 0 [pid 2999] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 2999] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 2999] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 2999] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 2999] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 2999] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 2999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2999] mkdir("./file0", 0777) = 0 [pid 2999] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2999] ioctl(4, LOOP_CLR_FD) = 0 [pid 2999] close(4) = 0 [pid 2999] close(3) = 0 [pid 2999] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 2999] exit_group(0) = ? [pid 2999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2999, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./674", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./674/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./674/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./674/binderfs") = 0 umount2("./674/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./674/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./674/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./674/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./674/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./674") = 0 mkdir("./675", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3003 ./strace-static-x86_64: Process 3003 attached [pid 3003] chdir("./675") = 0 [pid 3003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3003] setpgid(0, 0) = 0 [pid 3003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3003] write(3, "1000", 4) = 4 [pid 3003] close(3) = 0 [pid 3003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3003] memfd_create("syzkaller", 0) = 3 [pid 3003] ftruncate(3, 2097152) = 0 [pid 3003] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3003] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3003] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3003] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3003] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3003] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3003] mkdir("./file0", 0777) = 0 [ 82.978600][ T2999] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3003] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3003] ioctl(4, LOOP_CLR_FD) = 0 [pid 3003] close(4) = 0 [pid 3003] close(3) = 0 [pid 3003] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3003] exit_group(0) = ? [pid 3003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3003, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./675", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./675/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./675/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./675/binderfs") = 0 [ 83.048110][ T3003] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./675/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./675/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./675/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./675/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./675/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./675") = 0 mkdir("./676", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3007 ./strace-static-x86_64: Process 3007 attached [pid 3007] chdir("./676") = 0 [pid 3007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3007] setpgid(0, 0) = 0 [pid 3007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3007] write(3, "1000", 4) = 4 [pid 3007] close(3) = 0 [pid 3007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3007] memfd_create("syzkaller", 0) = 3 [pid 3007] ftruncate(3, 2097152) = 0 [pid 3007] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3007] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3007] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3007] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3007] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3007] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3007] mkdir("./file0", 0777) = 0 [pid 3007] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3007] ioctl(4, LOOP_CLR_FD) = 0 [pid 3007] close(4) = 0 [pid 3007] close(3) = 0 [pid 3007] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3007] exit_group(0) = ? [pid 3007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3007, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./676", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./676/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./676/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./676/binderfs") = 0 [ 83.158374][ T3007] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./676/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./676/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./676/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./676/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./676/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./676") = 0 mkdir("./677", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3011 ./strace-static-x86_64: Process 3011 attached [pid 3011] chdir("./677") = 0 [pid 3011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3011] setpgid(0, 0) = 0 [pid 3011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3011] write(3, "1000", 4) = 4 [pid 3011] close(3) = 0 [pid 3011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3011] memfd_create("syzkaller", 0) = 3 [pid 3011] ftruncate(3, 2097152) = 0 [pid 3011] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3011] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3011] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3011] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3011] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3011] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3011] mkdir("./file0", 0777) = 0 [pid 3011] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3011] ioctl(4, LOOP_CLR_FD) = 0 [pid 3011] close(4) = 0 [pid 3011] close(3) = 0 [pid 3011] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3011] exit_group(0) = ? [pid 3011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3011, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./677", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./677/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./677/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./677/binderfs") = 0 umount2("./677/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./677/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./677/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./677/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./677/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./677") = 0 mkdir("./678", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3015 attached , child_tidptr=0x5555564b55d0) = 3015 [pid 3015] chdir("./678") = 0 [pid 3015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3015] setpgid(0, 0) = 0 [pid 3015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3015] write(3, "1000", 4) = 4 [pid 3015] close(3) = 0 [pid 3015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3015] memfd_create("syzkaller", 0) = 3 [pid 3015] ftruncate(3, 2097152) = 0 [pid 3015] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3015] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3015] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3015] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3015] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3015] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3015] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3015] ioctl(4, LOOP_CLR_FD) = 0 [pid 3015] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3015] close(4) = 0 [pid 3015] close(3) = 0 [pid 3015] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = -1 ENOENT (No such file or directory) [pid 3015] exit_group(0) = ? [pid 3015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3015, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./678", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./678", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 3 entries */, 32768) = 80 umount2("./678/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./678/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./678/binderfs") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./678") = 0 mkdir("./679", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3016 ./strace-static-x86_64: Process 3016 attached [pid 3016] chdir("./679") = 0 [pid 3016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3016] setpgid(0, 0) = 0 [pid 3016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3016] write(3, "1000", 4) = 4 [pid 3016] close(3) = 0 [pid 3016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3016] memfd_create("syzkaller", 0) = 3 [pid 3016] ftruncate(3, 2097152) = 0 [pid 3016] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3016] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3016] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3016] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3016] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3016] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3016] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3016] ioctl(4, LOOP_CLR_FD) = 0 [pid 3016] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [ 83.276323][ T3011] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3016] close(4) = 0 [pid 3016] close(3) = 0 [pid 3016] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = -1 ENOENT (No such file or directory) [pid 3016] exit_group(0) = ? [pid 3016] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3016, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./679", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 3 entries */, 32768) = 80 umount2("./679/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./679/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./679/binderfs") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./679") = 0 mkdir("./680", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3017 ./strace-static-x86_64: Process 3017 attached [pid 3017] chdir("./680") = 0 [pid 3017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3017] setpgid(0, 0) = 0 [pid 3017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3017] write(3, "1000", 4) = 4 [pid 3017] close(3) = 0 [pid 3017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3017] memfd_create("syzkaller", 0) = 3 [pid 3017] ftruncate(3, 2097152) = 0 [pid 3017] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3017] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3017] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3017] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3017] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3017] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3017] mkdir("./file0", 0777) = 0 [pid 3017] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3017] ioctl(4, LOOP_CLR_FD) = 0 [pid 3017] close(4) = 0 [pid 3017] close(3) = 0 [pid 3017] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3017] exit_group(0) = ? [pid 3017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3017, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./680", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./680/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./680/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./680/binderfs") = 0 umount2("./680/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./680/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./680/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./680/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./680/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./680") = 0 mkdir("./681", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3021 ./strace-static-x86_64: Process 3021 attached [pid 3021] chdir("./681") = 0 [pid 3021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3021] setpgid(0, 0) = 0 [pid 3021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3021] write(3, "1000", 4) = 4 [pid 3021] close(3) = 0 [pid 3021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3021] memfd_create("syzkaller", 0) = 3 [pid 3021] ftruncate(3, 2097152) = 0 [pid 3021] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3021] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3021] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3021] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3021] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3021] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3021] mkdir("./file0", 0777) = 0 [pid 3021] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3021] ioctl(4, LOOP_CLR_FD) = 0 [ 83.383876][ T3017] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3021] close(4) = 0 [pid 3021] close(3) = 0 [pid 3021] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3021] exit_group(0) = ? [pid 3021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3021, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./681", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./681/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./681/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./681/binderfs") = 0 [ 83.448373][ T3021] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./681/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./681/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./681/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./681/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./681/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./681") = 0 mkdir("./682", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3025 attached [pid 3025] chdir("./682") = 0 [pid 3025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3025] setpgid(0, 0) = 0 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 3025 [pid 3025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3025] write(3, "1000", 4) = 4 [pid 3025] close(3) = 0 [pid 3025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3025] memfd_create("syzkaller", 0) = 3 [pid 3025] ftruncate(3, 2097152) = 0 [pid 3025] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3025] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3025] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3025] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3025] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3025] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3025] mkdir("./file0", 0777) = 0 [pid 3025] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3025] ioctl(4, LOOP_CLR_FD) = 0 [pid 3025] close(4) = 0 [pid 3025] close(3) = 0 [pid 3025] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3025] exit_group(0) = ? [pid 3025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3025, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./682", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./682/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./682/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./682/binderfs") = 0 [ 83.537819][ T3025] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./682/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./682/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./682/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./682/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./682/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./682") = 0 mkdir("./683", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3029 ./strace-static-x86_64: Process 3029 attached [pid 3029] chdir("./683") = 0 [pid 3029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3029] setpgid(0, 0) = 0 [pid 3029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3029] write(3, "1000", 4) = 4 [pid 3029] close(3) = 0 [pid 3029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3029] memfd_create("syzkaller", 0) = 3 [pid 3029] ftruncate(3, 2097152) = 0 [pid 3029] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3029] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3029] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3029] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3029] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3029] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3029] mkdir("./file0", 0777) = 0 [pid 3029] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3029] ioctl(4, LOOP_CLR_FD) = 0 [pid 3029] close(4) = 0 [pid 3029] close(3) = 0 [pid 3029] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3029] exit_group(0) = ? [pid 3029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3029, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./683", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./683/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./683/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./683/binderfs") = 0 umount2("./683/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./683/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./683/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./683/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./683/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./683") = 0 mkdir("./684", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3033 ./strace-static-x86_64: Process 3033 attached [pid 3033] chdir("./684") = 0 [pid 3033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3033] setpgid(0, 0) = 0 [pid 3033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3033] write(3, "1000", 4) = 4 [pid 3033] close(3) = 0 [pid 3033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3033] memfd_create("syzkaller", 0) = 3 [pid 3033] ftruncate(3, 2097152) = 0 [pid 3033] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3033] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3033] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3033] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3033] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3033] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3033] mkdir("./file0", 0777) = 0 [pid 3033] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3033] ioctl(4, LOOP_CLR_FD) = 0 [pid 3033] close(4) = 0 [pid 3033] close(3) = 0 [ 83.637743][ T3029] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3033] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3033] exit_group(0) = ? [pid 3033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3033, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./684", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./684/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./684/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./684/binderfs") = 0 [ 83.698357][ T3033] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./684/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./684/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./684/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./684/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./684/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./684") = 0 mkdir("./685", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3037 ./strace-static-x86_64: Process 3037 attached [pid 3037] chdir("./685") = 0 [pid 3037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3037] setpgid(0, 0) = 0 [pid 3037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3037] write(3, "1000", 4) = 4 [pid 3037] close(3) = 0 [pid 3037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3037] memfd_create("syzkaller", 0) = 3 [pid 3037] ftruncate(3, 2097152) = 0 [pid 3037] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3037] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3037] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3037] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3037] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3037] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3037] mkdir("./file0", 0777) = 0 [pid 3037] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3037] ioctl(4, LOOP_CLR_FD) = 0 [pid 3037] close(4) = 0 [pid 3037] close(3) = 0 [pid 3037] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3037] exit_group(0) = ? [pid 3037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3037, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./685", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./685/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./685/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./685/binderfs") = 0 umount2("./685/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./685/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./685/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./685/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./685/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./685") = 0 mkdir("./686", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3041 ./strace-static-x86_64: Process 3041 attached [pid 3041] chdir("./686") = 0 [pid 3041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3041] setpgid(0, 0) = 0 [pid 3041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3041] write(3, "1000", 4) = 4 [pid 3041] close(3) = 0 [ 83.797977][ T3037] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3041] memfd_create("syzkaller", 0) = 3 [pid 3041] ftruncate(3, 2097152) = 0 [pid 3041] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3041] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3041] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3041] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3041] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3041] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3041] mkdir("./file0", 0777) = 0 [pid 3041] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3041] ioctl(4, LOOP_CLR_FD) = 0 [pid 3041] close(4) = 0 [pid 3041] close(3) = 0 [pid 3041] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3041] exit_group(0) = ? [pid 3041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3041, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./686", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./686/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./686/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./686/binderfs") = 0 [ 83.878121][ T3041] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./686/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./686/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./686/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./686/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./686/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./686") = 0 mkdir("./687", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3045 ./strace-static-x86_64: Process 3045 attached [pid 3045] chdir("./687") = 0 [pid 3045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3045] setpgid(0, 0) = 0 [pid 3045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3045] write(3, "1000", 4) = 4 [pid 3045] close(3) = 0 [pid 3045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3045] memfd_create("syzkaller", 0) = 3 [pid 3045] ftruncate(3, 2097152) = 0 [pid 3045] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3045] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3045] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3045] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3045] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3045] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3045] mkdir("./file0", 0777) = 0 [pid 3045] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3045] ioctl(4, LOOP_CLR_FD) = 0 [pid 3045] close(4) = 0 [pid 3045] close(3) = 0 [pid 3045] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3045] exit_group(0) = ? [pid 3045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3045, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./687", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./687/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./687/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./687/binderfs") = 0 umount2("./687/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./687/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./687/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./687/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./687/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./687") = 0 mkdir("./688", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3049 ./strace-static-x86_64: Process 3049 attached [pid 3049] chdir("./688") = 0 [pid 3049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3049] setpgid(0, 0) = 0 [pid 3049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3049] write(3, "1000", 4) = 4 [pid 3049] close(3) = 0 [pid 3049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3049] memfd_create("syzkaller", 0) = 3 [pid 3049] ftruncate(3, 2097152) = 0 [pid 3049] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3049] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3049] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3049] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3049] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3049] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3049] mkdir("./file0", 0777) = 0 [ 83.987590][ T3045] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3049] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3049] ioctl(4, LOOP_CLR_FD) = 0 [pid 3049] close(4) = 0 [pid 3049] close(3) = 0 [pid 3049] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3049] exit_group(0) = ? [pid 3049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3049, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./688", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./688/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./688/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./688/binderfs") = 