./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor738992609 <...> Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts. execve("./syz-executor738992609", ["./syz-executor738992609"], 0x7ffc6b7cddc0 /* 10 vars */) = 0 brk(NULL) = 0x5555563ff000 brk(0x5555563ffd00) = 0x5555563ffd00 arch_prctl(ARCH_SET_FS, 0x5555563ff380) = 0 set_tid_address(0x5555563ff650) = 5064 set_robust_list(0x5555563ff660, 24) = 0 rseq(0x5555563ffca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor738992609", 4096) = 27 getrandom("\xc3\x90\xe7\xd0\x81\x12\x0f\x07", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555563ffd00 brk(0x555556420d00) = 0x555556420d00 brk(0x555556421000) = 0x555556421000 mprotect(0x7f861e423000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.WTNyLl", 0700) = 0 chmod("./syzkaller.WTNyLl", 0777) = 0 chdir("./syzkaller.WTNyLl") = 0 mkdir("./0", 0777) = 0 [ 75.856527][ T27] audit: type=1400 audit(1702691468.246:83): avc: denied { execmem } for pid=5064 comm="syz-executor738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x5555563ff660, 24) = 0 [pid 5065] chdir("./0") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5065] memfd_create("syzkaller", 0) = 4 [ 75.905196][ T27] audit: type=1400 audit(1702691468.296:84): avc: denied { read write } for pid=5064 comm="syz-executor738" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.929675][ T27] audit: type=1400 audit(1702691468.296:85): avc: denied { open } for pid=5064 comm="syz-executor738" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5065] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5065] munmap(0x7f8615f70000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 75.954258][ T27] audit: type=1400 audit(1702691468.296:86): avc: denied { ioctl } for pid=5064 comm="syz-executor738" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.980087][ T27] audit: type=1400 audit(1702691468.326:87): avc: denied { read write } for pid=5065 comm="syz-executor738" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 5065] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5065] close(4) = 0 [pid 5065] mkdir("./file1", 0777) = 0 [ 75.997010][ T5065] loop0: detected capacity change from 0 to 512 [ 76.003791][ T27] audit: type=1400 audit(1702691468.326:88): avc: denied { open } for pid=5065 comm="syz-executor738" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 76.039501][ T27] audit: type=1400 audit(1702691468.426:89): avc: denied { mounton } for pid=5065 comm="syz-executor738" path="/root/syzkaller.WTNyLl/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 76.066650][ T5065] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 76.085164][ T5065] EXT4-fs (loop0): 1 truncate cleaned up [ 76.090832][ T5065] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5065] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5065] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5065] chdir("./file1") = 0 [pid 5065] ioctl(5, LOOP_CLR_FD) = 0 [pid 5065] close(5) = 0 [ 76.105032][ T27] audit: type=1400 audit(1702691468.496:90): avc: denied { mount } for pid=5065 comm="syz-executor738" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5065] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5065] creat("./file1", 000) = 5 [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 76.164960][ T27] audit: type=1400 audit(1702691468.556:91): avc: denied { setattr } for pid=5065 comm="syz-executor738" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 76.187746][ T27] audit: type=1400 audit(1702691468.556:92): avc: denied { write } for pid=5065 comm="syz-executor738" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 76.350247][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x5555563ff650) = 5069 [pid 5069] set_robust_list(0x5555563ff660, 24) = 0 [pid 5069] chdir("./1") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5069] memfd_create("syzkaller", 0) = 4 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5069] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5069] munmap(0x7f8615f70000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5069] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5069] close(4) = 0 [pid 5069] mkdir("./file1", 0777) = 0 [pid 5069] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5069] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5069] chdir("./file1") = 0 [pid 5069] ioctl(5, LOOP_CLR_FD) = 0 [pid 5069] close(5) = 0 [pid 5069] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5069] creat("./file1", 000) = 5 [ 76.574085][ T5069] loop0: detected capacity change from 0 to 512 [ 76.589970][ T5069] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 76.605603][ T5069] EXT4-fs (loop0): 1 truncate cleaned up [ 76.611256][ T5069] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 76.675253][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x5555563ff650) = 5071 [pid 5071] set_robust_list(0x5555563ff660, 24) = 0 [pid 5071] chdir("./2") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5071] memfd_create("syzkaller", 0) = 4 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5071] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5071] munmap(0x7f8615f70000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5071] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5071] close(4) = 0 [pid 5071] mkdir("./file1", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5071] chdir("./file1") = 0 [pid 5071] ioctl(5, LOOP_CLR_FD) = 0 [pid 5071] close(5) = 0 [ 76.923897][ T5071] loop0: detected capacity change from 0 to 512 [ 76.934908][ T5071] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 76.950395][ T5071] EXT4-fs (loop0): 1 truncate cleaned up [ 76.957014][ T5071] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5071] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5071] creat("./file1", 000) = 5 [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 77.051958][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x5555563ff660, 24) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5074 [pid 5074] chdir("./3") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5074] memfd_create("syzkaller", 0) = 4 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5074] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5074] munmap(0x7f8615f70000, 138412032) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5074] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5074] close(4) = 0 [pid 5074] mkdir("./file1", 0777) = 0 [ 77.266682][ T5074] loop0: detected capacity change from 0 to 512 [ 77.290824][ T5074] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 77.306552][ T5074] EXT4-fs (loop0): 1 truncate cleaned up [pid 5074] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5074] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5074] chdir("./file1") = 0 [pid 5074] ioctl(5, LOOP_CLR_FD) = 0 [pid 5074] close(5) = 0 [pid 5074] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5074] creat("./file1", 000) = 5 [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 77.312206][ T5074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 77.426619][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x5555563ff650) = 5076 [pid 5076] set_robust_list(0x5555563ff660, 24) = 0 [pid 5076] chdir("./4") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5076] memfd_create("syzkaller", 0) = 4 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5076] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5076] munmap(0x7f8615f70000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5076] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5076] close(4) = 0 [pid 5076] mkdir("./file1", 0777) = 0 [ 77.677254][ T5076] loop0: detected capacity change from 0 to 512 [ 77.703855][ T5076] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 77.719334][ T5076] EXT4-fs (loop0): 1 truncate cleaned up [pid 5076] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5076] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5076] chdir("./file1") = 0 [pid 5076] ioctl(5, LOOP_CLR_FD) = 0 [pid 5076] close(5) = 0 [pid 5076] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5076] creat("./file1", 000) = 5 [pid 5076] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 77.725123][ T5076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 [ 77.906460][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached , child_tidptr=0x5555563ff650) = 5078 [pid 5078] set_robust_list(0x5555563ff660, 24) = 0 [pid 5078] chdir("./5") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5078] memfd_create("syzkaller", 0) = 4 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5078] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5078] munmap(0x7f8615f70000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5078] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5078] close(4) = 0 [pid 5078] mkdir("./file1", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5078] chdir("./file1") = 0 [ 78.081646][ T5078] loop0: detected capacity change from 0 to 512 [ 78.091855][ T5078] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.106749][ T5078] EXT4-fs (loop0): 1 truncate cleaned up [ 78.112395][ T5078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5078] ioctl(5, LOOP_CLR_FD) = 0 [pid 5078] close(5) = 0 [pid 5078] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5078] creat("./file1", 000) = 5 [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 [ 78.237396][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached , child_tidptr=0x5555563ff650) = 5080 [pid 5080] set_robust_list(0x5555563ff660, 24) = 0 [pid 5080] chdir("./6") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5080] memfd_create("syzkaller", 0) = 4 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5080] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5080] munmap(0x7f8615f70000, 138412032) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5080] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5080] close(4) = 0 [pid 5080] mkdir("./file1", 0777) = 0 [ 78.417142][ T5080] loop0: detected capacity change from 0 to 512 [ 78.441022][ T5080] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.457374][ T5080] EXT4-fs (loop0): 1 truncate cleaned up [pid 5080] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5080] chdir("./file1") = 0 [pid 5080] ioctl(5, LOOP_CLR_FD) = 0 [pid 5080] close(5) = 0 [pid 5080] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5080] creat("./file1", 000) = 5 [pid 5080] exit_group(0) = ? [ 78.463077][ T5080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 78.618622][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x5555563ff650) = 5082 [pid 5082] set_robust_list(0x5555563ff660, 24) = 0 [pid 5082] chdir("./7") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5082] memfd_create("syzkaller", 0) = 4 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5082] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5082] munmap(0x7f8615f70000, 138412032) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5082] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5082] close(4) = 0 [pid 5082] mkdir("./file1", 0777) = 0 [pid 5082] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5082] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5082] chdir("./file1") = 0 [pid 5082] ioctl(5, LOOP_CLR_FD) = 0 [pid 5082] close(5) = 0 [ 78.829015][ T5082] loop0: detected capacity change from 0 to 512 [ 78.843004][ T5082] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.858152][ T5082] EXT4-fs (loop0): 1 truncate cleaned up [ 78.863987][ T5082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5082] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5082] creat("./file1", 000) = 5 [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 79.037020][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached , child_tidptr=0x5555563ff650) = 5084 [pid 5084] set_robust_list(0x5555563ff660, 24) = 0 [pid 5084] chdir("./8") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5084] memfd_create("syzkaller", 0) = 4 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5084] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5084] munmap(0x7f8615f70000, 138412032) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5084] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5084] close(4) = 0 [pid 5084] mkdir("./file1", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5084] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5084] chdir("./file1") = 0 [pid 5084] ioctl(5, LOOP_CLR_FD) = 0 [pid 5084] close(5) = 0 [pid 5084] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5084] creat("./file1", 000) = 5 [ 79.353290][ T5084] loop0: detected capacity change from 0 to 512 [ 79.363575][ T5084] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.378861][ T5084] EXT4-fs (loop0): 1 truncate cleaned up [ 79.384571][ T5084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5084] exit_group(0) = ? [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 79.487892][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x5555563ff650) = 5086 [pid 5086] set_robust_list(0x5555563ff660, 24) = 0 [pid 5086] chdir("./9") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5086] memfd_create("syzkaller", 0) = 4 