./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1909628591 <...> Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. execve("./syz-executor1909628591", ["./syz-executor1909628591"], 0x7ffc8bbcd770 /* 10 vars */) = 0 brk(NULL) = 0x55556134f000 brk(0x55556134fd00) = 0x55556134fd00 arch_prctl(ARCH_SET_FS, 0x55556134f380) = 0 set_tid_address(0x55556134f650) = 5832 set_robust_list(0x55556134f660, 24) = 0 rseq(0x55556134fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1909628591", 4096) = 28 getrandom("\xb0\x4b\x88\xfd\xd8\xcf\x2f\xda", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556134fd00 brk(0x555561370d00) = 0x555561370d00 brk(0x555561371000) = 0x555561371000 mprotect(0x7f830753e000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 [ 86.214578][ T5832] cgroup: Unknown subsys name 'net' umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 [ 86.360124][ T5832] cgroup: Unknown subsys name 'cpuset' mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "memory") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) [ 86.403641][ T5832] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) mkdir("./syzkaller.4qSH4j", 0700) = 0 chmod("./syzkaller.4qSH4j", 0777) = 0 chdir("./syzkaller.4qSH4j") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached , child_tidptr=0x55556134f650) = 5833 [pid 5833] set_robust_list(0x55556134f660, 24) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] getppid() = 0 [pid 5833] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5833] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5833] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5833] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5833] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5833] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5833] unshare(CLONE_NEWNS) = 0 [pid 5833] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5833] unshare(CLONE_NEWIPC) = 0 [pid 5833] unshare(CLONE_NEWCGROUP) = 0 [pid 5833] unshare(CLONE_NEWUTS) = 0 [pid 5833] unshare(CLONE_SYSVSEM) = 0 [pid 5833] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "16777216", 8) = 8 [pid 5833] close(3) = 0 [pid 5833] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "536870912", 9) = 9 [pid 5833] close(3) = 0 [pid 5833] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1024", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "8192", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1024", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1024", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5833] close(3) = 0 [pid 5833] getpid() = 1 [pid 5833] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 0 [pid 5833] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [ 88.422563][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./0/file1") = 0 [pid 5833] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./0/binderfs") = 0 [pid 5833] umount2("./0/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./0/cgroup.net") = 0 [pid 5833] umount2("./0/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./0/cgroup.cpu") = 0 [pid 5833] umount2("./0/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./0/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./0") = 0 [pid 5833] mkdir("./1", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556134f650) = 3 ./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x55556134f660, 24) = 0 [pid 5841] chdir("./1") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5841] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5841] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] write(1, "executing program\n", 18executing program ) = 18 [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5841] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5841] munmap(0x7f82ff000000, 138412032) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] mkdir("./file1", 0777) = 0 [ 89.071879][ T5841] loop0: detected capacity change from 0 to 32768 [pid 5841] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5841] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] chdir("./file1") = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5841] close(3) = 0 [pid 5841] close(4) = -1 EBADF (Bad file descriptor) [pid 5841] close(5) = -1 EBADF (Bad file descriptor) [pid 5841] close(6) = -1 EBADF (Bad file descriptor) [pid 5841] close(7) = -1 EBADF (Bad file descriptor) [pid 5841] close(8) = -1 EBADF (Bad file descriptor) [pid 5841] close(9) = -1 EBADF (Bad file descriptor) [pid 5841] close(10) = -1 EBADF (Bad file descriptor) [pid 5841] close(11) = -1 EBADF (Bad file descriptor) [pid 5841] close(12) = -1 EBADF (Bad file descriptor) [pid 5841] close(13) = -1 EBADF (Bad file descriptor) [pid 5841] close(14) = -1 EBADF (Bad file descriptor) [pid 5841] close(15) = -1 EBADF (Bad file descriptor) [pid 5841] close(16) = -1 EBADF (Bad file descriptor) [pid 5841] close(17) = -1 