0 umount2("./688/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./688/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./688/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./688/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./688/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./688") = 0 mkdir("./689", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3053 ./strace-static-x86_64: Process 3053 attached [pid 3053] chdir("./689") = 0 [pid 3053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3053] setpgid(0, 0) = 0 [pid 3053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3053] write(3, "1000", 4) = 4 [pid 3053] close(3) = 0 [pid 3053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3053] memfd_create("syzkaller", 0) = 3 [pid 3053] ftruncate(3, 2097152) = 0 [pid 3053] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3053] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3053] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3053] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3053] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3053] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3053] mkdir("./file0", 0777) = 0 [ 84.059151][ T3049] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3053] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3053] ioctl(4, LOOP_CLR_FD) = 0 [pid 3053] close(4) = 0 [pid 3053] close(3) = 0 [pid 3053] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3053] exit_group(0) = ? [pid 3053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3053, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./689", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./689/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./689/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./689/binderfs") = 0 umount2("./689/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./689/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./689/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./689/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./689/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./689") = 0 mkdir("./690", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3057 ./strace-static-x86_64: Process 3057 attached [pid 3057] chdir("./690") = 0 [pid 3057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3057] setpgid(0, 0) = 0 [pid 3057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3057] write(3, "1000", 4) = 4 [pid 3057] close(3) = 0 [pid 3057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3057] memfd_create("syzkaller", 0) = 3 [pid 3057] ftruncate(3, 2097152) = 0 [pid 3057] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3057] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3057] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3057] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3057] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3057] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3057] mkdir("./file0", 0777) = 0 [pid 3057] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3057] ioctl(4, LOOP_CLR_FD) = 0 [pid 3057] close(4) = 0 [pid 3057] close(3) = 0 [ 84.126878][ T3053] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3057] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3057] exit_group(0) = ? [pid 3057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3057, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./690", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./690/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./690/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./690/binderfs") = 0 [ 84.187120][ T3057] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./690/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./690/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./690/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./690/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./690/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./690") = 0 mkdir("./691", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3061 ./strace-static-x86_64: Process 3061 attached [pid 3061] chdir("./691") = 0 [pid 3061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3061] setpgid(0, 0) = 0 [pid 3061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3061] write(3, "1000", 4) = 4 [pid 3061] close(3) = 0 [pid 3061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3061] memfd_create("syzkaller", 0) = 3 [pid 3061] ftruncate(3, 2097152) = 0 [pid 3061] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3061] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3061] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3061] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3061] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3061] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3061] mkdir("./file0", 0777) = 0 [pid 3061] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3061] ioctl(4, LOOP_CLR_FD) = 0 [pid 3061] close(4) = 0 [pid 3061] close(3) = 0 [pid 3061] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3061] exit_group(0) = ? [pid 3061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3061, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./691", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./691/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./691/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./691/binderfs") = 0 umount2("./691/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./691/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./691/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./691/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./691/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./691") = 0 mkdir("./692", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3065 ./strace-static-x86_64: Process 3065 attached [pid 3065] chdir("./692") = 0 [pid 3065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3065] setpgid(0, 0) = 0 [pid 3065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3065] write(3, "1000", 4) = 4 [pid 3065] close(3) = 0 [pid 3065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3065] memfd_create("syzkaller", 0) = 3 [pid 3065] ftruncate(3, 2097152) = 0 [pid 3065] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3065] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3065] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3065] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3065] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3065] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3065] mkdir("./file0", 0777) = 0 [ 84.317551][ T3061] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3065] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3065] ioctl(4, LOOP_CLR_FD) = 0 [pid 3065] close(4) = 0 [pid 3065] close(3) = 0 [pid 3065] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3065] exit_group(0) = ? [pid 3065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3065, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./692", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./692/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./692/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./692/binderfs") = 0 umount2("./692/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./692/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./692/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./692/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./692/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./692") = 0 mkdir("./693", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3069 [ 84.385209][ T3065] EXT4-fs (loop0): re-mounted. Opts: (null) ./strace-static-x86_64: Process 3069 attached [pid 3069] chdir("./693") = 0 [pid 3069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3069] setpgid(0, 0) = 0 [pid 3069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3069] write(3, "1000", 4) = 4 [pid 3069] close(3) = 0 [pid 3069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3069] memfd_create("syzkaller", 0) = 3 [pid 3069] ftruncate(3, 2097152) = 0 [pid 3069] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3069] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3069] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3069] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3069] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3069] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3069] mkdir("./file0", 0777) = 0 [pid 3069] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3069] ioctl(4, LOOP_CLR_FD) = 0 [pid 3069] close(4) = 0 [pid 3069] close(3) = 0 [pid 3069] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3069] exit_group(0) = ? [pid 3069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3069, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./693", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./693/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./693/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./693/binderfs") = 0 umount2("./693/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./693/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./693/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./693/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./693/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./693") = 0 mkdir("./694", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 84.467109][ T3069] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3073 ./strace-static-x86_64: Process 3073 attached [pid 3073] chdir("./694") = 0 [pid 3073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3073] setpgid(0, 0) = 0 [pid 3073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3073] write(3, "1000", 4) = 4 [pid 3073] close(3) = 0 [pid 3073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3073] memfd_create("syzkaller", 0) = 3 [pid 3073] ftruncate(3, 2097152) = 0 [pid 3073] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3073] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3073] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3073] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3073] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3073] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3073] mkdir("./file0", 0777) = 0 [pid 3073] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3073] ioctl(4, LOOP_CLR_FD) = 0 [pid 3073] close(4) = 0 [pid 3073] close(3) = 0 [pid 3073] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3073] exit_group(0) = ? [pid 3073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3073, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./694", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./694/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./694/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./694/binderfs") = 0 umount2("./694/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./694/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./694/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./694/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./694/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./694") = 0 mkdir("./695", 0777) = 0 [ 84.549118][ T3073] EXT4-fs (loop0): re-mounted. Opts: (null) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3077 ./strace-static-x86_64: Process 3077 attached [pid 3077] chdir("./695") = 0 [pid 3077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3077] setpgid(0, 0) = 0 [pid 3077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3077] write(3, "1000", 4) = 4 [pid 3077] close(3) = 0 [pid 3077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3077] memfd_create("syzkaller", 0) = 3 [pid 3077] ftruncate(3, 2097152) = 0 [pid 3077] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3077] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3077] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3077] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3077] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3077] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3077] mkdir("./file0", 0777) = 0 [pid 3077] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3077] ioctl(4, LOOP_CLR_FD) = 0 [pid 3077] close(4) = 0 [pid 3077] close(3) = 0 [pid 3077] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3077] exit_group(0) = ? [pid 3077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3077, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./695", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./695/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./695/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./695/binderfs") = 0 umount2("./695/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./695/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./695/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./695/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./695/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 84.627414][ T3077] EXT4-fs (loop0): re-mounted. Opts: (null) rmdir("./695") = 0 mkdir("./696", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3081 ./strace-static-x86_64: Process 3081 attached [pid 3081] chdir("./696") = 0 [pid 3081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3081] setpgid(0, 0) = 0 [pid 3081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3081] write(3, "1000", 4) = 4 [pid 3081] close(3) = 0 [pid 3081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3081] memfd_create("syzkaller", 0) = 3 [pid 3081] ftruncate(3, 2097152) = 0 [pid 3081] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3081] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3081] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3081] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3081] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3081] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3081] mkdir("./file0", 0777) = 0 [pid 3081] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3081] ioctl(4, LOOP_CLR_FD) = 0 [pid 3081] close(4) = 0 [pid 3081] close(3) = 0 [pid 3081] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3081] exit_group(0) = ? [pid 3081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3081, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./696", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./696/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./696/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./696/binderfs") = 0 [ 84.716107][ T3081] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./696/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./696/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./696/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./696/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./696/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./696") = 0 mkdir("./697", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3085 attached , child_tidptr=0x5555564b55d0) = 3085 [pid 3085] chdir("./697") = 0 [pid 3085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3085] setpgid(0, 0) = 0 [pid 3085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3085] write(3, "1000", 4) = 4 [pid 3085] close(3) = 0 [pid 3085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3085] memfd_create("syzkaller", 0) = 3 [pid 3085] ftruncate(3, 2097152) = 0 [pid 3085] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3085] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3085] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3085] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3085] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3085] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3085] mkdir("./file0", 0777) = 0 [pid 3085] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3085] ioctl(4, LOOP_CLR_FD) = 0 [pid 3085] close(4) = 0 [pid 3085] close(3) = 0 [pid 3085] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3085] exit_group(0) = ? [pid 3085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3085, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./697", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./697/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./697/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./697/binderfs") = 0 umount2("./697/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./697/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./697/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./697/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./697/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./697") = 0 mkdir("./698", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3089 ./strace-static-x86_64: Process 3089 attached [pid 3089] chdir("./698") = 0 [pid 3089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3089] setpgid(0, 0) = 0 [pid 3089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3089] write(3, "1000", 4) = 4 [pid 3089] close(3) = 0 [pid 3089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3089] memfd_create("syzkaller", 0) = 3 [pid 3089] ftruncate(3, 2097152) = 0 [pid 3089] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3089] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3089] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3089] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3089] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3089] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [ 84.826469][ T3085] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3089] mkdir("./file0", 0777) = 0 [pid 3089] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3089] ioctl(4, LOOP_CLR_FD) = 0 [pid 3089] close(4) = 0 [pid 3089] close(3) = 0 [pid 3089] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3089] exit_group(0) = ? [pid 3089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3089, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./698", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./698", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./698/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./698/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./698/binderfs") = 0 umount2("./698/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./698/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./698/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./698/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./698/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./698/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./698") = 0 mkdir("./699", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3094 ./strace-static-x86_64: Process 3094 attached [pid 3094] chdir("./699") = 0 [pid 3094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3094] setpgid(0, 0) = 0 [pid 3094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3094] write(3, "1000", 4) = 4 [pid 3094] close(3) = 0 [pid 3094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3094] memfd_create("syzkaller", 0) = 3 [pid 3094] ftruncate(3, 2097152) = 0 [pid 3094] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3094] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3094] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3094] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3094] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3094] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3094] mkdir("./file0", 0777) = 0 [ 84.909264][ T3089] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3094] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3094] ioctl(4, LOOP_CLR_FD) = 0 [pid 3094] close(4) = 0 [pid 3094] close(3) = 0 [pid 3094] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3094] exit_group(0) = ? [pid 3094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3094, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./699", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./699", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./699/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./699/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./699/binderfs") = 0 umount2("./699/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./699/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./699/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./699/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./699/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./699/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 84.987024][ T3094] EXT4-fs (loop0): re-mounted. Opts: (null) rmdir("./699") = 0 mkdir("./700", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3098 ./strace-static-x86_64: Process 3098 attached [pid 3098] chdir("./700") = 0 [pid 3098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3098] setpgid(0, 0) = 0 [pid 3098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3098] write(3, "1000", 4) = 4 [pid 3098] close(3) = 0 [pid 3098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3098] memfd_create("syzkaller", 0) = 3 [pid 3098] ftruncate(3, 2097152) = 0 [pid 3098] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3098] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3098] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3098] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3098] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3098] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3098] mkdir("./file0", 0777) = 0 [pid 3098] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3098] ioctl(4, LOOP_CLR_FD) = 0 [pid 3098] close(4) = 0 [pid 3098] close(3) = 0 [pid 3098] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3098] exit_group(0) = ? [pid 3098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3098, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./700", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./700", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./700/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./700/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./700/binderfs") = 0 umount2("./700/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./700/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./700/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./700/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./700/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./700/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./700") = 0 mkdir("./701", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3102 ./strace-static-x86_64: Process 3102 attached [pid 3102] chdir("./701") = 0 [pid 3102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3102] setpgid(0, 0) = 0 [pid 3102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3102] write(3, "1000", 4) = 4 [pid 3102] close(3) = 0 [pid 3102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3102] memfd_create("syzkaller", 0) = 3 [pid 3102] ftruncate(3, 2097152) = 0 [pid 3102] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3102] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3102] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3102] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3102] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3102] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3102] mkdir("./file0", 0777) = 0 [ 85.078443][ T3098] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3102] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3102] ioctl(4, LOOP_CLR_FD) = 0 [pid 3102] close(4) = 0 [pid 3102] close(3) = 0 [pid 3102] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3102] exit_group(0) = ? [pid 3102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3102, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./701", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./701", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./701/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./701/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./701/binderfs") = 0 umount2("./701/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./701/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./701/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./701/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./701/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./701/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./701") = 0 mkdir("./702", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 85.149102][ T3102] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3106 attached [pid 3106] chdir("./702") = 0 [pid 3106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3106] setpgid(0, 0) = 0 [pid 3106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3106] write(3, "1000", 4) = 4 [pid 3106] close(3) = 0 [pid 3106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3106] memfd_create("syzkaller", 0) = 3 [pid 3106] ftruncate(3, 2097152) = 0 [pid 3106] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3106] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3106] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3106] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3106] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3106] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3106] ioctl(4, LOOP_SET_FD, 3 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 3106 [pid 3106] <... ioctl resumed>) = 0 [pid 3106] mkdir("./file0", 0777) = 0 [pid 3106] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3106] ioctl(4, LOOP_CLR_FD) = 0 [pid 3106] close(4) = 0 [pid 3106] close(3) = 0 [pid 3106] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3106] exit_group(0) = ? [pid 