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5086] munmap(0x7f8615f70000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5086] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5086] close(4) = 0 [pid 5086] mkdir("./file1", 0777) = 0 [ 79.745449][ T5086] loop0: detected capacity change from 0 to 512 [ 79.763278][ T5086] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.778607][ T5086] EXT4-fs (loop0): 1 truncate cleaned up [pid 5086] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5086] chdir("./file1") = 0 [pid 5086] ioctl(5, LOOP_CLR_FD) = 0 [pid 5086] close(5) = 0 [pid 5086] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5086] creat("./file1", 000) = 5 [pid 5086] exit_group(0) = ? [ 79.784316][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 79.887908][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x5555563ff650) = 5088 [pid 5088] set_robust_list(0x5555563ff660, 24) = 0 [pid 5088] chdir("./10") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5088] memfd_create("syzkaller", 0) = 4 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5088] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5088] munmap(0x7f8615f70000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5088] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5088] close(4) = 0 [pid 5088] mkdir("./file1", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5088] chdir("./file1") = 0 [ 80.086718][ T5088] loop0: detected capacity change from 0 to 512 [ 80.101181][ T5088] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.116807][ T5088] EXT4-fs (loop0): 1 truncate cleaned up [ 80.122468][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5088] ioctl(5, LOOP_CLR_FD) = 0 [pid 5088] close(5) = 0 [pid 5088] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5088] creat("./file1", 000) = 5 [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 [ 80.307951][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x5555563ff650) = 5090 [pid 5090] set_robust_list(0x5555563ff660, 24) = 0 [pid 5090] chdir("./11") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5090] memfd_create("syzkaller", 0) = 4 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5090] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5090] munmap(0x7f8615f70000, 138412032) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5090] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5090] close(4) = 0 [pid 5090] mkdir("./file1", 0777) = 0 [ 80.545731][ T5090] loop0: detected capacity change from 0 to 512 [ 80.573278][ T5090] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.588845][ T5090] EXT4-fs (loop0): 1 truncate cleaned up [pid 5090] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5090] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5090] chdir("./file1") = 0 [pid 5090] ioctl(5, LOOP_CLR_FD) = 0 [pid 5090] close(5) = 0 [pid 5090] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5090] creat("./file1", 000) = 5 [pid 5090] exit_group(0) = ? [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 80.594573][ T5090] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 [ 80.637560][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x5555563ff650) = 5092 [pid 5092] set_robust_list(0x5555563ff660, 24) = 0 [pid 5092] chdir("./12") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5092] memfd_create("syzkaller", 0) = 4 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5092] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5092] munmap(0x7f8615f70000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5092] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("./file1", 0777) = 0 [ 80.823917][ T5092] loop0: detected capacity change from 0 to 512 [ 80.840748][ T5092] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.856458][ T5092] EXT4-fs (loop0): 1 truncate cleaned up [pid 5092] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5092] chdir("./file1") = 0 [pid 5092] ioctl(5, LOOP_CLR_FD) = 0 [pid 5092] close(5) = 0 [pid 5092] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5092] creat("./file1", 000) = 5 [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 80.862108][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 80.912128][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x5555563ff650) = 5094 [pid 5094] set_robust_list(0x5555563ff660, 24) = 0 [pid 5094] chdir("./13") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5094] memfd_create("syzkaller", 0) = 4 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5094] munmap(0x7f8615f70000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5094] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file1", 0777) = 0 [ 81.182608][ T5094] loop0: detected capacity change from 0 to 512 [ 81.208249][ T5094] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 81.224992][ T5094] EXT4-fs (loop0): 1 truncate cleaned up [pid 5094] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5094] chdir("./file1") = 0 [pid 5094] ioctl(5, LOOP_CLR_FD) = 0 [pid 5094] close(5) = 0 [pid 5094] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 81.230666][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5094] creat("./file1", 000) = 5 [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 81.338069][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x5555563ff650) = 5096 [pid 5096] set_robust_list(0x5555563ff660, 24) = 0 [pid 5096] chdir("./14") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5096] memfd_create("syzkaller", 0) = 4 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5096] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5096] munmap(0x7f8615f70000, 138412032) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5096] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5096] close(4) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [ 81.576422][ T5096] loop0: detected capacity change from 0 to 512 [ 81.596888][ T5096] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 81.612310][ T5096] EXT4-fs (loop0): 1 truncate cleaned up [pid 5096] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5096] chdir("./file1") = 0 [pid 5096] ioctl(5, LOOP_CLR_FD) = 0 [pid 5096] close(5) = 0 [ 81.618053][ T5096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5096] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5096] creat("./file1", 000) = 5 [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 [ 81.700894][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x5555563ff650) = 5098 [pid 5098] set_robust_list(0x5555563ff660, 24) = 0 [pid 5098] chdir("./15") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5098] memfd_create("syzkaller", 0) = 4 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5098] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5098] munmap(0x7f8615f70000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5098] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./file1", 0777) = 0 [ 81.871176][ T5098] loop0: detected capacity change from 0 to 512 [ 81.897465][ T5098] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 81.915606][ T5098] EXT4-fs (loop0): 1 truncate cleaned up [pid 5098] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5098] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5098] chdir("./file1") = 0 [pid 5098] ioctl(5, LOOP_CLR_FD) = 0 [pid 5098] close(5) = 0 [ 81.921684][ T5098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5098] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5098] creat("./file1", 000) = 5 [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 [ 82.039809][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x5555563ff660, 24) = 0 [pid 5100] chdir("./16") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5100] memfd_create("syzkaller", 0) = 4 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5100] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5100] munmap(0x7f8615f70000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5100] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5100] close(4) = 0 [pid 5100] mkdir("./file1", 0777) = 0 [ 82.159763][ T5100] loop0: detected capacity change from 0 to 512 [ 82.173777][ T5100] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 82.191834][ T5100] EXT4-fs (loop0): 1 truncate cleaned up [pid 5100] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5100] chdir("./file1") = 0 [pid 5100] ioctl(5, LOOP_CLR_FD) = 0 [pid 5100] close(5) = 0 [pid 5100] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5100] creat("./file1", 000) = 5 [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 [ 82.198225][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 [ 82.263281][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached , child_tidptr=0x5555563ff650) = 5102 [pid 5102] set_robust_list(0x5555563ff660, 24) = 0 [pid 5102] chdir("./17") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5102] memfd_create("syzkaller", 0) = 4 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5102] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5102] munmap(0x7f8615f70000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5102] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5102] close(4) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [ 82.375615][ T5102] loop0: detected capacity change from 0 to 512 [ 82.406245][ T5102] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5102] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5102] chdir("./file1") = 0 [pid 5102] ioctl(5, LOOP_CLR_FD) = 0 [pid 5102] close(5) = 0 [pid 5102] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5102] creat("./file1", 000) = 5 [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 82.421754][ T5102] EXT4-fs (loop0): 1 truncate cleaned up [ 82.427501][ T5102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 82.510136][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x5555563ff650) = 5104 [pid 5104] set_robust_list(0x5555563ff660, 24) = 0 [pid 5104] chdir("./18") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5104] memfd_create("syzkaller", 0) = 4 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5104] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5104] munmap(0x7f8615f70000, 138412032) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5104] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5104] close(4) = 0 [pid 5104] mkdir("./file1", 0777) = 0 [ 82.667059][ T5104] loop0: detected capacity change from 0 to 512 [ 82.686792][ T5104] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 82.701899][ T5104] EXT4-fs (loop0): 1 truncate cleaned up [pid 5104] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5104] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5104] chdir("./file1") = 0 [pid 5104] ioctl(5, LOOP_CLR_FD) = 0 [pid 5104] close(5) = 0 [pid 5104] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5104] creat("./file1", 000) = 5 [ 82.707644][ T5104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 [ 82.820100][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5106 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5106] chdir("./19") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5106] memfd_create("syzkaller", 0) = 4 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5106] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5106] munmap(0x7f8615f70000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5106] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5106] close(4) = 0 [pid 5106] mkdir("./file1", 0777) = 0 [ 83.016665][ T5106] loop0: detected capacity change from 0 to 512 [ 83.039583][ T5106] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 83.055130][ T5106] EXT4-fs (loop0): 1 truncate cleaned up [pid 5106] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5106] chdir("./file1") = 0 [pid 5106] ioctl(5, LOOP_CLR_FD) = 0 [pid 5106] close(5) = 0 [pid 5106] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5106] creat("./file1", 000) = 5 [pid 5106] exit_group(0) = ? [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.060781][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 [ 83.203456][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached , child_tidptr=0x5555563ff650) = 5108 [pid 5108] set_robust_list(0x5555563ff660, 24) = 0 [pid 5108] chdir("./20") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5108] memfd_create("syzkaller", 0) = 4 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5108] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5108] munmap(0x7f8615f70000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5108] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5108] close(4) = 0 [pid 5108] mkdir("./file1", 0777) = 0 [ 83.413353][ T5108] loop0: detected capacity change from 0 to 512 [ 83.440299][ T5108] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 83.456150][ T5108] EXT4-fs (loop0): 1 truncate cleaned up [pid 5108] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5108] chdir("./file1") = 0 [pid 5108] ioctl(5, LOOP_CLR_FD) = 0 [pid 5108] close(5) = 0 [pid 5108] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5108] creat("./file1", 000) = 5 [pid 5108] exit_group(0) = ? [ 83.461811][ T5108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.565113][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x5555563ff650) = 5110 [pid 5110] set_robust_list(0x5555563ff660, 24) = 0 [pid 5110] chdir("./21") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5110] memfd_create("syzkaller", 