EBADF (Bad file descriptor) [pid 5841] close(18) = -1 EBADF (Bad file descriptor) [pid 5841] close(19) = -1 EBADF (Bad file descriptor) [pid 5841] close(20) = -1 EBADF (Bad file descriptor) [pid 5841] close(21) = -1 EBADF (Bad file descriptor) [pid 5841] close(22) = -1 EBADF (Bad file descriptor) [pid 5841] close(23) = -1 EBADF (Bad file descriptor) [pid 5841] close(24) = -1 EBADF (Bad file descriptor) [pid 5841] close(25) = -1 EBADF (Bad file descriptor) [pid 5841] close(26) = -1 EBADF (Bad file descriptor) [pid 5841] close(27) = -1 EBADF (Bad file descriptor) [pid 5841] close(28) = -1 EBADF (Bad file descriptor) [pid 5841] close(29) = -1 EBADF (Bad file descriptor) [pid 5841] exit_group(0) = ? [pid 5841] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 89.139478][ T5841] JBD2: Ignoring recovery information on journal [ 89.177345][ T5841] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5833] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 89.227441][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./1/file1") = 0 [pid 5833] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./1/binderfs") = 0 [pid 5833] umount2("./1/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./1/cgroup.net") = 0 [pid 5833] umount2("./1/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./1/cgroup.cpu") = 0 [pid 5833] umount2("./1/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./1/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./1") = 0 [pid 5833] mkdir("./2", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached [pid 5844] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 4 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5844] chdir("./2") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5844] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5844] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5844] write(1, "executing program\n", 18) = 18 [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5844] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5844] munmap(0x7f82ff000000, 138412032) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] close(4) = 0 [pid 5844] mkdir("./file1", 0777) = 0 [ 89.891095][ T5844] loop0: detected capacity change from 0 to 32768 [pid 5844] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5844] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./file1") = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5844] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5844] close(3) = 0 [pid 5844] close(4) = -1 EBADF (Bad file descriptor) [pid 5844] close(5) = -1 EBADF (Bad file descriptor) [pid 5844] close(6) = -1 EBADF (Bad file descriptor) [pid 5844] close(7) = -1 EBADF (Bad file descriptor) [pid 5844] close(8) = -1 EBADF (Bad file descriptor) [pid 5844] close(9) = -1 EBADF (Bad file descriptor) [pid 5844] close(10) = -1 EBADF (Bad file descriptor) [pid 5844] close(11) = -1 EBADF (Bad file descriptor) [pid 5844] close(12) = -1 EBADF (Bad file descriptor) [pid 5844] close(13) = -1 EBADF (Bad file descriptor) [pid 5844] close(14) = -1 EBADF (Bad file descriptor) [pid 5844] close(15) = -1 EBADF (Bad file descriptor) [pid 5844] close(16) = -1 EBADF (Bad file descriptor) [pid 5844] close(17) = -1 EBADF (Bad file descriptor) [pid 5844] close(18) = -1 EBADF (Bad file descriptor) [pid 5844] close(19) = -1 EBADF (Bad file descriptor) [pid 5844] close(20) = -1 EBADF (Bad file descriptor) [pid 5844] close(21) = -1 EBADF (Bad file descriptor) [pid 5844] close(22) = -1 EBADF (Bad file descriptor) [pid 5844] close(23) = -1 EBADF (Bad file descriptor) [pid 5844] close(24) = -1 EBADF (Bad file descriptor) [pid 5844] close(25) = -1 EBADF (Bad file descriptor) [pid 5844] close(26) = -1 EBADF (Bad file descriptor) [pid 5844] close(27) = -1 EBADF (Bad file descriptor) [pid 5844] close(28) = -1 EBADF (Bad file descriptor) [ 89.946834][ T5844] JBD2: Ignoring recovery information on journal [ 89.982616][ T5844] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5844] close(29) = -1 EBADF (Bad file descriptor) [pid 5844] exit_group(0) = ? [pid 5844] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 90.067863][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./2/file1") = 0 [pid 5833] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./2/binderfs") = 0 [pid 5833] umount2("./2/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./2/cgroup.net") = 0 [pid 5833] umount2("./2/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./2/cgroup.cpu") = 0 [pid 5833] umount2("./2/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./2/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./2") = 0 [pid 5833] mkdir("./3", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached , child_tidptr=0x55556134f650) = 5 [pid 5847] set_robust_list(0x55556134f660, 24) = 0 [pid 