3106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3106, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./702", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./702", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./702/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./702/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./702/binderfs") = 0 umount2("./702/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./702/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./702/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./702/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./702/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./702/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./702") = 0 mkdir("./703", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3110 attached , child_tidptr=0x5555564b55d0) = 3110 [ 85.226890][ T3106] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3110] chdir("./703") = 0 [pid 3110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3110] setpgid(0, 0) = 0 [pid 3110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3110] write(3, "1000", 4) = 4 [pid 3110] close(3) = 0 [pid 3110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3110] memfd_create("syzkaller", 0) = 3 [pid 3110] ftruncate(3, 2097152) = 0 [pid 3110] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3110] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3110] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3110] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3110] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3110] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3110] mkdir("./file0", 0777) = 0 [pid 3110] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3110] ioctl(4, LOOP_CLR_FD) = 0 [pid 3110] close(4) = 0 [pid 3110] close(3) = 0 [pid 3110] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3110] exit_group(0) = ? [pid 3110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3110, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./703", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./703", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./703/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./703/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./703/binderfs") = 0 umount2("./703/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./703/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./703/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./703/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./703/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./703/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./703") = 0 mkdir("./704", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3114 attached , child_tidptr=0x5555564b55d0) = 3114 [pid 3114] chdir("./704") = 0 [pid 3114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3114] setpgid(0, 0) = 0 [pid 3114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3114] write(3, "1000", 4) = 4 [pid 3114] close(3) = 0 [pid 3114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3114] memfd_create("syzkaller", 0) = 3 [pid 3114] ftruncate(3, 2097152) = 0 [pid 3114] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3114] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3114] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3114] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3114] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3114] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3114] mkdir("./file0", 0777) = 0 [ 85.310018][ T3110] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3114] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3114] ioctl(4, LOOP_CLR_FD) = 0 [pid 3114] close(4) = 0 [pid 3114] close(3) = 0 [pid 3114] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3114] exit_group(0) = ? [pid 3114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3114, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./704", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./704", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./704/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./704/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./704/binderfs") = 0 [ 85.374395][ T3114] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./704/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./704/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./704/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./704/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./704/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./704/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./704") = 0 mkdir("./705", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3118 ./strace-static-x86_64: Process 3118 attached [pid 3118] chdir("./705") = 0 [pid 3118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3118] setpgid(0, 0) = 0 [pid 3118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3118] write(3, "1000", 4) = 4 [pid 3118] close(3) = 0 [pid 3118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3118] memfd_create("syzkaller", 0) = 3 [pid 3118] ftruncate(3, 2097152) = 0 [pid 3118] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3118] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3118] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3118] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3118] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3118] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3118] mkdir("./file0", 0777) = 0 [pid 3118] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3118] ioctl(4, LOOP_CLR_FD) = 0 [pid 3118] close(4) = 0 [pid 3118] close(3) = 0 [pid 3118] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3118] exit_group(0) = ? [pid 3118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3118, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./705", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./705/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./705/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./705/binderfs") = 0 umount2("./705/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./705/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./705/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./705/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./705/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./705/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./705") = 0 mkdir("./706", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3122 ./strace-static-x86_64: Process 3122 attached [ 85.546941][ T3118] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3122] chdir("./706") = 0 [pid 3122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3122] setpgid(0, 0) = 0 [pid 3122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3122] write(3, "1000", 4) = 4 [pid 3122] close(3) = 0 [pid 3122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3122] memfd_create("syzkaller", 0) = 3 [pid 3122] ftruncate(3, 2097152) = 0 [pid 3122] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3122] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3122] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3122] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3122] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3122] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3122] mkdir("./file0", 0777) = 0 [pid 3122] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3122] ioctl(4, LOOP_CLR_FD) = 0 [pid 3122] close(4) = 0 [pid 3122] close(3) = 0 [pid 3122] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3122] exit_group(0) = ? [pid 3122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3122, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./706", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./706", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./706/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./706/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./706/binderfs") = 0 umount2("./706/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./706/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./706/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./706/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./706/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./706/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./706") = 0 mkdir("./707", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 85.628858][ T3122] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3126 ./strace-static-x86_64: Process 3126 attached [pid 3126] chdir("./707") = 0 [pid 3126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3126] setpgid(0, 0) = 0 [pid 3126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3126] write(3, "1000", 4) = 4 [pid 3126] close(3) = 0 [pid 3126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3126] memfd_create("syzkaller", 0) = 3 [pid 3126] ftruncate(3, 2097152) = 0 [pid 3126] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3126] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3126] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3126] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3126] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3126] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3126] mkdir("./file0", 0777) = 0 [pid 3126] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3126] ioctl(4, LOOP_CLR_FD) = 0 [pid 3126] close(4) = 0 [pid 3126] close(3) = 0 [pid 3126] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3126] exit_group(0) = ? [pid 3126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3126, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./707", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./707", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./707/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./707/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./707/binderfs") = 0 umount2("./707/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./707/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./707/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./707/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./707/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./707/file0") = 0 [ 85.707751][ T3126] EXT4-fs (loop0): re-mounted. Opts: (null) getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./707") = 0 mkdir("./708", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3130 ./strace-static-x86_64: Process 3130 attached [pid 3130] chdir("./708") = 0 [pid 3130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3130] setpgid(0, 0) = 0 [pid 3130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3130] write(3, "1000", 4) = 4 [pid 3130] close(3) = 0 [pid 3130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3130] memfd_create("syzkaller", 0) = 3 [pid 3130] ftruncate(3, 2097152) = 0 [pid 3130] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3130] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3130] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3130] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3130] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3130] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3130] mkdir("./file0", 0777) = 0 [pid 3130] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3130] ioctl(4, LOOP_CLR_FD) = 0 [pid 3130] close(4) = 0 [pid 3130] close(3) = 0 [pid 3130] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3130] exit_group(0) = ? [pid 3130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3130, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./708", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./708", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./708/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./708/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./708/binderfs") = 0 umount2("./708/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./708/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./708/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./708/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./708/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./708/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./708") = 0 mkdir("./709", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3134 ./strace-static-x86_64: Process 3134 attached [pid 3134] chdir("./709") = 0 [pid 3134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3134] setpgid(0, 0) = 0 [pid 3134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3134] write(3, "1000", 4) = 4 [pid 3134] close(3) = 0 [pid 3134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3134] memfd_create("syzkaller", 0) = 3 [pid 3134] ftruncate(3, 2097152) = 0 [pid 3134] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3134] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3134] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3134] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3134] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3134] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3134] mkdir("./file0", 0777) = 0 [ 85.797641][ T3130] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3134] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3134] ioctl(4, LOOP_CLR_FD) = 0 [pid 3134] close(4) = 0 [pid 3134] close(3) = 0 [pid 3134] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3134] exit_group(0) = ? [pid 3134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3134, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./709", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./709", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./709/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./709/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./709/binderfs") = 0 umount2("./709/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./709/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./709/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./709/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./709/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./709/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./709") = 0 mkdir("./710", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 85.868076][ T3134] EXT4-fs (loop0): re-mounted. Opts: (null) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3138 attached , child_tidptr=0x5555564b55d0) = 3138 [pid 3138] chdir("./710") = 0 [pid 3138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3138] setpgid(0, 0) = 0 [pid 3138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3138] write(3, "1000", 4) = 4 [pid 3138] close(3) = 0 [pid 3138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3138] memfd_create("syzkaller", 0) = 3 [pid 3138] ftruncate(3, 2097152) = 0 [pid 3138] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3138] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3138] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3138] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3138] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3138] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3138] mkdir("./file0", 0777) = 0 [pid 3138] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3138] ioctl(4, LOOP_CLR_FD) = 0 [pid 3138] close(4) = 0 [pid 3138] close(3) = 0 [pid 3138] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3138] exit_group(0) = ? [pid 3138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3138, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./710", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./710/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./710/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./710/binderfs") = 0 [ 85.956731][ T3138] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./710/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./710/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./710/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./710/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./710/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./710/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./710") = 0 mkdir("./711", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3142 ./strace-static-x86_64: Process 3142 attached [pid 3142] chdir("./711") = 0 [pid 3142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3142] setpgid(0, 0) = 0 [pid 3142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3142] write(3, "1000", 4) = 4 [pid 3142] close(3) = 0 [pid 3142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3142] memfd_create("syzkaller", 0) = 3 [pid 3142] ftruncate(3, 2097152) = 0 [pid 3142] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3142] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3142] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3142] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3142] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3142] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3142] mkdir("./file0", 0777) = 0 [pid 3142] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3142] ioctl(4, LOOP_CLR_FD) = 0 [pid 3142] close(4) = 0 [pid 3142] close(3) = 0 [pid 3142] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3142] exit_group(0) = ? [pid 3142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3142, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./711", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./711", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./711/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./711/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./711/binderfs") = 0 umount2("./711/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./711/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./711/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./711/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./711/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./711/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./711") = 0 mkdir("./712", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3146 ./strace-static-x86_64: Process 3146 attached [pid 3146] chdir("./712") = 0 [ 86.068281][ T3142] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3146] setpgid(0, 0) = 0 [pid 3146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3146] write(3, "1000", 4) = 4 [pid 3146] close(3) = 0 [pid 3146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3146] memfd_create("syzkaller", 0) = 3 [pid 3146] ftruncate(3, 2097152) = 0 [pid 3146] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3146] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3146] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3146] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3146] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3146] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3146] mkdir("./file0", 0777) = 0 [pid 3146] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3146] ioctl(4, LOOP_CLR_FD) = 0 [pid 3146] close(4) = 0 [pid 3146] close(3) = 0 [pid 3146] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3146] exit_group(0) = ? [pid 3146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3146, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./712", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./712", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./712/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./712/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./712/binderfs") = 0 umount2("./712/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./712/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./712/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./712/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./712/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./712/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./712") = 0 mkdir("./713", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3150 ./strace-static-x86_64: Process 3150 attached [pid 3150] chdir("./713") = 0 [pid 3150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3150] setpgid(0, 0) = 0 [pid 3150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3150] write(3, "1000", 4) = 4 [pid 3150] close(3) = 0 [pid 3150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3150] memfd_create("syzkaller", 0) = 3 [pid 3150] ftruncate(3, 2097152) = 0 [pid 3150] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3150] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3150] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3150] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3150] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3150] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3150] mkdir("./file0", 0777) = 0 [pid 3150] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3150] ioctl(4, LOOP_CLR_FD) = 0 [pid 3150] close(4) = 0 [pid 3150] close(3) = 0 [ 86.148535][ T3146] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3150] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3150] exit_group(0) = ? [pid 3150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3150, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./713", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./713", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./713/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./713/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./713/binderfs") = 0 [ 86.205867][ T3150] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./713/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./713/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./713/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./713/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./713/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./713/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./713") = 0 mkdir("./714", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3154 ./strace-static-x86_64: Process 3154 attached [pid 3154] chdir("./714") = 0 [pid 3154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3154] setpgid(0, 0) = 0 [pid 3154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3154] write(3, "1000", 4) = 4 [pid 3154] close(3) = 0 [pid 3154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3154] memfd_create("syzkaller", 0) = 3 [pid 3154] ftruncate(3, 2097152) = 0 [pid 3154] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3154] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3154] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3154] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3154] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3154] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3154] mkdir("./file0", 0777) = 0 [pid 3154] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3154] ioctl(4, LOOP_CLR_FD) = 0 [pid 3154] close(4) = 0 [pid 3154] close(3) = 0 [pid 3154] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3154] exit_group(0) = ? [pid 3154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3154, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./714", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./714", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./714/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./714/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./714/binderfs") = 0 [ 86.357928][ T3154] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./714/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./714/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./714/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./714/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./714/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./714/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./714") = 0 mkdir("./715", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3158 ./strace-static-x86_64: Process 3158 attached [pid 3158] chdir("./715") = 0 [pid 3158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3158] setpgid(0, 0) = 0 [pid 3158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3158] write(3, "1000", 4) = 4 [pid 3158] close(3) = 0 [pid 3158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3158] memfd_create("syzkaller", 0) = 3 [pid 3158] ftruncate(3, 2097152) = 0 [pid 3158] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3158] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3158] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3158] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3158] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3158] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3158] mkdir("./file0", 0777) = 0 [pid 3158] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3158] ioctl(4, LOOP_CLR_FD) = 0 [pid 3158] close(4) = 0 [pid 3158] close(3) = 0 [pid 3158] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3158] exit_group(0) = ? [pid 3158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3158, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./715", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./715", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./715/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./715/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./715/binderfs") = 0 [ 86.476769][ T3158] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./715/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./715/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./715/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./715/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./715/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./715/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./715") = 0 