0) = 4 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5110] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5110] munmap(0x7f8615f70000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5110] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5110] close(4) = 0 [pid 5110] mkdir("./file1", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5110] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5110] chdir("./file1") = 0 [pid 5110] ioctl(5, LOOP_CLR_FD) = 0 [pid 5110] close(5) = 0 [ 83.837153][ T5110] loop0: detected capacity change from 0 to 512 [ 83.852079][ T5110] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 83.868074][ T5110] EXT4-fs (loop0): 1 truncate cleaned up [ 83.873776][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5110] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5110] creat("./file1", 000) = 5 [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 [ 84.048664][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5112 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5112] chdir("./22") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5112] memfd_create("syzkaller", 0) = 4 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5112] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5112] munmap(0x7f8615f70000, 138412032) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5112] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5112] close(4) = 0 [pid 5112] mkdir("./file1", 0777) = 0 [ 84.311515][ T5112] loop0: detected capacity change from 0 to 512 [ 84.341072][ T5112] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 5112] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5112] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5112] chdir("./file1") = 0 [pid 5112] ioctl(5, LOOP_CLR_FD) = 0 [pid 5112] close(5) = 0 [pid 5112] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 84.356652][ T5112] EXT4-fs (loop0): 1 truncate cleaned up [ 84.362305][ T5112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5112] creat("./file1", 000) = 5 [pid 5112] exit_group(0) = ? [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 84.556737][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x5555563ff650) = 5114 [pid 5114] set_robust_list(0x5555563ff660, 24) = 0 [pid 5114] chdir("./23") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5114] memfd_create("syzkaller", 0) = 4 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5114] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5114] munmap(0x7f8615f70000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5114] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5114] close(4) = 0 [pid 5114] mkdir("./file1", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5114] chdir("./file1") = 0 [pid 5114] ioctl(5, LOOP_CLR_FD) = 0 [pid 5114] close(5) = 0 [pid 5114] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 84.754816][ T5114] loop0: detected capacity change from 0 to 512 [ 84.769933][ T5114] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 84.786052][ T5114] EXT4-fs (loop0): 1 truncate cleaned up [ 84.791709][ T5114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5114] creat("./file1", 000) = 5 [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 [ 84.908929][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached , child_tidptr=0x5555563ff650) = 5116 [pid 5116] set_robust_list(0x5555563ff660, 24) = 0 [pid 5116] chdir("./24") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5116] memfd_create("syzkaller", 0) = 4 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5116] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5116] munmap(0x7f8615f70000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5116] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5116] close(4) = 0 [pid 5116] mkdir("./file1", 0777) = 0 [pid 5116] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5116] chdir("./file1") = 0 [pid 5116] ioctl(5, LOOP_CLR_FD) = 0 [pid 5116] close(5) = 0 [pid 5116] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5116] creat("./file1", 000) = 5 [ 85.076244][ T5116] loop0: detected capacity change from 0 to 512 [ 85.091490][ T5116] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 85.107676][ T5116] EXT4-fs (loop0): 1 truncate cleaned up [ 85.113465][ T5116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5116] exit_group(0) = ? [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.211760][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached , child_tidptr=0x5555563ff650) = 5118 [pid 5118] set_robust_list(0x5555563ff660, 24) = 0 [pid 5118] chdir("./25") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5118] memfd_create("syzkaller", 0) = 4 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5118] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5118] munmap(0x7f8615f70000, 138412032) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5118] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5118] close(4) = 0 [pid 5118] mkdir("./file1", 0777) = 0 [pid 5118] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5118] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5118] chdir("./file1") = 0 [pid 5118] ioctl(5, LOOP_CLR_FD) = 0 [pid 5118] close(5) = 0 [pid 5118] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5118] creat("./file1", 000) = 5 [pid 5118] exit_group(0) = ? [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 85.517820][ T5118] loop0: detected capacity change from 0 to 512 [ 85.528038][ T5118] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 85.544129][ T5118] EXT4-fs (loop0): 1 truncate cleaned up [ 85.549798][ T5118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 85.692576][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached , child_tidptr=0x5555563ff650) = 5121 [pid 5121] set_robust_list(0x5555563ff660, 24) = 0 [pid 5121] chdir("./26") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5121] memfd_create("syzkaller", 0) = 4 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5121] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5121] munmap(0x7f8615f70000, 138412032) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5121] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5121] close(4) = 0 [pid 5121] mkdir("./file1", 0777) = 0 [pid 5121] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5121] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5121] chdir("./file1") = 0 [ 85.985384][ T5121] loop0: detected capacity change from 0 to 512 [ 86.000665][ T5121] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.015845][ T5121] EXT4-fs (loop0): 1 truncate cleaned up [ 86.021496][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5121] ioctl(5, LOOP_CLR_FD) = 0 [pid 5121] close(5) = 0 [pid 5121] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5121] creat("./file1", 000) = 5 [pid 5121] exit_group(0) = ? [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 86.147808][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached , child_tidptr=0x5555563ff650) = 5123 [pid 5123] set_robust_list(0x5555563ff660, 24) = 0 [pid 5123] chdir("./27") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5123] memfd_create("syzkaller", 0) = 4 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5123] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5123] munmap(0x7f8615f70000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5123] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5123] close(4) = 0 [pid 5123] mkdir("./file1", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5123] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5123] chdir("./file1") = 0 [pid 5123] ioctl(5, LOOP_CLR_FD) = 0 [pid 5123] close(5) = 0 [ 86.368998][ T5123] loop0: detected capacity change from 0 to 512 [ 86.385067][ T5123] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.400124][ T5123] EXT4-fs (loop0): 1 truncate cleaned up [ 86.405832][ T5123] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5123] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5123] creat("./file1", 000) = 5 [pid 5123] exit_group(0) = ? [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 [ 86.537939][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x5555563ff650) = 5125 [pid 5125] set_robust_list(0x5555563ff660, 24) = 0 [pid 5125] chdir("./28") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5125] memfd_create("syzkaller", 0) = 4 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5125] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5125] munmap(0x7f8615f70000, 138412032) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5125] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5125] close(4) = 0 [pid 5125] mkdir("./file1", 0777) = 0 [pid 5125] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5125] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5125] chdir("./file1") = 0 [pid 5125] ioctl(5, LOOP_CLR_FD) = 0 [pid 5125] close(5) = 0 [ 86.754243][ T5125] loop0: detected capacity change from 0 to 512 [ 86.769478][ T5125] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.785220][ T5125] EXT4-fs (loop0): 1 truncate cleaned up [ 86.790886][ T5125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5125] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5125] creat("./file1", 000) = 5 [pid 5125] exit_group(0) = ? [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 86.887313][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached [pid 5127] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5127 [pid 5127] <... set_robust_list resumed>) = 0 [pid 5127] chdir("./29") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5127] memfd_create("syzkaller", 0) = 4 [ 87.015766][ T921] cfg80211: failed to load regulatory.db [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5127] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5127] munmap(0x7f8615f70000, 138412032) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5127] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5127] close(4) = 0 [pid 5127] mkdir("./file1", 0777) = 0 [ 87.090843][ T5127] loop0: detected capacity change from 0 to 512 [ 87.110876][ T5127] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.127108][ T5127] EXT4-fs (loop0): 1 truncate cleaned up [pid 5127] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5127] chdir("./file1") = 0 [pid 5127] ioctl(5, LOOP_CLR_FD) = 0 [pid 5127] close(5) = 0 [pid 5127] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5127] creat("./file1", 000) = 5 [ 87.132946][ T5127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5127] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 [ 87.201287][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x5555563ff650) = 5129 [pid 5129] set_robust_list(0x5555563ff660, 24) = 0 [pid 5129] chdir("./30") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5129] memfd_create("syzkaller", 0) = 4 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5129] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5129] munmap(0x7f8615f70000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5129] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5129] close(4) = 0 [pid 5129] mkdir("./file1", 0777) = 0 [ 87.370222][ T5129] loop0: detected capacity change from 0 to 512 [ 87.386952][ T5129] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.401978][ T5129] EXT4-fs (loop0): 1 truncate cleaned up [pid 5129] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5129] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5129] chdir("./file1") = 0 [pid 5129] ioctl(5, LOOP_CLR_FD) = 0 [pid 5129] close(5) = 0 [pid 5129] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 87.408465][ T5129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5129] creat("./file1", 000) = 5 [pid 5129] exit_group(0) = ? [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 [ 87.521761][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5131 [pid 5131] <... set_robust_list resumed>) = 0 [pid 5131] chdir("./31") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5131] memfd_create("syzkaller", 0) = 4 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5131] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5131] munmap(0x7f8615f70000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5131] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5131] close(4) = 0 [pid 5131] mkdir("./file1", 0777) = 0 [ 87.738027][ T5131] loop0: detected capacity change from 0 to 512 [ 87.756340][ T5131] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.771827][ T5131] EXT4-fs (loop0): 1 truncate cleaned up [pid 5131] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [ 87.777580][ T5131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [pid 5131] chdir("./file1") = 0 [pid 5131] ioctl(5, LOOP_CLR_FD) = 0 [pid 5131] close(5) = 0 [pid 5131] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5131] creat("./file1", 000) = 5 [pid 5131] exit_group(0) = ? [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 87.964776][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x5555563ff650) = 5133 [pid 5133] set_robust_list(0x5555563ff660, 24) = 0 [pid 5133] chdir("./32") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5133] memfd_create("syzkaller", 0) = 4 