mkdir("./716", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3162 ./strace-static-x86_64: Process 3162 attached [pid 3162] chdir("./716") = 0 [pid 3162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3162] setpgid(0, 0) = 0 [pid 3162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3162] write(3, "1000", 4) = 4 [pid 3162] close(3) = 0 [pid 3162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3162] memfd_create("syzkaller", 0) = 3 [pid 3162] ftruncate(3, 2097152) = 0 [pid 3162] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3162] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3162] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3162] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3162] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3162] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3162] mkdir("./file0", 0777) = 0 [pid 3162] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3162] ioctl(4, LOOP_CLR_FD) = 0 [pid 3162] close(4) = 0 [pid 3162] close(3) = 0 [pid 3162] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3162] exit_group(0) = ? [pid 3162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3162, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./716", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./716", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./716/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./716/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./716/binderfs") = 0 umount2("./716/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./716/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./716/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./716/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./716/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./716/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./716") = 0 mkdir("./717", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3166 ./strace-static-x86_64: Process 3166 attached [pid 3166] chdir("./717") = 0 [pid 3166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3166] setpgid(0, 0) = 0 [pid 3166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3166] write(3, "1000", 4) = 4 [pid 3166] close(3) = 0 [pid 3166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3166] memfd_create("syzkaller", 0) = 3 [pid 3166] ftruncate(3, 2097152) = 0 [pid 3166] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3166] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3166] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3166] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3166] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3166] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3166] mkdir("./file0", 0777) = 0 [pid 3166] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3166] ioctl(4, LOOP_CLR_FD) = 0 [pid 3166] close(4) = 0 [pid 3166] close(3) = 0 [ 86.588454][ T3162] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3166] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3166] exit_group(0) = ? [pid 3166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3166, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./717", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./717", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./717/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./717/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./717/binderfs") = 0 umount2("./717/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./717/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./717/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./717/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./717/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./717/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./717") = 0 mkdir("./718", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3170 ./strace-static-x86_64: Process 3170 attached [pid 3170] chdir("./718") = 0 [pid 3170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3170] setpgid(0, 0) = 0 [pid 3170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3170] write(3, "1000", 4) = 4 [pid 3170] close(3) = 0 [pid 3170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3170] memfd_create("syzkaller", 0) = 3 [pid 3170] ftruncate(3, 2097152) = 0 [pid 3170] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3170] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3170] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3170] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3170] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3170] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3170] mkdir("./file0", 0777) = 0 [pid 3170] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3170] ioctl(4, LOOP_CLR_FD) = 0 [pid 3170] close(4) = 0 [pid 3170] close(3) = 0 [ 86.646765][ T3166] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3170] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3170] exit_group(0) = ? [pid 3170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3170, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./718", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./718", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./718/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./718/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./718/binderfs") = 0 umount2("./718/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./718/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./718/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./718/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./718/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./718/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./718") = 0 mkdir("./719", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3174 [ 86.707744][ T3170] EXT4-fs (loop0): re-mounted. Opts: (null) ./strace-static-x86_64: Process 3174 attached [pid 3174] chdir("./719") = 0 [pid 3174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3174] setpgid(0, 0) = 0 [pid 3174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3174] write(3, "1000", 4) = 4 [pid 3174] close(3) = 0 [pid 3174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3174] memfd_create("syzkaller", 0) = 3 [pid 3174] ftruncate(3, 2097152) = 0 [pid 3174] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3174] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3174] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3174] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3174] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3174] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3174] mkdir("./file0", 0777) = 0 [pid 3174] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3174] ioctl(4, LOOP_CLR_FD) = 0 [pid 3174] close(4) = 0 [pid 3174] close(3) = 0 [pid 3174] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3174] exit_group(0) = ? [pid 3174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3174, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./719", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./719", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./719/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./719/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./719/binderfs") = 0 umount2("./719/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./719/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./719/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./719/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./719/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./719/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./719") = 0 mkdir("./720", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3178 [ 86.788457][ T3174] EXT4-fs (loop0): re-mounted. Opts: (null) ./strace-static-x86_64: Process 3178 attached [pid 3178] chdir("./720") = 0 [pid 3178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3178] setpgid(0, 0) = 0 [pid 3178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3178] write(3, "1000", 4) = 4 [pid 3178] close(3) = 0 [pid 3178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3178] memfd_create("syzkaller", 0) = 3 [pid 3178] ftruncate(3, 2097152) = 0 [pid 3178] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3178] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3178] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3178] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3178] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3178] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3178] mkdir("./file0", 0777) = 0 [pid 3178] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3178] ioctl(4, LOOP_CLR_FD) = 0 [pid 3178] close(4) = 0 [pid 3178] close(3) = 0 [pid 3178] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3178] exit_group(0) = ? [pid 3178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3178, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./720", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./720", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./720/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./720/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./720/binderfs") = 0 umount2("./720/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./720/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./720/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./720/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./720/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./720/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./720") = 0 mkdir("./721", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3182 attached , child_tidptr=0x5555564b55d0) = 3182 [pid 3182] chdir("./721") = 0 [pid 3182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3182] setpgid(0, 0) = 0 [pid 3182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3182] write(3, "1000", 4) = 4 [pid 3182] close(3) = 0 [pid 3182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3182] memfd_create("syzkaller", 0) = 3 [pid 3182] ftruncate(3, 2097152) = 0 [pid 3182] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3182] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3182] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3182] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3182] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3182] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3182] mkdir("./file0", 0777) = 0 [pid 3182] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3182] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3182] ioctl(4, LOOP_CLR_FD) = 0 [pid 3182] close(4) = 0 [pid 3182] close(3) = 0 [ 86.876461][ T3178] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3182] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3182] exit_group(0) = ? [pid 3182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3182, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./721", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./721", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./721/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./721/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./721/binderfs") = 0 umount2("./721/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./721/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./721/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./721/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./721/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./721/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./721") = 0 mkdir("./722", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3186 ./strace-static-x86_64: Process 3186 attached [pid 3186] chdir("./722") = 0 [pid 3186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3186] setpgid(0, 0) = 0 [pid 3186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3186] write(3, "1000", 4) = 4 [pid 3186] close(3) = 0 [pid 3186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3186] memfd_create("syzkaller", 0) = 3 [pid 3186] ftruncate(3, 2097152) = 0 [pid 3186] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3186] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3186] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3186] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3186] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3186] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 86.937342][ T3182] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3186] mkdir("./file0", 0777) = 0 [pid 3186] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3186] ioctl(4, LOOP_CLR_FD) = 0 [pid 3186] close(4) = 0 [pid 3186] close(3) = 0 [pid 3186] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3186] exit_group(0) = ? [pid 3186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3186, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./722", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./722", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./722/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./722/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./722/binderfs") = 0 umount2("./722/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./722/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./722/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./722/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./722/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./722/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./722") = 0 mkdir("./723", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3190 ./strace-static-x86_64: Process 3190 attached [pid 3190] chdir("./723") = 0 [pid 3190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3190] setpgid(0, 0) = 0 [pid 3190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3190] write(3, "1000", 4) = 4 [pid 3190] close(3) = 0 [pid 3190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3190] memfd_create("syzkaller", 0) = 3 [pid 3190] ftruncate(3, 2097152) = 0 [pid 3190] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3190] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3190] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3190] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3190] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3190] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 87.023947][ T3186] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3190] mkdir("./file0", 0777) = 0 [pid 3190] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3190] ioctl(4, LOOP_CLR_FD) = 0 [pid 3190] close(4) = 0 [pid 3190] close(3) = 0 [pid 3190] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3190] exit_group(0) = ? [pid 3190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3190, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./723", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./723", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./723/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./723/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./723/binderfs") = 0 umount2("./723/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./723/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./723/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./723/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./723/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./723/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./723") = 0 mkdir("./724", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3194 ./strace-static-x86_64: Process 3194 attached [pid 3194] chdir("./724") = 0 [pid 3194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3194] setpgid(0, 0) = 0 [pid 3194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3194] write(3, "1000", 4) = 4 [pid 3194] close(3) = 0 [pid 3194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3194] memfd_create("syzkaller", 0) = 3 [pid 3194] ftruncate(3, 2097152) = 0 [pid 3194] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3194] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3194] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3194] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3194] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3194] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3194] mkdir("./file0", 0777) = 0 [pid 3194] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3194] ioctl(4, LOOP_CLR_FD) = 0 [pid 3194] close(4) = 0 [pid 3194] close(3) = 0 [ 87.098492][ T3190] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3194] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3194] exit_group(0) = ? [pid 3194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3194, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./724", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./724", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./724/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./724/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./724/binderfs") = 0 [ 87.157521][ T3194] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./724/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./724/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./724/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./724/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./724/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./724/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./724") = 0 mkdir("./725", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3198 ./strace-static-x86_64: Process 3198 attached [pid 3198] chdir("./725") = 0 [pid 3198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3198] setpgid(0, 0) = 0 [pid 3198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3198] write(3, "1000", 4) = 4 [pid 3198] close(3) = 0 [pid 3198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3198] memfd_create("syzkaller", 0) = 3 [pid 3198] ftruncate(3, 2097152) = 0 [pid 3198] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3198] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3198] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3198] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3198] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3198] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3198] mkdir("./file0", 0777) = 0 [pid 3198] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3198] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3198] ioctl(4, LOOP_CLR_FD) = 0 [pid 3198] close(4) = 0 [pid 3198] close(3) = 0 [pid 3198] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3198] exit_group(0) = ? [pid 3198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3198, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./725", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./725", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./725/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./725/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./725/binderfs") = 0 [ 87.277022][ T3198] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./725/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./725/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./725/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./725/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./725/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./725/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./725") = 0 mkdir("./726", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3202 ./strace-static-x86_64: Process 3202 attached [pid 3202] chdir("./726") = 0 [pid 3202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3202] setpgid(0, 0) = 0 [pid 3202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3202] write(3, "1000", 4) = 4 [pid 3202] close(3) = 0 [pid 3202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3202] memfd_create("syzkaller", 0) = 3 [pid 3202] ftruncate(3, 2097152) = 0 [pid 3202] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3202] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3202] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3202] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3202] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3202] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3202] mkdir("./file0", 0777) = 0 [pid 3202] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3202] ioctl(4, LOOP_CLR_FD) = 0 [pid 3202] close(4) = 0 [pid 3202] close(3) = 0 [pid 3202] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3202] exit_group(0) = ? [pid 3202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3202, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./726", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./726", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./726/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./726/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./726/binderfs") = 0 [ 87.397879][ T3202] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./726/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./726/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./726/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./726/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./726/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./726/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./726") = 0 mkdir("./727", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3206 ./strace-static-x86_64: Process 3206 attached [pid 3206] chdir("./727") = 0 [pid 3206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3206] setpgid(0, 0) = 0 [pid 3206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3206] write(3, "1000", 4) = 4 [pid 3206] close(3) = 0 [pid 3206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3206] memfd_create("syzkaller", 0) = 3 [pid 3206] ftruncate(3, 2097152) = 0 [pid 3206] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3206] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3206] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3206] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3206] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3206] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3206] mkdir("./file0", 0777) = 0 [pid 3206] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3206] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3206] ioctl(4, LOOP_CLR_FD) = 0 [pid 3206] close(4) = 0 [pid 3206] close(3) = 0 [pid 3206] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3206] exit_group(0) = ? [pid 3206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3206, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./727", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./727", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./727/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./727/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./727/binderfs") = 0 [ 87.509250][ T3206] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./727/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./727/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./727/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./727/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./727/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./727/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./727") = 0 mkdir("./728", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3210 ./strace-static-x86_64: Process 3210 attached [pid 3210] chdir("./728") = 0 [pid 3210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3210] setpgid(0, 0) = 0 [pid 3210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3210] write(3, "1000", 4) = 4 [pid 3210] close(3) = 0 [pid 3210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3210] memfd_create("syzkaller", 0) = 3 [pid 3210] ftruncate(3, 2097152) = 0 [pid 3210] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3210] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3210] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3210] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3210] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3210] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3210] mkdir("./file0", 0777) = 0 [pid 3210] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3210] ioctl(4, LOOP_CLR_FD) = 0 [pid 3210] close(4) = 0 [pid 3210] close(3) = 0 [pid 3210] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3210] exit_group(0) = ? [pid 3210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3210, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./728", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./728", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./728/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./728/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./728/binderfs") = 0 [ 87.638041][ T3210] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./728/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./728/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./728/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./728/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./728/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./728/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./728") = 0 mkdir("./729", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3214 attached , child_tidptr=0x5555564b55d0) = 3214 [pid 3214] chdir("./729") = 0 [pid 3214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3214] setpgid(0, 0) = 0 [pid 3214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3214] write(3, "1000", 4) = 4 [pid 3214] close(3) = 0 [pid 3214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3214] memfd_create("syzkaller", 0) = 3 [pid 3214] ftruncate(3, 2097152) = 0 [pid 3214] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3214] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3214] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3214] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3214] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3214] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3214] mkdir("./file0", 0777) = 0 [pid 3214] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3214] ioctl(4, LOOP_CLR_FD) = 0 [pid 3214] close(4) = 0 [pid 3214] close(3) = 0 [pid 3214] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3214] exit_group(0) = ? [pid 3214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3214, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./729", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./729", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./729/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./729/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./729/binderfs") = 0 [ 87.738519][ T3214] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./729/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./729/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./729/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./729/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./729/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./729/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./729") = 0 mkdir("./730", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3218 ./strace-static-x86_64: Process 3218 attached [pid 3218] chdir("./730") = 0 [pid 3218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3218] setpgid(0, 0) = 0 [pid 3218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3218] write(3, "1000", 4) = 4 [pid 3218] close(3) = 0 [pid 3218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3218] memfd_create("syzkaller", 0) = 3 [pid 3218] ftruncate(3, 2097152) = 0 [pid 3218] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3218] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3218] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3218] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3218] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3218] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3218] mkdir("./file0", 0777) = 0 [pid 3218] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3218] ioctl(4, LOOP_CLR_FD) = 0 [pid 3218] close(4) = 0 [pid 3218] close(3) = 0 [pid 3218] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3218] exit_group(0) = ? [pid 3218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3218, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./730", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./730", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./730/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./730/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./730/binderfs") = 0 [ 87.879191][ T3218] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./730/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./730/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./730/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./730/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./730/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./730/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./730") = 0 mkdir("./731", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3222 ./strace-static-x86_64: Process 3222 attached [pid 3222] chdir("./731") = 0 [pid 3222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3222] setpgid(0, 0) = 0 [pid 3222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3222] write(3, "1000", 4) = 4 [pid 3222] close(3) = 0 [pid 3222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3222] memfd_create("syzkaller", 0) = 3 [pid 3222] ftruncate(3, 2097152) = 0 [pid 3222] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3222] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3222] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3222] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3222] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3222] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3222] mkdir("./file0", 0777) = 0 [pid 3222] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3222] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3222] ioctl(4, LOOP_CLR_FD) = 0 [pid 3222] close(4) = 0 [pid 3222] close(3) = 0 [pid 3222] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3222] exit_group(0) = ? [pid 3222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3222, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./731", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./731", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./731/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./731/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./731/binderfs") = 0 umount2("./731/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./731/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./731/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./731/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./731/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./731/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./731") = 0 mkdir("./732", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3226 attached , child_tidptr=0x5555564b55d0) = 3226 [pid 3226] chdir("./732") = 0 [pid 3226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3226] setpgid(0, 0) = 0 [pid 3226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 88.037325][ T3222] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3226] write(3, "1000", 4) = 4 [pid 3226] close(3) = 0 [pid 3226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3226] memfd_create("syzkaller", 0) = 3 [pid 3226] ftruncate(3, 2097152) = 0 [pid 3226] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3226] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3226] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3226] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3226] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3226] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3226] mkdir("./file0", 0777) = 0 [pid 3226] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3226] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3226] ioctl(4, LOOP_CLR_FD) = 0 [pid 3226] close(4) = 0 [pid 3226] close(3) = 0 [pid 3226] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3226] exit_group(0) = ? [pid 3226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3226, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./732", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./732", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./732/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./732/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./732/binderfs") = 0 [ 88.119281][ T3226] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./732/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./732/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./732/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./732/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./732/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./732/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./732") = 0 mkdir("./733", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3230 ./strace-static-x86_64: Process 3230 attached [pid 3230] chdir("./733") = 0 [pid 3230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3230] setpgid(0, 0) = 0 [pid 3230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3230] write(3, "1000", 4) = 4 [pid 3230] close(3) = 0 [pid 3230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3230] memfd_create("syzkaller", 0) = 3 [pid 3230] ftruncate(3, 2097152) = 0 [pid 3230] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3230] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3230] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3230] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3230] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3230] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3230] mkdir("./file0", 0777) = 0 [pid 3230] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3230] ioctl(4, LOOP_CLR_FD) = 0 [pid 3230] close(4) = 0 [pid 3230] close(3) = 0 [pid 3230] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3230] exit_group(0) = ? [pid 3230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3230, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./733", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./733/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./733/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./733/binderfs") = 0 umount2("./733/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./733/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./733/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./733/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./733/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./733/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./733") = 0 mkdir("./734", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 88.229010][ T3230] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3234 attached , child_tidptr=0x5555564b55d0) = 3234 [pid 3234] chdir("./734") = 0 [pid 3234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3234] setpgid(0, 0) = 0 [pid 3234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3234] write(3, "1000", 4) = 4 [pid 3234] close(3) = 0 [pid 3234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3234] memfd_create("syzkaller", 0) = 3 [pid 3234] ftruncate(3, 2097152) = 0 [pid 3234] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3234] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3234] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3234] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3234] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3234] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3234] mkdir("./file0", 0777) = 0 [pid 3234] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3234] ioctl(4, LOOP_CLR_FD) = 0 [pid 3234] close(4) = 0 [pid 3234] close(3) = 0 [pid 3234] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3234] exit_group(0) = ? [pid 3234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3234, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./734", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./734", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./734/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./734/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./734/binderfs") = 0 [ 88.319144][ T3234] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./734/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./734/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./734/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./734/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./734/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./734/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./734") = 0 mkdir("./735", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3238 ./strace-static-x86_64: Process 3238 attached [pid 3238] chdir("./735") = 0 [pid 3238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3238] setpgid(0, 0) = 0 [pid 3238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3238] write(3, "1000", 4) = 4 [pid 3238] close(3) = 0 [pid 3238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3238] memfd_create("syzkaller", 0) = 3 [pid 3238] ftruncate(3, 2097152) = 0 [pid 3238] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3238] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3238] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3238] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3238] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3238] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3238] mkdir("./file0", 0777) = 0 [pid 3238] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3238] ioctl(4, LOOP_CLR_FD) = 0 [pid 3238] close(4) = 0 [pid 3238] close(3) = 0 [pid 3238] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3238] exit_group(0) = ? [pid 3238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3238, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./735", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./735", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./735/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./735/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./735/binderfs") = 0 [ 88.427671][ T3238] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./735/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./735/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./735/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./735/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./735/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./735/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./735") = 0 mkdir("./736", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3242 ./strace-static-x86_64: Process 3242 attached [pid 3242] chdir("./736") = 0 [pid 3242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3242] setpgid(0, 0) = 0 [pid 3242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3242] write(3, "1000", 4) = 4 [pid 3242] close(3) = 0 [pid 3242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3242] memfd_create("syzkaller", 0) = 3 [pid 3242] ftruncate(3, 2097152) = 0 [pid 3242] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3242] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3242] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3242] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3242] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3242] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3242] mkdir("./file0", 0777) = 0 [pid 3242] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3242] ioctl(4, LOOP_CLR_FD) = 0 [pid 3242] close(4) = 0 [pid 3242] close(3) = 0 [pid 3242] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3242] exit_group(0) = ? [pid 3242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3242, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./736", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./736", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./736/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./736/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./736/binderfs") = 0 umount2("./736/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./736/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./736/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./736/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./736/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./736/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./736") = 0 mkdir("./737", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 88.548833][ T3242] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3246 ./strace-static-x86_64: Process 3246 attached [pid 3246] chdir("./737") = 0 [pid 3246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3246] setpgid(0, 0) = 0 [pid 3246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3246] write(3, "1000", 4) = 4 [pid 3246] close(3) = 0 [pid 3246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3246] memfd_create("syzkaller", 0) = 3 [pid 3246] ftruncate(3, 2097152) = 0 [pid 3246] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3246] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3246] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3246] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3246] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3246] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3246] mkdir("./file0", 0777) = 0 [pid 3246] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3246] ioctl(4, LOOP_CLR_FD) = 0 [pid 3246] close(4) = 0 [pid 3246] close(3) = 0 [pid 3246] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3246] exit_group(0) = ? [pid 3246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3246, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./737", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./737/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./737/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./737/binderfs") = 0 umount2("./737/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./737/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./737/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./737/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./737/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 88.645711][ T3246] EXT4-fs (loop0): re-mounted. Opts: (null) rmdir("./737/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./737") = 0 mkdir("./738", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3250 ./strace-static-x86_64: Process 3250 attached [pid 3250] chdir("./738") = 0 [pid 3250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3250] setpgid(0, 0) = 0 [pid 3250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3250] write(3, "1000", 4) = 4 [pid 3250] close(3) = 0 [pid 3250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3250] memfd_create("syzkaller", 0) = 3 [pid 3250] ftruncate(3, 2097152) = 0 [pid 3250] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3250] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3250] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3250] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3250] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3250] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3250] mkdir("./file0", 0777) = 0 [pid 3250] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3250] ioctl(4, LOOP_CLR_FD) = 0 [pid 3250] close(4) = 0 [pid 3250] close(3) = 0 [pid 3250] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3250] exit_group(0) = ? [pid 3250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3250, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./738", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./738", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./738/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./738/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./738/binderfs") = 0 [ 88.727348][ T3250] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./738/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./738/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./738/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./738/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./738/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./738/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./738") = 0 mkdir("./739", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3254 ./strace-static-x86_64: Process 3254 attached [pid 3254] chdir("./739") = 0 [pid 3254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3254] setpgid(0, 0) = 0 [pid 3254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3254] write(3, "1000", 4) = 4 [pid 3254] close(3) = 0 [pid 3254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3254] memfd_create("syzkaller", 0) = 3 [pid 3254] ftruncate(3, 2097152) = 0 [pid 3254] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3254] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3254] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3254] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3254] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3254] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3254] mkdir("./file0", 0777) = 0 [pid 3254] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3254] ioctl(4, LOOP_CLR_FD) = 0 [pid 3254] close(4) = 0 [pid 3254] close(3) = 0 [pid 3254] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3254] exit_group(0) = ? [pid 3254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3254, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./739", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./739", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./739/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./739/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./739/binderfs") = 0 umount2("./739/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./739/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./739/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./739/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./739/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./739/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./739") = 0 mkdir("./740", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 88.867825][ T3254] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3258 ./strace-static-x86_64: Process 3258 attached [pid 3258] chdir("./740") = 0 [pid 3258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3258] setpgid(0, 0) = 0 [pid 3258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3258] write(3, "1000", 4) = 4 [pid 3258] close(3) = 0 [pid 3258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3258] memfd_create("syzkaller", 0) = 3 [pid 3258] ftruncate(3, 2097152) = 0 [pid 3258] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3258] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3258] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3258] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3258] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3258] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3258] mkdir("./file0", 0777) = 0 [pid 3258] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3258] ioctl(4, LOOP_CLR_FD) = 0 [pid 3258] close(4) = 0 [pid 3258] close(3) = 0 [pid 3258] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3258] exit_group(0) = ? [pid 3258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3258, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./740", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./740", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./740/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./740/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./740/binderfs") = 0 [ 88.948023][ T3258] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./740/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./740/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./740/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./740/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./740/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./740/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./740") = 0 mkdir("./741", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3263 ./strace-static-x86_64: Process 3263 attached [pid 3263] chdir("./741") = 0 [pid 3263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3263] setpgid(0, 0) = 0 [pid 3263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3263] write(3, "1000", 4) = 4 [pid 3263] close(3) = 0 [pid 3263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3263] memfd_create("syzkaller", 0) = 3 [pid 3263] ftruncate(3, 2097152) = 0 [pid 3263] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3263] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3263] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3263] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3263] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3263] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3263] mkdir("./file0", 0777) = 0 [pid 3263] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3263] ioctl(4, LOOP_CLR_FD) = 0 [pid 3263] close(4) = 0 [pid 3263] close(3) = 0 [pid 3263] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3263] exit_group(0) = ? [pid 3263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3263, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./741", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./741/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./741/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./741/binderfs") = 0 [ 89.037927][ T3263] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./741/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./741/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./741/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./741/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./741/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./741/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./741") = 0 mkdir("./742", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3267 ./strace-static-x86_64: Process 3267 attached [pid 3267] chdir("./742") = 0 [pid 3267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3267] setpgid(0, 0) = 0 [pid 3267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3267] write(3, "1000", 4) = 4 [pid 3267] close(3) = 0 [pid 3267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3267] memfd_create("syzkaller", 0) = 3 [pid 3267] ftruncate(3, 2097152) = 0 [pid 3267] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3267] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3267] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3267] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3267] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3267] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3267] mkdir("./file0", 0777) = 0 [pid 3267] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3267] ioctl(4, LOOP_CLR_FD) = 0 [pid 3267] close(4) = 0 [pid 3267] close(3) = 0 [pid 3267] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3267] exit_group(0) = ? [pid 3267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3267, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./742", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./742", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./742/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./742/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./742/binderfs") = 