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5133] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5133] munmap(0x7f8615f70000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5133] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5133] close(4) = 0 [pid 5133] mkdir("./file1", 0777) = 0 [pid 5133] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5133] chdir("./file1") = 0 [pid 5133] ioctl(5, LOOP_CLR_FD) = 0 [pid 5133] close(5) = 0 [pid 5133] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5133] creat("./file1", 000) = 5 [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 88.147669][ T5133] loop0: detected capacity change from 0 to 512 [ 88.158838][ T5133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.175046][ T5133] EXT4-fs (loop0): 1 truncate cleaned up umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x5555563ff650) = 5135 [pid 5135] set_robust_list(0x5555563ff660, 24) = 0 [pid 5135] chdir("./33") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5135] memfd_create("syzkaller", 0) = 4 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5135] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5135] munmap(0x7f8615f70000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5135] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5135] close(4) = 0 [pid 5135] mkdir("./file1", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5135] chdir("./file1") = 0 [pid 5135] ioctl(5, LOOP_CLR_FD) = 0 [pid 5135] close(5) = 0 [pid 5135] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 88.370547][ T5135] loop0: detected capacity change from 0 to 512 [ 88.395373][ T5135] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.410838][ T5135] EXT4-fs (loop0): 1 truncate cleaned up [pid 5135] creat("./file1", 000) = 5 [pid 5135] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5137 [pid 5137] <... set_robust_list resumed>) = 0 [pid 5137] chdir("./34") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5137] memfd_create("syzkaller", 0) = 4 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5137] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5137] munmap(0x7f8615f70000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5137] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5137] close(4) = 0 [pid 5137] mkdir("./file1", 0777) = 0 [pid 5137] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5137] chdir("./file1") = 0 [pid 5137] ioctl(5, LOOP_CLR_FD) = 0 [pid 5137] close(5) = 0 [pid 5137] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 88.684367][ T5137] loop0: detected capacity change from 0 to 512 [ 88.709324][ T5137] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.725612][ T5137] EXT4-fs (loop0): 1 truncate cleaned up [pid 5137] creat("./file1", 000) = 5 [pid 5137] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5139 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5139] chdir("./35") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5139] memfd_create("syzkaller", 0) = 4 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5139] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5139] munmap(0x7f8615f70000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5139] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5139] close(4) = 0 [pid 5139] mkdir("./file1", 0777) = 0 [pid 5139] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5139] chdir("./file1") = 0 [pid 5139] ioctl(5, LOOP_CLR_FD) = 0 [pid 5139] close(5) = 0 [pid 5139] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5139] creat("./file1", 000) = 5 [ 88.955167][ T5139] loop0: detected capacity change from 0 to 512 [ 88.970571][ T5139] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.986942][ T5139] EXT4-fs (loop0): 1 truncate cleaned up [pid 5139] exit_group(0) = ? [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5141 attached , child_tidptr=0x5555563ff650) = 5141 [pid 5141] set_robust_list(0x5555563ff660, 24) = 0 [pid 5141] chdir("./36") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5141] memfd_create("syzkaller", 0) = 4 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5141] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5141] munmap(0x7f8615f70000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5141] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5141] close(4) = 0 [pid 5141] mkdir("./file1", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5141] chdir("./file1") = 0 [pid 5141] ioctl(5, LOOP_CLR_FD) = 0 [pid 5141] close(5) = 0 [pid 5141] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5141] creat("./file1", 000) = 5 [pid 5141] exit_group(0) = ? [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 [ 89.301388][ T5141] loop0: detected capacity change from 0 to 512 [ 89.311629][ T5141] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 89.327178][ T5141] EXT4-fs (loop0): 1 truncate cleaned up umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5143 [pid 5143] <... set_robust_list resumed>) = 0 [pid 5143] chdir("./37") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5143] memfd_create("syzkaller", 0) = 4 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5143] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5143] munmap(0x7f8615f70000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5143] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5143] close(4) = 0 [pid 5143] mkdir("./file1", 0777) = 0 [pid 5143] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5143] chdir("./file1") = 0 [pid 5143] ioctl(5, LOOP_CLR_FD) = 0 [pid 5143] close(5) = 0 [pid 5143] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5143] creat("./file1", 000) = 5 [ 89.574641][ T5143] loop0: detected capacity change from 0 to 512 [ 89.600019][ T5143] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 89.616282][ T5143] EXT4-fs (loop0): 1 truncate cleaned up [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached , child_tidptr=0x5555563ff650) = 5145 [pid 5145] set_robust_list(0x5555563ff660, 24) = 0 [pid 5145] chdir("./38") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5145] memfd_create("syzkaller", 0) = 4 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5145] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5145] munmap(0x7f8615f70000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5145] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5145] close(4) = 0 [pid 5145] mkdir("./file1", 0777) = 0 [pid 5145] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5145] chdir("./file1") = 0 [pid 5145] ioctl(5, LOOP_CLR_FD) = 0 [pid 5145] close(5) = 0 [pid 5145] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5145] creat("./file1", 000) = 5 [pid 5145] exit_group(0) = ? [ 89.973341][ T5145] loop0: detected capacity change from 0 to 512 [ 89.989580][ T5145] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 90.005638][ T5145] EXT4-fs (loop0): 1 truncate cleaned up [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x5555563ff650) = 5147 [pid 5147] set_robust_list(0x5555563ff660, 24) = 0 [pid 5147] chdir("./39") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5147] memfd_create("syzkaller", 0) = 4 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5147] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5147] munmap(0x7f8615f70000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5147] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5147] close(4) = 0 [pid 5147] mkdir("./file1", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5147] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5147] chdir("./file1") = 0 [pid 5147] ioctl(5, LOOP_CLR_FD) = 0 [pid 5147] close(5) = 0 [pid 5147] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 90.310167][ T5147] loop0: detected capacity change from 0 to 512 [ 90.329089][ T5147] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 90.344871][ T5147] EXT4-fs (loop0): 1 truncate cleaned up [pid 5147] creat("./file1", 000) = 5 [pid 5147] exit_group(0) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x5555563ff650) = 5149 [pid 5149] set_robust_list(0x5555563ff660, 24) = 0 [pid 5149] chdir("./40") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5149] memfd_create("syzkaller", 0) = 4 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5149] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5149] munmap(0x7f8615f70000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5149] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5149] close(4) = 0 [pid 5149] mkdir("./file1", 0777) = 0 [pid 5149] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5149] chdir("./file1") = 0 [pid 5149] ioctl(5, LOOP_CLR_FD) = 0 [pid 5149] close(5) = 0 [pid 5149] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5149] creat("./file1", 000) = 5 [pid 5149] exit_group(0) = ? [ 90.682935][ T5149] loop0: detected capacity change from 0 to 512 [ 90.698372][ T5149] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 90.714670][ T5149] EXT4-fs (loop0): 1 truncate cleaned up [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached , child_tidptr=0x5555563ff650) = 5152 [pid 5152] set_robust_list(0x5555563ff660, 24) = 0 [pid 5152] chdir("./41") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5152] memfd_create("syzkaller", 0) = 4 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5152] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5152] munmap(0x7f8615f70000, 138412032) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5152] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5152] close(4) = 0 [pid 5152] mkdir("./file1", 0777) = 0 [pid 5152] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5152] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5152] chdir("./file1") = 0 [pid 5152] ioctl(5, LOOP_CLR_FD) = 0 [pid 5152] close(5) = 0 [pid 5152] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5152] creat("./file1", 000) = 5 [pid 5152] exit_group(0) = ? [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 91.106878][ T5152] loop0: detected capacity change from 0 to 512 [ 91.117184][ T5152] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 91.133378][ T5152] EXT4-fs (loop0): 1 truncate cleaned up umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x5555563ff650) = 5155 [pid 5155] set_robust_list(0x5555563ff660, 24) = 0 [pid 5155] chdir("./42") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5155] memfd_create("syzkaller", 0) = 4 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5155] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5155] munmap(0x7f8615f70000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5155] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5155] close(4) = 0 [pid 5155] mkdir("./file1", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5155] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5155] chdir("./file1") = 0 [pid 5155] ioctl(5, LOOP_CLR_FD) = 0 [pid 5155] close(5) = 0 [pid 5155] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5155] creat("./file1", 000) = 5 [pid 5155] exit_group(0) = ? [ 91.441918][ T5155] loop0: detected capacity change from 0 to 512 [ 91.462398][ T5155] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 91.478151][ T5155] EXT4-fs (loop0): 1 truncate cleaned up [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x5555563ff650) = 5157 [pid 5157] set_robust_list(0x5555563ff660, 24) = 0 [pid 5157] chdir("./43") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5157] memfd_create("syzkaller", 0) = 4 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5157] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5157] munmap(0x7f8615f70000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5157] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5157] close(4) = 0 [pid 5157] mkdir("./file1", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5157] chdir("./file1") = 0 [pid 5157] ioctl(5, LOOP_CLR_FD) = 0 [pid 5157] close(5) = 0 [pid 5157] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5157] creat("./file1", 000) = 5 [ 91.717797][ T5157] loop0: detected capacity change from 0 to 512 [ 91.741801][ T5157] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 91.757038][ T5157] EXT4-fs (loop0): 1 truncate cleaned up [pid 5157] exit_group(0) = ? [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x5555563ff650) = 5159 [pid 5159] set_robust_list(0x5555563ff660, 24) = 0 [pid 5159] chdir("./44") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5159] memfd_create("syzkaller", 0) = 4 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5159] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5159] munmap(0x7f8615f70000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5159] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5159] close(4) = 0 [pid 5159] mkdir("./file1", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5159] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5159] chdir("./file1") = 0 [pid 5159] ioctl(5, LOOP_CLR_FD) = 0 [pid 5159] close(5) = 0 [pid 5159] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5159] creat("./file1", 000) = 5 [pid 5159] exit_group(0) = ? [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 92.048264][ T5159] loop0: detected capacity change from 0 to 512 [ 92.059480][ T5159] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.075557][ T5159] EXT4-fs (loop0): 1 truncate cleaned up umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x5555563ff650) = 5161 [pid 5161] set_robust_list(0x5555563ff660, 