0 [ 89.157270][ T3267] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./742/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./742/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./742/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./742/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./742/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./742/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./742") = 0 mkdir("./743", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3271 ./strace-static-x86_64: Process 3271 attached [pid 3271] chdir("./743") = 0 [pid 3271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3271] setpgid(0, 0) = 0 [pid 3271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3271] write(3, "1000", 4) = 4 [pid 3271] close(3) = 0 [pid 3271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3271] memfd_create("syzkaller", 0) = 3 [pid 3271] ftruncate(3, 2097152) = 0 [pid 3271] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3271] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3271] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3271] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3271] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3271] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3271] mkdir("./file0", 0777) = 0 [pid 3271] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3271] ioctl(4, LOOP_CLR_FD) = 0 [pid 3271] close(4) = 0 [pid 3271] close(3) = 0 [pid 3271] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3271] exit_group(0) = ? [pid 3271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3271, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./743", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./743", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./743/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./743/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./743/binderfs") = 0 [ 89.279938][ T3271] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./743/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./743/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./743/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./743/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./743/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./743/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./743") = 0 mkdir("./744", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3275 ./strace-static-x86_64: Process 3275 attached [pid 3275] chdir("./744") = 0 [pid 3275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3275] setpgid(0, 0) = 0 [pid 3275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3275] write(3, "1000", 4) = 4 [pid 3275] close(3) = 0 [pid 3275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3275] memfd_create("syzkaller", 0) = 3 [pid 3275] ftruncate(3, 2097152) = 0 [pid 3275] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3275] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3275] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3275] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3275] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3275] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3275] mkdir("./file0", 0777) = 0 [pid 3275] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3275] ioctl(4, LOOP_CLR_FD) = 0 [pid 3275] close(4) = 0 [pid 3275] close(3) = 0 [pid 3275] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3275] exit_group(0) = ? [pid 3275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3275, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./744", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./744", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./744/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./744/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./744/binderfs") = 0 umount2("./744/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./744/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./744/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./744/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./744/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./744/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./744") = 0 mkdir("./745", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3279 ./strace-static-x86_64: Process 3279 attached [pid 3279] chdir("./745") = 0 [pid 3279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3279] setpgid(0, 0) = 0 [pid 3279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3279] write(3, "1000", 4) = 4 [pid 3279] close(3) = 0 [pid 3279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3279] memfd_create("syzkaller", 0) = 3 [pid 3279] ftruncate(3, 2097152) = 0 [pid 3279] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3279] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3279] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3279] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3279] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3279] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3279] mkdir("./file0", 0777) = 0 [ 89.398806][ T3275] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3279] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3279] ioctl(4, LOOP_CLR_FD) = 0 [pid 3279] close(4) = 0 [pid 3279] close(3) = 0 [pid 3279] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3279] exit_group(0) = ? [pid 3279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3279, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./745", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./745", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./745/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./745/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./745/binderfs") = 0 umount2("./745/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./745/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./745/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./745/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./745/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./745/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./745") = 0 mkdir("./746", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3283 ./strace-static-x86_64: Process 3283 attached [pid 3283] chdir("./746") = 0 [pid 3283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3283] setpgid(0, 0) = 0 [pid 3283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3283] write(3, "1000", 4) = 4 [pid 3283] close(3) = 0 [pid 3283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3283] memfd_create("syzkaller", 0) = 3 [pid 3283] ftruncate(3, 2097152) = 0 [pid 3283] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3283] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3283] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3283] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3283] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3283] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3283] mkdir("./file0", 0777) = 0 [ 89.468674][ T3279] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3283] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3283] ioctl(4, LOOP_CLR_FD) = 0 [pid 3283] close(4) = 0 [pid 3283] close(3) = 0 [pid 3283] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3283] exit_group(0) = ? [pid 3283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3283, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./746", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./746", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./746/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./746/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./746/binderfs") = 0 umount2("./746/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./746/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./746/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./746/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./746/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./746/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./746") = 0 mkdir("./747", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3287 attached [pid 3287] chdir("./747" [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 3287 [pid 3287] <... chdir resumed>) = 0 [pid 3287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3287] setpgid(0, 0) = 0 [pid 3287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3287] write(3, "1000", 4) = 4 [pid 3287] close(3) = 0 [pid 3287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3287] memfd_create("syzkaller", 0) = 3 [pid 3287] ftruncate(3, 2097152) = 0 [pid 3287] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3287] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3287] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3287] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3287] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3287] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3287] mkdir("./file0", 0777) = 0 [ 89.538908][ T3283] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3287] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3287] ioctl(4, LOOP_CLR_FD) = 0 [pid 3287] close(4) = 0 [pid 3287] close(3) = 0 [pid 3287] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3287] exit_group(0) = ? [pid 3287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3287, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./747", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./747", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./747/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./747/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./747/binderfs") = 0 [ 89.608407][ T3287] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./747/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./747/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./747/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./747/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./747/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./747/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./747") = 0 mkdir("./748", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3291 ./strace-static-x86_64: Process 3291 attached [pid 3291] chdir("./748") = 0 [pid 3291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3291] setpgid(0, 0) = 0 [pid 3291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3291] write(3, "1000", 4) = 4 [pid 3291] close(3) = 0 [pid 3291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3291] memfd_create("syzkaller", 0) = 3 [pid 3291] ftruncate(3, 2097152) = 0 [pid 3291] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3291] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3291] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3291] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3291] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3291] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3291] mkdir("./file0", 0777) = 0 [pid 3291] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3291] ioctl(4, LOOP_CLR_FD) = 0 [pid 3291] close(4) = 0 [pid 3291] close(3) = 0 [pid 3291] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3291] exit_group(0) = ? [pid 3291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3291, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./748", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./748", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./748/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./748/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./748/binderfs") = 0 umount2("./748/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./748/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./748/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./748/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./748/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./748/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./748") = 0 [ 89.708980][ T3291] EXT4-fs (loop0): re-mounted. Opts: (null) mkdir("./749", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3295 ./strace-static-x86_64: Process 3295 attached [pid 3295] chdir("./749") = 0 [pid 3295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3295] setpgid(0, 0) = 0 [pid 3295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3295] write(3, "1000", 4) = 4 [pid 3295] close(3) = 0 [pid 3295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3295] memfd_create("syzkaller", 0) = 3 [pid 3295] ftruncate(3, 2097152) = 0 [pid 3295] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3295] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3295] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3295] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3295] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3295] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3295] mkdir("./file0", 0777) = 0 [pid 3295] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3295] ioctl(4, LOOP_CLR_FD) = 0 [pid 3295] close(4) = 0 [pid 3295] close(3) = 0 [pid 3295] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3295] exit_group(0) = ? [pid 3295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3295, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./749", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./749", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./749/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./749/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./749/binderfs") = 0 umount2("./749/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./749/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./749/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./749/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./749/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./749/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./749") = 0 mkdir("./750", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3299 ./strace-static-x86_64: Process 3299 attached [pid 3299] chdir("./750") = 0 [pid 3299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3299] setpgid(0, 0) = 0 [pid 3299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3299] write(3, "1000", 4) = 4 [pid 3299] close(3) = 0 [pid 3299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3299] memfd_create("syzkaller", 0) = 3 [pid 3299] ftruncate(3, 2097152) = 0 [pid 3299] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3299] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3299] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3299] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3299] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3299] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3299] mkdir("./file0", 0777) = 0 [ 89.791481][ T3295] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3299] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3299] ioctl(4, LOOP_CLR_FD) = 0 [pid 3299] close(4) = 0 [pid 3299] close(3) = 0 [pid 3299] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3299] exit_group(0) = ? [pid 3299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3299, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./750", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./750/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./750/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./750/binderfs") = 0 [ 89.856869][ T3299] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./750/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./750/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./750/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./750/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./750/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./750/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./750") = 0 mkdir("./751", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3303 ./strace-static-x86_64: Process 3303 attached [pid 3303] chdir("./751") = 0 [pid 3303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3303] setpgid(0, 0) = 0 [pid 3303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3303] write(3, "1000", 4) = 4 [pid 3303] close(3) = 0 [pid 3303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3303] memfd_create("syzkaller", 0) = 3 [pid 3303] ftruncate(3, 2097152) = 0 [pid 3303] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3303] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3303] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3303] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3303] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3303] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3303] mkdir("./file0", 0777) = 0 [pid 3303] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3303] ioctl(4, LOOP_CLR_FD) = 0 [pid 3303] close(4) = 0 [pid 3303] close(3) = 0 [pid 3303] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3303] exit_group(0) = ? [pid 3303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./751", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./751", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./751/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./751/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./751/binderfs") = 0 umount2("./751/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./751/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./751/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./751/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./751/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./751/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./751") = 0 mkdir("./752", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3307 ./strace-static-x86_64: Process 3307 attached [pid 3307] chdir("./752") = 0 [pid 3307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3307] setpgid(0, 0) = 0 [pid 3307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3307] write(3, "1000", 4) = 4 [pid 3307] close(3) = 0 [pid 3307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3307] memfd_create("syzkaller", 0) = 3 [pid 3307] ftruncate(3, 2097152) = 0 [pid 3307] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3307] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3307] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3307] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3307] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3307] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3307] mkdir("./file0", 0777) = 0 [ 89.956419][ T3303] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3307] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3307] ioctl(4, LOOP_CLR_FD) = 0 [pid 3307] close(4) = 0 [pid 3307] close(3) = 0 [pid 3307] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3307] exit_group(0) = ? [pid 3307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./752", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./752", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./752/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./752/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./752/binderfs") = 0 umount2("./752/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./752/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./752/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./752/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./752/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./752/file0") = 0 [ 90.028118][ T3307] EXT4-fs (loop0): re-mounted. Opts: (null) getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./752") = 0 mkdir("./753", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3311 attached [pid 3311] chdir("./753") = 0 [pid 3311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3311] setpgid(0, 0) = 0 [pid 3311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3311] write(3, "1000", 4) = 4 [pid 3311] close(3) = 0 [pid 3311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3311] memfd_create("syzkaller", 0) = 3 [pid 3311] ftruncate(3, 2097152) = 0 [pid 3311] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3311] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3311] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3311] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3311] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3311] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3311] ioctl(4, LOOP_SET_FD, 3 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 3311 [pid 3311] <... ioctl resumed>) = 0 [pid 3311] mkdir("./file0", 0777) = 0 [pid 3311] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3311] ioctl(4, LOOP_CLR_FD) = 0 [pid 3311] close(4) = 0 [pid 3311] close(3) = 0 [pid 3311] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3311] exit_group(0) = ? [pid 3311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3311, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./753", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./753", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./753/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./753/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./753/binderfs") = 0 umount2("./753/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./753/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./753/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./753/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./753/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 90.106185][ T3311] EXT4-fs (loop0): re-mounted. Opts: (null) rmdir("./753/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./753") = 0 mkdir("./754", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3315 ./strace-static-x86_64: Process 3315 attached [pid 3315] chdir("./754") = 0 [pid 3315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3315] setpgid(0, 0) = 0 [pid 3315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3315] write(3, "1000", 4) = 4 [pid 3315] close(3) = 0 [pid 3315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3315] memfd_create("syzkaller", 0) = 3 [pid 3315] ftruncate(3, 2097152) = 0 [pid 3315] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3315] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3315] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3315] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3315] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3315] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3315] mkdir("./file0", 0777) = 0 [pid 3315] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3315] ioctl(4, LOOP_CLR_FD) = 0 [pid 3315] close(4) = 0 [pid 3315] close(3) = 0 [pid 3315] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3315] exit_group(0) = ? [pid 3315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3315, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./754", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./754", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./754/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./754/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./754/binderfs") = 0 [ 90.197176][ T3315] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./754/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./754/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./754/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./754/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./754/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./754/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./754") = 0 mkdir("./755", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3319 ./strace-static-x86_64: Process 3319 attached [pid 3319] chdir("./755") = 0 [pid 3319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3319] setpgid(0, 0) = 0 [pid 3319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3319] write(3, "1000", 4) = 4 [pid 3319] close(3) = 0 [pid 3319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3319] memfd_create("syzkaller", 0) = 3 [pid 3319] ftruncate(3, 2097152) = 0 [pid 3319] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3319] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3319] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3319] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3319] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3319] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3319] mkdir("./file0", 0777) = 0 [pid 3319] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3319] ioctl(4, LOOP_CLR_FD) = 0 [pid 3319] close(4) = 0 [pid 3319] close(3) = 0 [pid 3319] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3319] exit_group(0) = ? [pid 3319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./755", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./755", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./755/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./755/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./755/binderfs") = 0 [ 90.318907][ T3319] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./755/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./755/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./755/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./755/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./755/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./755/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./755") = 0 mkdir("./756", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3323 ./strace-static-x86_64: Process 3323 attached [pid 3323] chdir("./756") = 0 [pid 3323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3323] setpgid(0, 0) = 0 [pid 3323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3323] write(3, "1000", 4) = 4 [pid 3323] close(3) = 0 [pid 3323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3323] memfd_create("syzkaller", 0) = 3 [pid 3323] ftruncate(3, 2097152) = 0 [pid 3323] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3323] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3323] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3323] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3323] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3323] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3323] mkdir("./file0", 0777) = 0 [pid 3323] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3323] ioctl(4, LOOP_CLR_FD) = 0 [pid 3323] close(4) = 0 [pid 3323] close(3) = 0 [pid 3323] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3323] exit_group(0) = ? [pid 3323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3323, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./756", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./756/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./756/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./756/binderfs") = 0 umount2("./756/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./756/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./756/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./756/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./756/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./756/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./756") = 0 mkdir("./757", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3327 ./strace-static-x86_64: Process 3327 attached [pid 3327] chdir("./757") = 0 [pid 3327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3327] setpgid(0, 0) = 0 [pid 3327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3327] write(3, "1000", 4) = 4 [pid 3327] close(3) = 0 [pid 3327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3327] memfd_create("syzkaller", 0) = 3 [pid 3327] ftruncate(3, 2097152) = 0 [pid 3327] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3327] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3327] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3327] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3327] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3327] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3327] mkdir("./file0", 0777) = 0 [ 90.405546][ T3323] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3327] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3327] ioctl(4, LOOP_CLR_FD) = 0 [pid 3327] close(4) = 0 [pid 3327] close(3) = 0 [pid 3327] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3327] exit_group(0) = ? [pid 3327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3327, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./757", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./757", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./757/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./757/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./757/binderfs") = 0 umount2("./757/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./757/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./757/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./757/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./757/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./757/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./757") = 0 mkdir("./758", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3331 ./strace-static-x86_64: Process 3331 attached [pid 3331] chdir("./758") = 0 [pid 3331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3331] setpgid(0, 0) = 0 [pid 3331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3331] write(3, "1000", 4) = 4 [pid 3331] close(3) = 0 [pid 3331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3331] memfd_create("syzkaller", 0) = 3 [pid 3331] ftruncate(3, 2097152) = 0 [pid 3331] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3331] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3331] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3331] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3331] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3331] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3331] mkdir("./file0", 0777) = 0 [ 90.478431][ T3327] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3331] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3331] ioctl(4, LOOP_CLR_FD) = 0 [pid 3331] close(4) = 0 [pid 3331] close(3) = 0 [pid 3331] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3331] exit_group(0) = ? [pid 3331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3331, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./758", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./758", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./758/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./758/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./758/binderfs") = 0 [ 90.546832][ T3331] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./758/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./758/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./758/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./758/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./758/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./758/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./758") = 0 mkdir("./759", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3335 attached , child_tidptr=0x5555564b55d0) = 3335 [pid 3335] chdir("./759") = 0 [pid 3335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3335] setpgid(0, 0) = 0 [pid 3335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3335] write(3, "1000", 4) = 4 [pid 3335] close(3) = 0 [pid 3335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3335] memfd_create("syzkaller", 0) = 3 [pid 3335] ftruncate(3, 2097152) = 0 [pid 3335] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3335] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3335] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3335] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3335] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3335] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3335] mkdir("./file0", 0777) = 0 [pid 3335] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3335] ioctl(4, LOOP_CLR_FD) = 0 [pid 3335] close(4) = 0 [pid 3335] close(3) = 0 [pid 3335] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3335] exit_group(0) = ? [pid 3335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./759", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./759/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./759/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./759/binderfs") = 0 umount2("./759/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./759/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./759/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./759/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./759/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./759/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./759") = 0 mkdir("./760", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3339 attached , child_tidptr=0x5555564b55d0) = 3339 [pid 3339] chdir("./760") = 0 [pid 3339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3339] setpgid(0, 0) = 0 [pid 3339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3339] write(3, "1000", 4) = 4 [pid 3339] close(3) = 0 [pid 3339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3339] memfd_create("syzkaller", 0) = 3 [pid 3339] ftruncate(3, 2097152) = 0 [pid 3339] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3339] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3339] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3339] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3339] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3339] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3339] mkdir("./file0", 0777) = 0 [ 90.637428][ T3335] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3339] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3339] ioctl(4, LOOP_CLR_FD) = 0 [pid 3339] close(4) = 0 [pid 3339] close(3) = 0 [pid 3339] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3339] exit_group(0) = ? [pid 3339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3339, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./760", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./760", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./760/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./760/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./760/binderfs") = 0 umount2("./760/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./760/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./760/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./760/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./760/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./760/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./760") = 0 mkdir("./761", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3343 ./strace-static-x86_64: Process 3343 attached [pid 3343] chdir("./761") = 0 [pid 3343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3343] setpgid(0, 0) = 0 [pid 3343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3343] write(3, "1000", 4) = 4 [pid 3343] close(3) = 0 [pid 3343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3343] memfd_create("syzkaller", 0) = 3 [pid 3343] ftruncate(3, 2097152) = 0 [pid 3343] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3343] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3343] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3343] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3343] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3343] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3343] mkdir("./file0", 0777) = 0 [pid 3343] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3343] ioctl(4, LOOP_CLR_FD) = 0 [pid 3343] close(4) = 0 [pid 3343] close(3) = 0 [ 90.713969][ T3339] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3343] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3343] exit_group(0) = ? [pid 3343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3343, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./761", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./761", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./761/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./761/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./761/binderfs") = 0 [ 90.756184][ T3343] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./761/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./761/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./761/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./761/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./761/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./761/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./761") = 0 mkdir("./762", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3347 attached , child_tidptr=0x5555564b55d0) = 3347 [pid 3347] chdir("./762") = 0 [pid 3347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3347] setpgid(0, 0) = 0 [pid 3347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3347] write(3, "1000", 4) = 4 [pid 3347] close(3) = 0 [pid 3347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3347] memfd_create("syzkaller", 0) = 3 [pid 3347] ftruncate(3, 2097152) = 0 [pid 3347] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3347] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3347] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3347] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3347] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3347] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3347] mkdir("./file0", 0777) = 0 [pid 3347] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3347] ioctl(4, LOOP_CLR_FD) = 0 [pid 3347] close(4) = 0 [pid 3347] close(3) = 0 [pid 3347] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3347] exit_group(0) = ? [pid 3347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3347, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./762", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./762/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./762/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./762/binderfs") = 0 [ 90.877821][ T3347] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./762/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./762/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./762/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./762/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./762/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./762/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./762") = 0 mkdir("./763", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3351 ./strace-static-x86_64: Process 3351 attached [pid 3351] chdir("./763") = 0 [pid 3351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3351] setpgid(0, 0) = 0 [pid 3351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3351] write(3, "1000", 4) = 4 [pid 3351] close(3) = 0 [pid 3351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3351] memfd_create("syzkaller", 0) = 3 [pid 3351] ftruncate(3, 2097152) = 0 [pid 3351] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3351] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3351] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3351] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3351] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3351] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3351] mkdir("./file0", 0777) = 0 [pid 3351] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3351] ioctl(4, LOOP_CLR_FD) = 0 [pid 3351] close(4) = 0 [pid 3351] close(3) = 0 [pid 3351] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3351] exit_group(0) = ? [pid 3351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3351, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./763", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./763", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./763/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./763/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./763/binderfs") = 0 umount2("./763/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./763/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./763/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./763/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./763/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./763/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./763") = 0 mkdir("./764", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3355 ./strace-static-x86_64: Process 3355 attached [pid 3355] chdir("./764") = 0 [ 90.989672][ T3351] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3355] setpgid(0, 0) = 0 [pid 3355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3355] write(3, "1000", 4) = 4 [pid 3355] close(3) = 0 [pid 3355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3355] memfd_create("syzkaller", 0) = 3 [pid 3355] ftruncate(3, 2097152) = 0 [pid 3355] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3355] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3355] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3355] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3355] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3355] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3355] mkdir("./file0", 0777) = 0 [pid 3355] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3355] ioctl(4, LOOP_CLR_FD) = 0 [pid 3355] close(4) = 0 [pid 3355] close(3) = 0 [pid 3355] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3355] exit_group(0) = ? [pid 3355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3355, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./764", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./764", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./764/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./764/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./764/binderfs") = 0 umount2("./764/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./764/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./764/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./764/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./764/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./764/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./764") = 0 mkdir("./765", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 91.077531][ T3355] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3359 ./strace-static-x86_64: Process 3359 attached [pid 3359] chdir("./765") = 0 [pid 3359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3359] setpgid(0, 0) = 0 [pid 3359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3359] write(3, "1000", 4) = 4 [pid 3359] close(3) = 0 [pid 3359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3359] memfd_create("syzkaller", 0) = 3 [pid 3359] ftruncate(3, 2097152) = 0 [pid 3359] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3359] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3359] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3359] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3359] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3359] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3359] mkdir("./file0", 0777) = 0 [pid 3359] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3359] ioctl(4, LOOP_CLR_FD) = 0 [pid 3359] close(4) = 0 [pid 3359] close(3) = 0 [pid 3359] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3359] exit_group(0) = ? [pid 3359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3359, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./765", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./765", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./765/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./765/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./765/binderfs") = 0 [ 91.158629][ T3359] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./765/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./765/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./765/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./765/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./765/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./765/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./765") = 0 mkdir("./766", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3363 ./strace-static-x86_64: Process 3363 attached [pid 3363] chdir("./766") = 0 [pid 3363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3363] setpgid(0, 0) = 0 [pid 3363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3363] write(3, "1000", 4) = 4 [pid 3363] close(3) = 0 [pid 3363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3363] memfd_create("syzkaller", 0) = 3 [pid 3363] ftruncate(3, 2097152) = 0 [pid 3363] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3363] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3363] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3363] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3363] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3363] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3363] mkdir("./file0", 0777) = 0 [pid 3363] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3363] ioctl(4, LOOP_CLR_FD) = 0 [pid 3363] close(4) = 0 [pid 3363] close(3) = 0 [pid 3363] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3363] exit_group(0) = ? [pid 3363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3363, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./766", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./766/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./766/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./766/binderfs") = 0 [ 91.278221][ T3363] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./766/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./766/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./766/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./766/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./766/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./766/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./766") = 0 mkdir("./767", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3367 ./strace-static-x86_64: Process 3367 attached [pid 3367] chdir("./767") = 0 [pid 3367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3367] setpgid(0, 0) = 0 [pid 3367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3367] write(3, "1000", 4) = 4 [pid 3367] close(3) = 0 [pid 3367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3367] memfd_create("syzkaller", 0) = 3 [pid 3367] ftruncate(3, 2097152) = 0 [pid 3367] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3367] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3367] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3367] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3367] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3367] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3367] mkdir("./file0", 0777) = 0 [pid 3367] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3367] ioctl(4, LOOP_CLR_FD) = 0 [pid 3367] close(4) = 0 [pid 3367] close(3) = 0 [pid 3367] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3367] exit_group(0) = ? [pid 3367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3367, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./767", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./767/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./767/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./767/binderfs") = 0 umount2("./767/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./767/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./767/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./767/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./767/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./767/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./767") = 0 mkdir("./768", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3371 ./strace-static-x86_64: Process 3371 attached [pid 3371] chdir("./768") = 0 [pid 3371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3371] setpgid(0, 0) = 0 [pid 3371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 91.389342][ T3367] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3371] write(3, "1000", 4) = 4 [pid 3371] close(3) = 0 [pid 3371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3371] memfd_create("syzkaller", 0) = 3 [pid 3371] ftruncate(3, 2097152) = 0 [pid 3371] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3371] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3371] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3371] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3371] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3371] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3371] mkdir("./file0", 0777) = 0 [pid 3371] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3371] ioctl(4, LOOP_CLR_FD) = 0 [pid 3371] close(4) = 0 [pid 3371] close(3) = 0 [pid 3371] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3371] exit_group(0) = ? [pid 3371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3371, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./768", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./768", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./768/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./768/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./768/binderfs") = 0 [ 91.467396][ T3371] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./768/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./768/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./768/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./768/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./768/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./768/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./768") = 0 mkdir("./769", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3375 ./strace-static-x86_64: Process 3375 attached [pid 3375] chdir("./769") = 0 [pid 3375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3375] setpgid(0, 0) = 0 [pid 3375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3375] write(3, "1000", 4) = 4 [pid 3375] close(3) = 0 [pid 3375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3375] memfd_create("syzkaller", 0) = 3 [pid 3375] ftruncate(3, 2097152) = 0 [pid 3375] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3375] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3375] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3375] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3375] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3375] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3375] mkdir("./file0", 0777) = 0 [pid 3375] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3375] ioctl(4, LOOP_CLR_FD) = 0 [pid 3375] close(4) = 0 [pid 3375] close(3) = 0 [pid 3375] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3375] exit_group(0) = ? [pid 3375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3375, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./769", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./769/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./769/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./769/binderfs") = 