24) = 0 [pid 5161] chdir("./45") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5161] memfd_create("syzkaller", 0) = 4 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5161] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5161] munmap(0x7f8615f70000, 138412032) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5161] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5161] close(4) = 0 [pid 5161] mkdir("./file1", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5161] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5161] chdir("./file1") = 0 [pid 5161] ioctl(5, LOOP_CLR_FD) = 0 [pid 5161] close(5) = 0 [pid 5161] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5161] creat("./file1", 000) = 5 [pid 5161] exit_group(0) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 92.354855][ T5161] loop0: detected capacity change from 0 to 512 [ 92.369739][ T5161] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.385179][ T5161] EXT4-fs (loop0): 1 truncate cleaned up umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached , child_tidptr=0x5555563ff650) = 5163 [pid 5163] set_robust_list(0x5555563ff660, 24) = 0 [pid 5163] chdir("./46") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5163] memfd_create("syzkaller", 0) = 4 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5163] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5163] munmap(0x7f8615f70000, 138412032) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5163] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5163] close(4) = 0 [pid 5163] mkdir("./file1", 0777) = 0 [ 92.655146][ T5163] loop0: detected capacity change from 0 to 512 [pid 5163] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5163] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5163] chdir("./file1") = 0 [pid 5163] ioctl(5, LOOP_CLR_FD) = 0 [pid 5163] close(5) = 0 [pid 5163] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5163] creat("./file1", 000) = 5 [pid 5163] exit_group(0) = ? [pid 5163] +++ exited with 0 +++ [ 92.698305][ T5163] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.718241][ T5163] EXT4-fs (loop0): 1 truncate cleaned up --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached , child_tidptr=0x5555563ff650) = 5165 [pid 5165] set_robust_list(0x5555563ff660, 24) = 0 [pid 5165] chdir("./47") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5165] memfd_create("syzkaller", 0) = 4 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5165] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5165] munmap(0x7f8615f70000, 138412032) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5165] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5165] close(4) = 0 [pid 5165] mkdir("./file1", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5165] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5165] chdir("./file1") = 0 [pid 5165] ioctl(5, LOOP_CLR_FD) = 0 [pid 5165] close(5) = 0 [pid 5165] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5165] creat("./file1", 000) = 5 [pid 5165] exit_group(0) = ? [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 93.007839][ T5165] loop0: detected capacity change from 0 to 512 [ 93.021237][ T5165] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 93.037286][ T5165] EXT4-fs (loop0): 1 truncate cleaned up umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached , child_tidptr=0x5555563ff650) = 5167 [pid 5167] set_robust_list(0x5555563ff660, 24) = 0 [pid 5167] chdir("./48") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5167] memfd_create("syzkaller", 0) = 4 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5167] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5167] munmap(0x7f8615f70000, 138412032) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5167] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5167] close(4) = 0 [pid 5167] mkdir("./file1", 0777) = 0 [pid 5167] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5167] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5167] chdir("./file1") = 0 [pid 5167] ioctl(5, LOOP_CLR_FD) = 0 [pid 5167] close(5) = 0 [ 93.297727][ T5167] loop0: detected capacity change from 0 to 512 [ 93.312006][ T5167] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 93.327759][ T5167] EXT4-fs (loop0): 1 truncate cleaned up [pid 5167] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5167] creat("./file1", 000) = 5 [pid 5167] exit_group(0) = ? [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5169 [pid 5169] <... set_robust_list resumed>) = 0 [pid 5169] chdir("./49") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5169] memfd_create("syzkaller", 0) = 4 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5169] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5169] munmap(0x7f8615f70000, 138412032) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5169] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5169] close(4) = 0 [pid 5169] mkdir("./file1", 0777) = 0 [pid 5169] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5169] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5169] chdir("./file1") = 0 [pid 5169] ioctl(5, LOOP_CLR_FD) = 0 [pid 5169] close(5) = 0 [pid 5169] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5169] creat("./file1", 000) = 5 [ 93.571591][ T5169] loop0: detected capacity change from 0 to 512 [ 93.598673][ T5169] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 93.614583][ T5169] EXT4-fs (loop0): 1 truncate cleaned up [pid 5169] exit_group(0) = ? [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x5555563ff660, 24) = 0 [pid 5171] chdir("./50") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5171] memfd_create("syzkaller", 0) = 4 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5171] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5171] munmap(0x7f8615f70000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5171] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5171] close(4) = 0 [pid 5171] mkdir("./file1", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5171] chdir("./file1") = 0 [pid 5171] ioctl(5, LOOP_CLR_FD) = 0 [pid 5171] close(5) = 0 [pid 5171] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5171] creat("./file1", 000) = 5 [ 93.835649][ T5171] loop0: detected capacity change from 0 to 512 [ 93.850129][ T5171] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 93.866097][ T5171] EXT4-fs (loop0): 1 truncate cleaned up [pid 5171] exit_group(0) = ? [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5173 [pid 5173] <... set_robust_list resumed>) = 0 [pid 5173] chdir("./51") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5173] memfd_create("syzkaller", 0) = 4 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5173] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5173] munmap(0x7f8615f70000, 138412032) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5173] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5173] close(4) = 0 [pid 5173] mkdir("./file1", 0777) = 0 [pid 5173] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5173] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5173] chdir("./file1") = 0 [pid 5173] ioctl(5, LOOP_CLR_FD) = 0 [pid 5173] close(5) = 0 [pid 5173] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5173] creat("./file1", 000) = 5 [ 94.202334][ T5173] loop0: detected capacity change from 0 to 512 [ 94.216713][ T5173] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.231662][ T5173] EXT4-fs (loop0): 1 truncate cleaned up [pid 5173] exit_group(0) = ? [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x5555563ff650) = 5175 [pid 5175] set_robust_list(0x5555563ff660, 24) = 0 [pid 5175] chdir("./52") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5175] memfd_create("syzkaller", 0) = 4 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5175] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5175] munmap(0x7f8615f70000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5175] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5175] close(4) = 0 [pid 5175] mkdir("./file1", 0777) = 0 [pid 5175] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5175] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5175] chdir("./file1") = 0 [pid 5175] ioctl(5, LOOP_CLR_FD) = 0 [pid 5175] close(5) = 0 [pid 5175] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 94.537285][ T5175] loop0: detected capacity change from 0 to 512 [ 94.561574][ T5175] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.577097][ T5175] EXT4-fs (loop0): 1 truncate cleaned up [pid 5175] creat("./file1", 000) = 5 [pid 5175] exit_group(0) = ? [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5177 [pid 5177] <... set_robust_list resumed>) = 0 [pid 5177] chdir("./53") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5177] memfd_create("syzkaller", 0) = 4 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5177] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5177] munmap(0x7f8615f70000, 138412032) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5177] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5177] close(4) = 0 [pid 5177] mkdir("./file1", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5177] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5177] chdir("./file1") = 0 [pid 5177] ioctl(5, LOOP_CLR_FD) = 0 [pid 5177] close(5) = 0 [ 94.929022][ T5177] loop0: detected capacity change from 0 to 512 [ 94.944561][ T5177] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.960706][ T5177] EXT4-fs (loop0): 1 truncate cleaned up [pid 5177] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5177] creat("./file1", 000) = 5 [pid 5177] exit_group(0) = ? [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x5555563ff650) = 5179 [pid 5179] set_robust_list(0x5555563ff660, 24) = 0 [pid 5179] chdir("./54") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5179] memfd_create("syzkaller", 0) = 4 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5179] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5179] munmap(0x7f8615f70000, 138412032) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5179] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5179] close(4) = 0 [pid 5179] mkdir("./file1", 0777) = 0 [pid 5179] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5179] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5179] chdir("./file1") = 0 [pid 5179] ioctl(5, LOOP_CLR_FD) = 0 [pid 5179] close(5) = 0 [pid 5179] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5179] creat("./file1", 000) = 5 [ 95.377321][ T5179] loop0: detected capacity change from 0 to 512 [ 95.402071][ T5179] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.418747][ T5179] EXT4-fs (loop0): 1 truncate cleaned up [pid 5179] exit_group(0) = ? [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5182 attached , child_tidptr=0x5555563ff650) = 5182 [pid 5182] set_robust_list(0x5555563ff660, 24) = 0 [pid 5182] chdir("./55") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5182] memfd_create("syzkaller", 0) = 4 [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5182] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5182] munmap(0x7f8615f70000, 138412032) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5182] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5182] close(4) = 0 [pid 5182] mkdir("./file1", 0777) = 0 [pid 5182] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5182] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5182] chdir("./file1") = 0 [pid 5182] ioctl(5, LOOP_CLR_FD) = 0 [pid 5182] close(5) = 0 [pid 5182] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5182] creat("./file1", 000) = 5 [ 95.726879][ T5182] loop0: detected capacity change from 0 to 512 [ 95.744317][ T5182] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.759845][ T5182] EXT4-fs (loop0): 1 truncate cleaned up [pid 5182] exit_group(0) = ? [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x5555563ff650) = 5184 [pid 5184] set_robust_list(0x5555563ff660, 24) = 0 [pid 5184] chdir("./56") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5184] memfd_create("syzkaller", 0) = 4 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5184] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5184] munmap(0x7f8615f70000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5184] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./file1", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5184] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5184] chdir("./file1") = 0 [pid 5184] ioctl(5, LOOP_CLR_FD) = 0 [pid 5184] close(5) = 0 [pid 5184] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5184] creat("./file1", 000) = 5 [ 96.039506][ T5184] loop0: detected capacity change from 0 to 512 [ 96.054801][ T5184] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 96.070354][ T5184] EXT4-fs (loop0): 1 truncate cleaned up [pid 5184] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached , child_tidptr=0x5555563ff650) = 5186 [pid 5186] set_robust_list(0x5555563ff660, 24) = 0 [pid 5186] chdir("./57") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5186] memfd_create("syzkaller", 0) = 4 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5186] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5186] munmap(0x7f8615f70000, 138412032) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5186] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5186] close(4) = 0 [pid 5186] mkdir("./file1", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5186] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5186] chdir("./file1") = 0 [pid 5186] ioctl(5, LOOP_CLR_FD) = 0 [pid 5186] close(5) = 0 [ 96.438960][ T5186] loop0: detected capacity change from 0 to 512 [ 96.453658][ T5186] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 96.468945][ T5186] EXT4-fs (loop0): 1 truncate cleaned up [pid 5186] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 96.504023][ T5186] [ 96.506380][ T5186] ====================================================== [ 96.513405][ T5186] WARNING: possible circular locking dependency detected [ 96.520428][ T5186] 6.7.0-rc5-syzkaller-00134-g3f7168591ebf #0 Not tainted [ 96.527455][ T5186] ------------------------------------------------------ [ 96.534472][ T5186] syz-executor738/5186 is trying to acquire lock: [ 96.540890][ T5186] ffff888075f677c0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x173/0x430 [ 96.551289][ T5186] [ 96.551289][ T5186] but task is already holding lock: [ 96.558645][ T5186] ffff888075f32688 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1b94/0x29d0 [ 96.567976][ T5186] [ 96.567976][ T5186] which lock already depends on the new lock. [ 96.567976][ T5186] [ 96.578366][ T5186] [ 96.578366][ T5186] the existing dependency chain (in reverse order) is: [ 96.587365][ T5186] [ 96.587365][ T5186] -> #1 (&ei->i_data_sem/3){++++}-{3:3}: [ 96.595189][ T5186] down_write+0x3a/0x50 [ 96.599874][ T5186] ext4_xattr_set_entry+0x3415/0x3ce0 [ 96.605770][ T5186] ext4_xattr_ibody_set+0x126/0x380 [ 96.611574][ T5186] ext4_xattr_set_handle+0x936/0x1420 [ 96.617468][ T5186] ext4_xattr_set+0x149/0x370 [ 96.622672][ T5186] __vfs_setxattr+0x173/0x1d0 [ 96.627868][ T5186] __vfs_setxattr_noperm+0x127/0x5e0 [ 96.633682][ T5186] __vfs_setxattr_locked+0x17e/0x250 [ 96.639493][ T5186] vfs_setxattr+0x146/0x350 [ 96.644516][ T5186] do_setxattr+0x142/0x170 [ 96.649454][ T5186] setxattr+0x159/0x170 [ 96.654129][ T5186] path_setxattr+0x175/0x1d0 [ 96.659235][ T5186] __x64_sys_setxattr+0xc4/0x160 [ 96.664691][ T5186] do_syscall_64+0x40/0x110 [ 96.669718][ T5186] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 96.676140][ T5186] [ 96.676140][ T5186] -> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}: [ 96.684409][ T5186] __lock_acquire+0x2433/0x3b20 [ 96.689786][ T5186] lock_acquire+0x1ae/0x520 [ 96.694820][ T5186] down_write+0x3a/0x50 [ 96.699504][ T5186] ext4_xattr_inode_iget+0x173/0x430 [ 96.705311][ T5186] ext4_xattr_inode_get+0x170/0x840 [ 96.711028][ T5186] ext4_expand_extra_isize_ea+0x125a/0x1b20 [ 96.717441][ T5186] __ext4_expand_extra_isize+0x342/0x470 [ 96.723603][ T5186] __ext4_mark_inode_dirty+0x52b/0x810 [ 96.729588][ T5186] ext4_setattr+0x1c08/0x29d0 [ 96.734789][ T5186] notify_change+0x742/0x11c0 [ 96.739993][ T5186] do_truncate+0x15c/0x220 [ 96.744935][ T5186] path_openat+0x25a0/0x2c50 [ 96.750057][ T5186] do_filp_open+0x1de/0x430 [ 96.755094][ T5186] do_sys_openat2+0x176/0x1e0 [ 96.760288][ T5186] __x64_sys_creat+0xcd/0x120 [ 96.765486][ T5186] do_syscall_64+0x40/0x110 [ 96.770514][ T5186] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 96.776939][ T5186] [ 96.776939][ T5186] other info that might help us debug this: [ 96.776939][ T5186] [ 96.787157][ T5186] Possible unsafe locking scenario: [ 96.787157][ T5186] [ 96.795028][ T5186] CPU0 CPU1 [ 96.800380][ T5186] ---- ---- [ 96.805736][ T5186] lock(&ei->i_data_sem/3); [ 96.810326][ T5186] lock(&ea_inode->i_rwsem#7/1); [ 96.817879][ T5186] lock(&ei->i_data_sem/3); [ 96.824988][ T5186] lock(&ea_inode->i_rwsem#7/1); [ 96.830019][ T5186] [ 96.830019][ T5186] *** DEADLOCK *** [ 96.830019][ T5186] [ 96.838149][ T5186] 5 locks held by syz-executor738/5186: [ 96.843858][ T5186] #0: ffff88807197e418 (sb_writers#5){.+.+}-{0:0}, at: path_openat+0x2112/0x2c50 [ 96.853110][ T5186] #1: ffff888075f32800 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x14b/0x220 [ 96.863397][ T5186] #2: ffff888075f329a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xdf1/0x29d0 [ 96.873595][ T5186] #3: ffff888075f32688 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1b94/0x29d0 [ 96.883363][ T5186] #4: ffff888075f324c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4a1/0x810 [ 96.893654][ T5186] [ 96.893654][ T5186] stack backtrace: [ 96.899528][ T5186] CPU: 0 PID: 5186 Comm: syz-executor738 Not tainted 6.7.0-rc5-syzkaller-00134-g3f7168591ebf #0 [ 96.909933][ T5186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 96.919982][ T5186] Call Trace: [ 96.923256][ T5186] [ 96.926180][ T5186] dump_stack_lvl+0xd9/0x1b0 [ 96.930772][ T5186] check_noncircular+0x317/0x400 [ 96.935805][ T5186] ? print_circular_bug+0x5c0/0x5c0 [ 96.941009][ T5186] ? lockdep_lock+0xc6/0x200 [ 96.945624][ T5186] ? hlock_class+0x130/0x130 [ 96.950229][ T5186] __lock_acquire+0x2433/0x3b20 [ 96.955110][ T5186] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 96.961194][ T5186] ? look_up_lock_class+0x59/0x130 [ 96.966345][ T5186] lock_acquire+0x1ae/0x520 [ 96.970868][ T5186] ? ext4_xattr_inode_iget+0x173/0x430 [ 96.976340][ T5186] ? lock_sync+0x190/0x190 [ 96.980957][ T5186] ? preempt_count_sub+0x160/0x160 [ 96.986069][ T5186] down_write+0x3a/0x50 [ 96.990224][ T5186] ? ext4_xattr_inode_iget+0x173/0x430 [ 96.995684][ T5186] ext4_xattr_inode_iget+0x173/0x430 [ 97.000975][ T5186] ext4_xattr_inode_get+0x170/0x840 [ 97.006176][ T5186] ? ext4_xattr_inode_iget+0x430/0x430 [ 97.011636][ T5186] ? rcu_is_watching+0x12/0xb0 [ 97.016402][ T5186] ? trace_kmalloc+0x26/0xa0 [ 97.020997][ T5186] ? __kmalloc_node+0x78/0x90 [ 97.025681][ T5186] ext4_expand_extra_isize_ea+0x125a/0x1b20 [ 97.031583][ T5186] ? ext4_xattr_set+0x370/0x370 [ 97.036482][ T5186] ? lockdep_unlock+0x11b/0x290 [ 97.041684][ T5186] ? preempt_count_sub+0x160/0x160 [ 97.046795][ T5186] ? down_write_trylock+0x1ae/0x3d0 [ 97.051995][ T5186] ? dquot_initialize_needed+0x17d/0x290 [ 97.057635][ T5186] __ext4_expand_extra_isize+0x342/0x470 [ 97.063272][ T5186] __ext4_mark_inode_dirty+0x52b/0x810 [ 97.068737][ T5186] ? ext4_expand_extra_isize+0x600/0x600 [ 97.074373][ T5186] ? lock_sync+0x190/0x190 [ 97.078801][ T5186] ? preempt_count_sub+0x160/0x160 [ 97.083913][ T5186] ext4_setattr+0x1c08/0x29d0 [ 97.088600][ T5186] ? ext4_journalled_write_end+0x1120/0x1120 [ 97.094589][ T5186] notify_change+0x742/0x11c0 [ 97.099266][ T5186] do_truncate+0x15c/0x220 [ 97.103700][ T5186] ? file_open_root+0x450/0x450 [ 97.108564][ T5186] path_openat+0x25a0/0x2c50 [ 97.113165][ T5186] ? path_lookupat+0x770/0x770 [ 97.117935][ T5186] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 97.123922][ T5186] do_filp_open+0x1de/0x430 [ 97.128435][ T5186] ? may_open_dev+0xf0/0xf0 [ 97.132941][ T5186] ? find_held_lock+0x2d/0x110 [ 97.137712][ T5186] ? _raw_spin_unlock+0x28/0x40 [ 97.142561][ T5186] ? alloc_fd+0x2da/0x6c0 [ 97.146893][ T5186] do_sys_openat2+0x176/0x1e0 [ 97.151569][ T5186] ? build_open_flags+0x690/0x690 [ 97.156590][ T5186] ? ptrace_notify+0xf4/0x130 [ 97.161269][ T5186] ? restore_fpregs_from_fpstate+0xc1/0x1d0 [ 97.167169][ T5186] __x64_sys_creat+0xcd/0x120 [ 97.171844][ T5186] ? __x64_compat_sys_openat+0x200/0x200 [ 97.177475][ T5186] ? _raw_spin_unlock_irq+0x2e/0x50 [ 97.182679][ T5186] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 97.188941][ T5186] do_syscall_64+0x40/0x110 [ 97.193447][ T5186] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 97.199351][ T5186] RIP: 0033:0x7f861e3af229 [ 97.203761][ T5186] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 97.223370][ T5186] RSP: 002b:00007ffcfe1ee598 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 97.231786][ T5186] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f861e3af229 [ 97.239758][ T5186] RDX: 00007f861e3af229 RSI: 0000000000000000 RDI: 0000000020000040 [ 97.247778][ T5186] RBP: 0000000000000000 R08: 00007ffcfe1ee5d0 R09: 00007ffcfe1ee5d0 [pid 5186] creat("./file1", 000) = 5 [pid 5186] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 97.255831][ T5186] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfe1ee5bc [ 97.263807][ T5186] R13: 0000000000000039 R14: 431bde82d7b634db R15: 00007ffcfe1ee5f0 [ 97.271802][ T5186] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached , child_tidptr=0x5555563ff650) = 5188 [pid 5188] set_robust_list(0x5555563ff660, 24) = 0 [pid 5188] chdir("./58") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5188] memfd_create("syzkaller", 0) = 4 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5188] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5188] munmap(0x7f8615f70000, 138412032) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5188] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5188] close(4) = 0 [pid 5188] mkdir("./file1", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5188] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5188] chdir("./file1") = 0 [pid 5188] ioctl(5, LOOP_CLR_FD) = 0 [pid 5188] close(5) = 0 [pid 5188] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 97.566256][ T5188] loop0: detected capacity change from 0 to 512 [ 97.578919][ T5188] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.594037][ T5188] EXT4-fs (loop0): 1 truncate cleaned up [pid 5188] creat("./file1", 000) = 5 [pid 5188] exit_group(0) = ? [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5191 attached , child_tidptr=0x5555563ff650) = 5191 [pid 5191] set_robust_list(0x5555563ff660, 24) = 0 [pid 5191] chdir("./59") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5191] memfd_create("syzkaller", 0) = 4 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5191] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5191] munmap(0x7f8615f70000, 138412032) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5191] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5191] close(4) = 0 [pid 5191] mkdir("./file1", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5191] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5191] chdir("./file1") = 0 [pid 5191] ioctl(5, LOOP_CLR_FD) = 0 [pid 5191] close(5) = 0 [ 98.082709][ T5191] loop0: detected capacity change from 0 to 512 [ 98.097280][ T5191] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.111952][ T5191] EXT4-fs (loop0): 1 truncate cleaned up [pid 5191] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5191] creat("./file1", 000) = 5 [pid 5191] exit_group(0) = ? [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x5555563ff660, 24) = 0 [pid 5193] chdir("./60") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5193 [pid 5193] <... setpgid resumed>) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5193] memfd_create("syzkaller", 0) = 4 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5193] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5193] munmap(0x7f8615f70000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5193] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5193] close(4) = 0 [pid 5193] mkdir("./file1", 0777) = 0 [pid 5193] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5193] chdir("./file1") = 0 [pid 5193] ioctl(5, LOOP_CLR_FD) = 0 [pid 5193] close(5) = 0 [ 98.406078][ T5193] loop0: detected capacity change from 0 to 512 [ 98.430839][ T5193] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.446017][ T5193] EXT4-fs (loop0): 1 truncate cleaned up [pid 5193] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5193] creat("./file1", 000) = 5 [pid 5193] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x5555563ff660, 24) = 0 [pid 5196] chdir("./61") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5196 [pid 5196] <... openat resumed>) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5196] memfd_create("syzkaller", 0) = 4 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5196] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5196] munmap(0x7f8615f70000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5196] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5196] close(4) = 0 [pid 5196] mkdir("./file1", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5196] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5196] chdir("./file1") = 0 [pid 5196] ioctl(5, LOOP_CLR_FD) = 0 [pid 5196] close(5) = 0 [pid 5196] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5196] creat("./file1", 000) = 5 [pid 5196] exit_group(0) = ? [ 98.660564][ T5196] loop0: detected capacity change from 0 to 512 [ 98.685075][ T5196] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.699370][ T5196] EXT4-fs (loop0): 1 truncate cleaned up [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x5555563ff660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5198 [pid 5198] <... set_robust_list resumed>) = 0 [pid 5198] chdir("./62") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5198] memfd_create("syzkaller", 0) = 4 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5198] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5198] munmap(0x7f8615f70000, 138412032) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5198] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5198] close(4) = 0 [pid 5198] mkdir("./file1", 0777) = 0 [pid 5198] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5198] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5198] chdir("./file1") = 