0 umount2("./769/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./769/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./769/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./769/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./769/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./769/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./769") = 0 mkdir("./770", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 91.587745][ T3375] EXT4-fs (loop0): re-mounted. Opts: (null) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3379 attached , child_tidptr=0x5555564b55d0) = 3379 [pid 3379] chdir("./770") = 0 [pid 3379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3379] setpgid(0, 0) = 0 [pid 3379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3379] write(3, "1000", 4) = 4 [pid 3379] close(3) = 0 [pid 3379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3379] memfd_create("syzkaller", 0) = 3 [pid 3379] ftruncate(3, 2097152) = 0 [pid 3379] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3379] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3379] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3379] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3379] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3379] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3379] mkdir("./file0", 0777) = 0 [pid 3379] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3379] ioctl(4, LOOP_CLR_FD) = 0 [pid 3379] close(4) = 0 [pid 3379] close(3) = 0 [pid 3379] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3379] exit_group(0) = ? [pid 3379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3379, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./770", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./770/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./770/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./770/binderfs") = 0 umount2("./770/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./770/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./770/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./770/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./770/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./770/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./770") = 0 mkdir("./771", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3383 ./strace-static-x86_64: Process 3383 attached [pid 3383] chdir("./771") = 0 [pid 3383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3383] setpgid(0, 0) = 0 [pid 3383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3383] write(3, "1000", 4) = 4 [pid 3383] close(3) = 0 [pid 3383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3383] memfd_create("syzkaller", 0) = 3 [pid 3383] ftruncate(3, 2097152) = 0 [pid 3383] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3383] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3383] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3383] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3383] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3383] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3383] mkdir("./file0", 0777) = 0 [ 91.678352][ T3379] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3383] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3383] ioctl(4, LOOP_CLR_FD) = 0 [pid 3383] close(4) = 0 [pid 3383] close(3) = 0 [pid 3383] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3383] exit_group(0) = ? [pid 3383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3383, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./771", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./771", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./771/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./771/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./771/binderfs") = 0 [ 91.748291][ T3383] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./771/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./771/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./771/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./771/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./771/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./771/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./771") = 0 mkdir("./772", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3387 ./strace-static-x86_64: Process 3387 attached [pid 3387] chdir("./772") = 0 [pid 3387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3387] setpgid(0, 0) = 0 [pid 3387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3387] write(3, "1000", 4) = 4 [pid 3387] close(3) = 0 [pid 3387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3387] memfd_create("syzkaller", 0) = 3 [pid 3387] ftruncate(3, 2097152) = 0 [pid 3387] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3387] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3387] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3387] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3387] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3387] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3387] mkdir("./file0", 0777) = 0 [pid 3387] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3387] ioctl(4, LOOP_CLR_FD) = 0 [pid 3387] close(4) = 0 [pid 3387] close(3) = 0 [pid 3387] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3387] exit_group(0) = ? [pid 3387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3387, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./772", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./772", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./772/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./772/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./772/binderfs") = 0 umount2("./772/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./772/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./772/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./772/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./772/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./772/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./772") = 0 mkdir("./773", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3391 attached , child_tidptr=0x5555564b55d0) = 3391 [pid 3391] chdir("./773") = 0 [pid 3391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3391] setpgid(0, 0) = 0 [pid 3391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3391] write(3, "1000", 4) = 4 [pid 3391] close(3) = 0 [pid 3391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3391] memfd_create("syzkaller", 0) = 3 [pid 3391] ftruncate(3, 2097152) = 0 [pid 3391] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3391] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3391] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3391] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3391] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3391] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3391] mkdir("./file0", 0777) = 0 [pid 3391] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3391] ioctl(4, LOOP_CLR_FD) = 0 [pid 3391] close(4) = 0 [pid 3391] close(3) = 0 [ 91.868593][ T3387] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3391] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3391] exit_group(0) = ? [pid 3391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3391, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./773", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./773", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./773/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./773/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./773/binderfs") = 0 umount2("./773/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./773/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./773/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./773/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./773/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./773/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./773") = 0 mkdir("./774", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3395 ./strace-static-x86_64: Process 3395 attached [pid 3395] chdir("./774") = 0 [pid 3395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3395] setpgid(0, 0) = 0 [pid 3395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3395] write(3, "1000", 4) = 4 [pid 3395] close(3) = 0 [pid 3395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3395] memfd_create("syzkaller", 0) = 3 [pid 3395] ftruncate(3, 2097152) = 0 [pid 3395] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3395] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3395] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3395] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3395] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3395] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3395] mkdir("./file0", 0777) = 0 [pid 3395] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3395] ioctl(4, LOOP_CLR_FD) = 0 [pid 3395] close(4) = 0 [pid 3395] close(3) = 0 [ 91.928319][ T3391] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3395] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3395] exit_group(0) = ? [pid 3395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3395, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./774", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./774", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./774/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./774/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./774/binderfs") = 0 umount2("./774/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./774/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./774/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./774/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./774/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./774/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./774") = 0 mkdir("./775", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 91.989053][ T3395] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3399 attached [pid 3399] chdir("./775") = 0 [pid 3399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3399] setpgid(0, 0) = 0 [pid 3399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3399] write(3, "1000", 4) = 4 [pid 3399] close(3) = 0 [pid 3399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3399] memfd_create("syzkaller", 0) = 3 [pid 3399] ftruncate(3, 2097152) = 0 [pid 3399] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3399] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3399] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3399] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3399] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3399] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3399] ioctl(4, LOOP_SET_FD, 3 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 3399 [pid 3399] <... ioctl resumed>) = 0 [pid 3399] mkdir("./file0", 0777) = 0 [pid 3399] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3399] ioctl(4, LOOP_CLR_FD) = 0 [pid 3399] close(4) = 0 [pid 3399] close(3) = 0 [pid 3399] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3399] exit_group(0) = ? [pid 3399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3399, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./775", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./775", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./775/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./775/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./775/binderfs") = 0 umount2("./775/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./775/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./775/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./775/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./775/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./775/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./775") = 0 mkdir("./776", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3404 ./strace-static-x86_64: Process 3404 attached [pid 3404] chdir("./776") = 0 [pid 3404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3404] setpgid(0, 0) = 0 [pid 3404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3404] write(3, "1000", 4) = 4 [pid 3404] close(3) = 0 [pid 3404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3404] memfd_create("syzkaller", 0) = 3 [pid 3404] ftruncate(3, 2097152) = 0 [pid 3404] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3404] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3404] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3404] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3404] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3404] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3404] mkdir("./file0", 0777) = 0 [pid 3404] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3404] ioctl(4, LOOP_CLR_FD) = 0 [pid 3404] close(4) = 0 [pid 3404] close(3) = 0 [ 92.070381][ T3399] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3404] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3404] exit_group(0) = ? [pid 3404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3404, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./776", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./776", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./776/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./776/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./776/binderfs") = 0 umount2("./776/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./776/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./776/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./776/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./776/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./776/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./776") = 0 mkdir("./777", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 92.130286][ T3404] EXT4-fs (loop0): re-mounted. Opts: (null) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3408 ./strace-static-x86_64: Process 3408 attached [pid 3408] chdir("./777") = 0 [pid 3408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3408] setpgid(0, 0) = 0 [pid 3408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3408] write(3, "1000", 4) = 4 [pid 3408] close(3) = 0 [pid 3408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3408] memfd_create("syzkaller", 0) = 3 [pid 3408] ftruncate(3, 2097152) = 0 [pid 3408] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3408] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3408] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3408] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3408] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3408] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3408] mkdir("./file0", 0777) = 0 [pid 3408] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3408] ioctl(4, LOOP_CLR_FD) = 0 [pid 3408] close(4) = 0 [pid 3408] close(3) = 0 [pid 3408] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3408] exit_group(0) = ? [pid 3408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3408, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./777", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./777", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./777/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./777/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./777/binderfs") = 0 umount2("./777/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./777/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./777/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./777/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./777/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./777/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./777") = 0 mkdir("./778", 0777) = 0 [ 92.207978][ T3408] EXT4-fs (loop0): re-mounted. Opts: (null) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3412 attached , child_tidptr=0x5555564b55d0) = 3412 [pid 3412] chdir("./778") = 0 [pid 3412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3412] setpgid(0, 0) = 0 [pid 3412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3412] write(3, "1000", 4) = 4 [pid 3412] close(3) = 0 [pid 3412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3412] memfd_create("syzkaller", 0) = 3 [pid 3412] ftruncate(3, 2097152) = 0 [pid 3412] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3412] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3412] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3412] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3412] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3412] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3412] mkdir("./file0", 0777) = 0 [pid 3412] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3412] ioctl(4, LOOP_CLR_FD) = 0 [pid 3412] close(4) = 0 [pid 3412] close(3) = 0 [pid 3412] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3412] exit_group(0) = ? [pid 3412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3412, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./778", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./778", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./778/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./778/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./778/binderfs") = 0 umount2("./778/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./778/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./778/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./778/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./778/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./778/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./778") = 0 mkdir("./779", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3416 ./strace-static-x86_64: Process 3416 attached [pid 3416] chdir("./779") = 0 [pid 3416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3416] setpgid(0, 0) = 0 [pid 3416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3416] write(3, "1000", 4) = 4 [pid 3416] close(3) = 0 [pid 3416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3416] memfd_create("syzkaller", 0) = 3 [pid 3416] ftruncate(3, 2097152) = 0 [pid 3416] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3416] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3416] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3416] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3416] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3416] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3416] mkdir("./file0", 0777) = 0 [ 92.318992][ T3412] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3416] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3416] ioctl(4, LOOP_CLR_FD) = 0 [pid 3416] close(4) = 0 [pid 3416] close(3) = 0 [pid 3416] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3416] exit_group(0) = ? [pid 3416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3416, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./779", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./779", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./779/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./779/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./779/binderfs") = 0 umount2("./779/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./779/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./779/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./779/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./779/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./779/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./779") = 0 mkdir("./780", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564b55d0) = 3420 ./strace-static-x86_64: Process 3420 attached [pid 3420] chdir("./780") = 0 [pid 3420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3420] setpgid(0, 0) = 0 [pid 3420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3420] write(3, "1000", 4) = 4 [pid 3420] close(3) = 0 [pid 3420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3420] memfd_create("syzkaller", 0) = 3 [pid 3420] ftruncate(3, 2097152) = 0 [pid 3420] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3420] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3420] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3420] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3420] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3420] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3420] ioctl(4, LOOP_SET_FD, 3) = 0 [ 92.388195][ T3416] EXT4-fs (loop0): re-mounted. Opts: (null) [pid 3420] mkdir("./file0", 0777) = 0 [pid 3420] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3420] ioctl(4, LOOP_CLR_FD) = 0 [pid 3420] close(4) = 0 [pid 3420] close(3) = 0 [pid 3420] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3420] exit_group(0) = ? [pid 3420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3420, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./780", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./780/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./780/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./780/binderfs") = 0 [ 92.459451][ T3420] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./780/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./780/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./780/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./780/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./780/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./780/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./780") = 0 mkdir("./781", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3424 attached , child_tidptr=0x5555564b55d0) = 3424 [pid 3424] chdir("./781") = 0 [pid 3424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3424] setpgid(0, 0) = 0 [pid 3424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3424] write(3, "1000", 4) = 4 [pid 3424] close(3) = 0 [pid 3424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3424] memfd_create("syzkaller", 0) = 3 [pid 3424] ftruncate(3, 2097152) = 0 [pid 3424] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3424] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3424] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3424] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3424] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3424] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144) = 8 [pid 3424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3424] mkdir("./file0", 0777) = 0 [pid 3424] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 3424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3424] ioctl(4, LOOP_CLR_FD) = 0 [pid 3424] close(4) = 0 [pid 3424] close(3) = 0 [pid 3424] mount(NULL, "./file0", NULL, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_REC, NULL) = 0 [pid 3424] exit_group(0) = ? [pid 3424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3424, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./781", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./781", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555564b6620 /* 4 entries */, 32768) = 112 umount2("./781/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./781/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./781/binderfs") = 0 [ 92.567194][ T3424] EXT4-fs (loop0): re-mounted. Opts: (null) umount2("./781/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./781/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./781/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./781/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./781/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555564be660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564be660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./781/file0") = 0 getdents64(3, 0x5555564b6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./781") = 0 mkdir("./782", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3428 attached [pid 3428] chdir("./782") = 0 [pid 3428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3428] setpgid(0, 0) = 0 [pid 3428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3428] write(3, "1000", 4) = 4 [pid 3428] close(3) = 0 [pid 3428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3428] memfd_create("syzkaller", 0) = 3 [pid 3428] ftruncate(3, 2097152) = 0 [pid 3428] pwrite64(3, "\x20\x00\x00\x00\x00\x02\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd5\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x18\x00\x00\x00\xc2\x85\x00\x00"..., 102, 1024) = 102 [pid 3428] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x30\x5c\x8a\x83\x5f\x4f\x4d\xa4\x40\xba\xa5\x9e\x28\x84\xcb\x01\x00\x40", 31, 1248) = 31 [pid 3428] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x20\x00\x01\x00\x00\x00\x00\x00\x05\x00\x40", 41, 1344) = 41 [pid 3428] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04", 9, 4096) = 9 [pid 3428] pwrite64(3, "\xed\x41\x00\x00\x00\x10\x00\x00\xd5\xf4\x65\x5f\xd6\xf4\x65\x5f\xd6\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80", 29, 16640) = 29 [pid 3428] pwrite64(3, "\x50\x4d\x4d\x00\x50\x4d\x4d\xff", 8, 262144 [pid 303] <... clone resumed>, child_tidptr=0x5555564b55d0) = 3428 [pid 3428] <... pwrite64 resumed>) = 8 [pid 3428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3428] mkdir("./file0", 0777) = 0 [pid 3428] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continu