0 [pid 5198] ioctl(5, LOOP_CLR_FD) = 0 [pid 5198] close(5) = 0 [pid 5198] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5198] creat("./file1", 000) = 5 [pid 5198] exit_group(0) = ? [ 98.888648][ T5198] loop0: detected capacity change from 0 to 512 [ 98.905715][ T5198] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.920431][ T5198] EXT4-fs (loop0): 1 truncate cleaned up [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x5555563ff660, 24) = 0 [pid 5200] chdir("./63") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5200 [pid 5200] <... openat resumed>) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5200] memfd_create("syzkaller", 0) = 4 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5200] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5200] munmap(0x7f8615f70000, 138412032) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5200] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5200] close(4) = 0 [pid 5200] mkdir("./file1", 0777) = 0 [pid 5200] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5200] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5200] chdir("./file1") = 0 [pid 5200] ioctl(5, LOOP_CLR_FD) = 0 [pid 5200] close(5) = 0 [pid 5200] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5200] creat("./file1", 000) = 5 [pid 5200] exit_group(0) = ? [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 99.224885][ T5200] loop0: detected capacity change from 0 to 512 [ 99.248697][ T5200] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 99.263523][ T5200] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x5555563ff660, 24) = 0 [pid 5202] chdir("./64") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5202 [pid 5202] <... openat resumed>) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5202] memfd_create("syzkaller", 0) = 4 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5202] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5202] munmap(0x7f8615f70000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5202] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5202] close(4) = 0 [pid 5202] mkdir("./file1", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5202] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5202] chdir("./file1") = 0 [pid 5202] ioctl(5, LOOP_CLR_FD) = 0 [pid 5202] close(5) = 0 [pid 5202] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5202] creat("./file1", 000) = 5 [pid 5202] exit_group(0) = ? [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 99.518143][ T5202] loop0: detected capacity change from 0 to 512 [ 99.527005][ T5202] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 99.542071][ T5202] EXT4-fs (loop0): 1 truncate cleaned up umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x5555563ff650) = 5204 [pid 5204] set_robust_list(0x5555563ff660, 24) = 0 [pid 5204] chdir("./65") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5204] memfd_create("syzkaller", 0) = 4 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5204] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5204] munmap(0x7f8615f70000, 138412032) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5204] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5204] close(4) = 0 [pid 5204] mkdir("./file1", 0777) = 0 [pid 5204] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5204] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5204] chdir("./file1") = 0 [pid 5204] ioctl(5, LOOP_CLR_FD) = 0 [pid 5204] close(5) = 0 [pid 5204] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5204] creat("./file1", 000) = 5 [pid 5204] exit_group(0) = ? [ 99.801217][ T5204] loop0: detected capacity change from 0 to 512 [ 99.814262][ T5204] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 99.828814][ T5204] EXT4-fs (loop0): 1 truncate cleaned up [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5206 ./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x5555563ff660, 24) = 0 [pid 5206] chdir("./66") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5206] memfd_create("syzkaller", 0) = 4 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5206] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5206] munmap(0x7f8615f70000, 138412032) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5206] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5206] close(4) = 0 [pid 5206] mkdir("./file1", 0777) = 0 [pid 5206] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5206] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5206] chdir("./file1") = 0 [pid 5206] ioctl(5, LOOP_CLR_FD) = 0 [pid 5206] close(5) = 0 [pid 5206] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 100.155186][ T5206] loop0: detected capacity change from 0 to 512 [ 100.184556][ T5206] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.199097][ T5206] EXT4-fs (loop0): 1 truncate cleaned up [pid 5206] creat("./file1", 000) = 5 [pid 5206] exit_group(0) = ? [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached , child_tidptr=0x5555563ff650) = 5208 [pid 5208] set_robust_list(0x5555563ff660, 24) = 0 [pid 5208] chdir("./67") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5208] memfd_create("syzkaller", 0) = 4 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5208] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5208] munmap(0x7f8615f70000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5208] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5208] close(4) = 0 [pid 5208] mkdir("./file1", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5208] chdir("./file1") = 0 [pid 5208] ioctl(5, LOOP_CLR_FD) = 0 [pid 5208] close(5) = 0 [pid 5208] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5208] creat("./file1", 000) = 5 [pid 5208] exit_group(0) = ? [ 100.464082][ T5208] loop0: detected capacity change from 0 to 512 [ 100.479289][ T5208] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.494261][ T5208] EXT4-fs (loop0): 1 truncate cleaned up [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x5555563ff660, 24) = 0 [pid 5210] chdir("./68") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5210 [pid 5210] <... openat resumed>) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5210] memfd_create("syzkaller", 0) = 4 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5210] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5210] munmap(0x7f8615f70000, 138412032) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5210] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5210] close(4) = 0 [pid 5210] mkdir("./file1", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5210] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5210] chdir("./file1") = 0 [pid 5210] ioctl(5, LOOP_CLR_FD) = 0 [pid 5210] close(5) = 0 [pid 5210] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5210] creat("./file1", 000) = 5 [pid 5210] exit_group(0) = ? [pid 5210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5210, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 100.813066][ T5210] loop0: detected capacity change from 0 to 512 [ 100.828641][ T5210] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.843412][ T5210] EXT4-fs (loop0): 1 truncate cleaned up umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5212 attached , child_tidptr=0x5555563ff650) = 5212 [pid 5212] set_robust_list(0x5555563ff660, 24) = 0 [pid 5212] chdir("./69") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5212] memfd_create("syzkaller", 0) = 4 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5212] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5212] munmap(0x7f8615f70000, 138412032) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5212] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5212] close(4) = 0 [pid 5212] mkdir("./file1", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5212] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5212] chdir("./file1") = 0 [ 101.094879][ T5212] loop0: detected capacity change from 0 to 512 [ 101.120314][ T5212] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.134941][ T5212] EXT4-fs (loop0): 1 truncate cleaned up [pid 5212] ioctl(5, LOOP_CLR_FD) = 0 [pid 5212] close(5) = 0 [pid 5212] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5212] creat("./file1", 000) = 5 [pid 5212] exit_group(0) = ? [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x5555563ff660, 24) = 0 [pid 5214] chdir("./70") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5214 [pid 5214] <... openat resumed>) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5214] memfd_create("syzkaller", 0) = 4 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5214] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5214] munmap(0x7f8615f70000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5214] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5214] close(4) = 0 [pid 5214] mkdir("./file1", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5214] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5214] chdir("./file1") = 0 [pid 5214] ioctl(5, LOOP_CLR_FD) = 0 [pid 5214] close(5) = 0 [pid 5214] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5214] creat("./file1", 000) = 5 [ 101.407528][ T5214] loop0: detected capacity change from 0 to 512 [ 101.430974][ T5214] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.445638][ T5214] EXT4-fs (loop0): 1 truncate cleaned up [pid 5214] exit_group(0) = ? [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x5555563ff650) = 5216 [pid 5216] set_robust_list(0x5555563ff660, 24) = 0 [pid 5216] chdir("./71") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5216] memfd_create("syzkaller", 0) = 4 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5216] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5216] munmap(0x7f8615f70000, 138412032) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5216] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5216] close(4) = 0 [pid 5216] mkdir("./file1", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5216] chdir("./file1") = 0 [pid 5216] ioctl(5, LOOP_CLR_FD) = 0 [pid 5216] close(5) = 0 [pid 5216] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5216] creat("./file1", 000) = 5 [ 101.730543][ T5216] loop0: detected capacity change from 0 to 512 [ 101.754263][ T5216] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 101.769035][ T5216] EXT4-fs (loop0): 1 truncate cleaned up [pid 5216] exit_group(0) = ? [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached , child_tidptr=0x5555563ff650) = 5218 [pid 5218] set_robust_list(0x5555563ff660, 24) = 0 [pid 5218] chdir("./72") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5218] memfd_create("syzkaller", 0) = 4 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5218] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5218] munmap(0x7f8615f70000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5218] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5218] close(4) = 0 [pid 5218] mkdir("./file1", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5218] chdir("./file1") = 0 [pid 5218] ioctl(5, LOOP_CLR_FD) = 0 [pid 5218] close(5) = 0 [pid 5218] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5218] creat("./file1", 000) = 5 [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 102.047229][ T5218] loop0: detected capacity change from 0 to 512 [ 102.056012][ T5218] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.070821][ T5218] EXT4-fs (loop0): 1 truncate cleaned up umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x5555563ff660, 24) = 0 [pid 5220] chdir("./73") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5220 [pid 5220] <... openat resumed>) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5220] memfd_create("syzkaller", 0) = 4 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5220] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5220] munmap(0x7f8615f70000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5220] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5220] close(4) = 0 [pid 5220] mkdir("./file1", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5220] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5220] chdir("./file1") = 0 [pid 5220] ioctl(5, LOOP_CLR_FD) = 0 [pid 5220] close(5) = 0 [pid 5220] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5220] creat("./file1", 000) = 5 [ 102.263154][ T5220] loop0: detected capacity change from 0 to 512 [ 102.286752][ T5220] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.302164][ T5220] EXT4-fs (loop0): 1 truncate cleaned up [pid 5220] exit_group(0) = ? [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x5555563ff660, 24) = 0 [pid 5222] chdir("./74") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5222 [pid 5222] <... openat resumed>) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5222] memfd_create("syzkaller", 0) = 4 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5222] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5222] munmap(0x7f8615f70000, 138412032) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5222] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5222] close(4) = 0 [pid 5222] mkdir("./file1", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5222] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5222] chdir("./file1") = 0 [pid 5222] ioctl(5, LOOP_CLR_FD) = 0 [pid 5222] close(5) = 0 [pid 5222] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5222] creat("./file1", 000) = 5 [pid 5222] exit_group(0) = ? [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 102.539850][ T5222] loop0: detected capacity change from 0 to 512 [ 102.554008][ T5222] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.568449][ T5222] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x5555563ff660, 24) = 0 [pid 5224] chdir("./75") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5224] memfd_create("syzkaller", 0) = 4 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5224] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5224] munmap(0x7f8615f70000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5224] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./file1", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5224] chdir("./file1") = 0 [pid 5224] ioctl(5, LOOP_CLR_FD) = 0 [pid 5224] close(5) = 0 [ 102.842559][ T5224] loop0: detected capacity change from 0 to 512 [ 102.867701][ T5224] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.882233][ T5224] EXT4-fs (loop0): 1 truncate cleaned up [pid 5224] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5224] creat("./file1", 000) = 5 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x5555563ff650) = 5226 [pid 5226] set_robust_list(0x5555563ff660, 24) = 0 [pid 5226] chdir("./76") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5226] memfd_create("syzkaller", 0) = 4 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5226] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5226] munmap(0x7f8615f70000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5226] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file1", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5226] chdir("./file1") = 0 [pid 5226] ioctl(5, LOOP_CLR_FD) = 0 [pid 5226] close(5) = 0 [pid 5226] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 103.169811][ T5226] loop0: detected capacity change from 0 to 512 [ 103.178823][ T5226] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 103.193810][ T5226] EXT4-fs (loop0): 1 truncate cleaned up [pid 5226] creat("./file1", 000) = 5 [pid 5226] exit_group(0) = ? [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x5555563ff660, 24) = 0 [pid 5228] chdir("./77") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5228 [pid 5228] <... openat resumed>) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5228] memfd_create("syzkaller", 0) = 4 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5228] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5228] munmap(0x7f8615f70000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5228] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5228] close(4) = 0 [pid 5228] mkdir("./file1", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5228] chdir("./file1") = 0 [pid 5228] ioctl(5, LOOP_CLR_FD) = 0 [pid 5228] close(5) = 0 [ 103.541413][ T5228] loop0: detected capacity change from 0 to 512 [ 103.558864][ T5228] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 103.573601][ T5228] EXT4-fs (loop0): 1 truncate cleaned up [pid 5228] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5228] creat("./file1", 000) = 5 [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached , child_tidptr=0x5555563ff650) = 5230 [pid 5230] set_robust_list(0x5555563ff660, 24) = 0 [pid 5230] chdir("./78") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5230] memfd_create("syzkaller", 0) = 4 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5230] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5230] munmap(0x7f8615f70000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5230] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5230] close(4) = 0 [pid 5230] mkdir("./file1", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5230] chdir("./file1") = 0 [pid 5230] ioctl(5, LOOP_CLR_FD) = 0 [pid 5230] close(5) = 0 [ 103.856592][ T5230] loop0: detected capacity change from 0 to 512 [ 103.870314][ T5230] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 103.884928][ T5230] EXT4-fs (loop0): 1 truncate cleaned up [pid 5230] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5230] creat("./file1", 000) = 5 [pid 5230] exit_group(0) = ? [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x5555563ff660, 24) = 0 [pid 5232] chdir("./79") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5232] memfd_create("syzkaller", 0) = 4 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5232] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5232] munmap(0x7f8615f70000, 138412032) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5232] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5232] close(4) = 0 [pid 5232] mkdir("./file1", 0777) = 0 [pid 5232] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5232] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5232] chdir("./file1") = 0 [pid 5232] ioctl(5, LOOP_CLR_FD) = 0 [pid 5232] close(5) = 0 [pid 5232] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5232] creat("./file1", 000) = 5 [pid 5232] exit_group(0) = ? [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 104.201279][ T5232] loop0: detected capacity change from 0 to 512 [ 104.225461][ T5232] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 104.240314][ T5232] EXT4-fs (loop0): 1 truncate cleaned up umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached , child_tidptr=0x5555563ff650) = 5234 [pid 5234] set_robust_list(0x5555563ff660, 24) = 0 [pid 5234] chdir("./80") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5234] memfd_create("syzkaller", 0) = 4 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5234] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5234] munmap(0x7f8615f70000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5234] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file1", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5234] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5234] chdir("./file1") = 0 [pid 5234] ioctl(5, LOOP_CLR_FD) = 0 [pid 5234] close(5) = 0 [pid 5234] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [ 104.460774][ T5234] loop0: detected capacity change from 0 to 512 [ 104.475696][ T5234] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 104.490672][ T5234] EXT4-fs (loop0): 1 truncate cleaned up [pid 5234] creat("./file1", 000) = 5 [pid 5234] exit_group(0) = ? [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x5555563ff660, 24) = 0 [pid 5237] chdir("./81") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5237 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5237] memfd_create("syzkaller", 0) = 4 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5237] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5237] munmap(0x7f8615f70000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5237] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file1", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5237] chdir("./file1") = 0 [pid 5237] ioctl(5, LOOP_CLR_FD) = 0 [ 104.803721][ T5237] loop0: detected capacity change from 0 to 512 [ 104.817098][ T5237] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 104.831555][ T5237] EXT4-fs (loop0): 1 truncate cleaned up [pid 5237] close(5) = 0 [pid 5237] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5237] creat("./file1", 000) = 5 [pid 5237] exit_group(0) = ? [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5239 ./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x5555563ff660, 24) = 0 [pid 5239] chdir("./82") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5239] memfd_create("syzkaller", 0) = 4 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5239] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5239] munmap(0x7f8615f70000, 138412032) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5239] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5239] close(4) = 0 [pid 5239] mkdir("./file1", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5239] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5239] chdir("./file1") = 0 [pid 5239] ioctl(5, LOOP_CLR_FD) = 0 [pid 5239] close(5) = 0 [pid 5239] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5239] creat("./file1", 000) = 5 [ 105.177127][ T5239] loop0: detected capacity change from 0 to 512 [ 105.201100][ T5239] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.215785][ T5239] EXT4-fs (loop0): 1 truncate cleaned up [pid 5239] exit_group(0) = ? [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached , child_tidptr=0x5555563ff650) = 5241 [pid 5241] set_robust_list(0x5555563ff660, 24) = 0 [pid 5241] chdir("./83") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5241] memfd_create("syzkaller", 0) = 4 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5241] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5241] munmap(0x7f8615f70000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5241] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5241] close(4) = 0 [pid 5241] mkdir("./file1", 0777) = 0 [pid 5241] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5241] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5241] chdir("./file1") = 0 [pid 5241] ioctl(5, LOOP_CLR_FD) = 0 [pid 5241] close(5) = 0 [pid 5241] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5241] creat("./file1", 000) = 5 [pid 5241] exit_group(0) = ? [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 105.366838][ T5241] loop0: detected capacity change from 0 to 512 [ 105.375426][ T5241] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.389661][ T5241] EXT4-fs (loop0): 1 truncate cleaned up umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563ff650) = 5243 ./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x5555563ff660, 24) = 0 [pid 5243] chdir("./84") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5243] memfd_create("syzkaller", 0) = 4 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5243] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5243] munmap(0x7f8615f70000, 138412032) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5243] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5243] close(4) = 0 [pid 5243] mkdir("./file1", 0777) = 0 [pid 5243] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5243] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5243] chdir("./file1") = 0 [pid 5243] ioctl(5, LOOP_CLR_FD) = 0 [pid 5243] close(5) = 0 [pid 5243] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5243] creat("./file1", 000) = 5 [ 105.731391][ T5243] loop0: detected capacity change from 0 to 512 [ 105.750654][ T5243] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.765269][ T5243] EXT4-fs (loop0): 1 truncate cleaned up [pid 5243] exit_group(0) = ? [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x5555563ff660, 24) = 0 [pid 5245] chdir("./85") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x5555563ff650) = 5245 [pid 5245] <... openat resumed>) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5245] memfd_create("syzkaller", 0) = 4 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5245] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5245] munmap(0x7f8615f70000, 138412032) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5245] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5245] close(4) = 0 [pid 5245] mkdir("./file1", 0777) = 0 [ 106.098646][ T5245] loop0: detected capacity change from 0 to 512 [ 106.122695][ T5245] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 106.137347][ T5245] EXT4-fs (loop0): 1 truncate cleaned up [ 106.143078][ T5245] EXT4-fs mount: 106 callbacks suppressed [pid 5245] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5245] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5245] chdir("./file1") = 0 [pid 5245] ioctl(5, LOOP_CLR_FD) = 0 [pid 5245] close(5) = 0 [pid 5245] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x7a\x00\x00\xff\xff\xff\xa5\x34\xb8\x0a\x25\x85\xce\xc1\x44\x65\x00\x00\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 890, 0) = 0 [pid 5245] creat("./file1", 000) = 5 [pid 5245] exit_group(0) = ? [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 106.143090][ T5245] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564006f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556408730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556408730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 106.290866][ T5064] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./85/file1") = 0 getdents64(3, 0x5555564006f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x5555563ff650) = 5247 [pid 5247] set_robust_list(0x5555563ff660, 24) = 0 [pid 5247] chdir("./86") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5247] memfd_create("syzkaller", 0) = 4 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8615f70000 [pid 5247] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5247] munmap(0x7f8615f70000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5247] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5247] close(4) = 0 [pid 5247] mkdir("./file1", 0777) = 0 [pid 5247] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 [pid 5247] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 4 [pid 5247] chdir("./file1") = 0 [pid 5247] ioctl(5, LOOP_CLR_FD) = 0