5847] chdir("./3") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5847] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5847] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5847] write(1, "executing program\n", 18) = 18 [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5847] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5847] munmap(0x7f82ff000000, 138412032) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] close(4) = 0 [pid 5847] mkdir("./file1", 0777) = 0 [ 90.685980][ T5847] loop0: detected capacity change from 0 to 32768 [ 90.713888][ T5847] JBD2: Ignoring recovery information on journal [pid 5847] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5847] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("./file1") = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5847] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5847] close(3) = 0 [pid 5847] close(4) = -1 EBADF (Bad file descriptor) [pid 5847] close(5) = -1 EBADF (Bad file descriptor) [ 90.755187][ T5847] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5847] close(6) = -1 EBADF (Bad file descriptor) [pid 5847] close(7) = -1 EBADF (Bad file descriptor) [pid 5847] close(8) = -1 EBADF (Bad file descriptor) [pid 5847] close(9) = -1 EBADF (Bad file descriptor) [pid 5847] close(10) = -1 EBADF (Bad file descriptor) [pid 5847] close(11) = -1 EBADF (Bad file descriptor) [pid 5847] close(12) = -1 EBADF (Bad file descriptor) [pid 5847] close(13) = -1 EBADF (Bad file descriptor) [pid 5847] close(14) = -1 EBADF (Bad file descriptor) [pid 5847] close(15) = -1 EBADF (Bad file descriptor) [pid 5847] close(16) = -1 EBADF (Bad file descriptor) [pid 5847] close(17) = -1 EBADF (Bad file descriptor) [pid 5847] close(18) = -1 EBADF (Bad file descriptor) [pid 5847] close(19) = -1 EBADF (Bad file descriptor) [pid 5847] close(20) = -1 EBADF (Bad file descriptor) [pid 5847] close(21) = -1 EBADF (Bad file descriptor) [pid 5847] close(22) = -1 EBADF (Bad file descriptor) [pid 5847] close(23) = -1 EBADF (Bad file descriptor) [pid 5847] close(24) = -1 EBADF (Bad file descriptor) [pid 5847] close(25) = -1 EBADF (Bad file descriptor) [pid 5847] close(26) = -1 EBADF (Bad file descriptor) [pid 5847] close(27) = -1 EBADF (Bad file descriptor) [pid 5847] close(28) = -1 EBADF (Bad file descriptor) [pid 5847] close(29) = -1 EBADF (Bad file descriptor) [pid 5847] exit_group(0) = ? [pid 5847] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- [pid 5833] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 90.910138][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./3/file1") = 0 [pid 5833] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./3/binderfs") = 0 [pid 5833] umount2("./3/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./3/cgroup.net") = 0 [pid 5833] umount2("./3/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./3/cgroup.cpu") = 0 [pid 5833] umount2("./3/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./3/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./3") = 0 [pid 5833] mkdir("./4", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556134f650) = 6 ./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x55556134f660, 24) = 0 [pid 5850] chdir("./4") = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [pid 5850] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5850] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5850] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5850] write(1, "executing program\n", 18) = 18 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5850] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5850] munmap(0x7f82ff000000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file1", 0777) = 0 [ 91.565775][ T5850] loop0: detected capacity change from 0 to 32768 [ 91.602264][ T5850] JBD2: Ignoring recovery information on journal [pid 5850] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5850] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file1") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5850] close(3) = 0 [pid 5850] close(4) = -1 EBADF (Bad file descriptor) [pid 5850] close(5) = -1 EBADF (Bad file descriptor) [pid 5850] close(6) = -1 EBADF (Bad file descriptor) [pid 5850] close(7) = -1 EBADF (Bad file descriptor) [pid 5850] close(8) = -1 EBADF (Bad file descriptor) [pid 5850] close(9) = -1 EBADF (Bad file descriptor) [pid 5850] close(10) = -1 EBADF (Bad file descriptor) [pid 5850] close(11) = -1 EBADF (Bad file descriptor) [pid 5850] close(12) = -1 EBADF (Bad file descriptor) [pid 5850] close(13) = -1 EBADF (Bad file descriptor) [pid 5850] close(14) = -1 EBADF (Bad file descriptor) [pid 5850] close(15) = -1 EBADF (Bad file descriptor) [pid 5850] close(16) = -1 EBADF (Bad file descriptor) [pid 5850] close(17) = -1 EBADF (Bad file descriptor) [pid 5850] close(18) = -1 EBADF (Bad file descriptor) [pid 5850] close(19) = -1 EBADF (Bad file descriptor) [pid 5850] close(20) = -1 EBADF (Bad file descriptor) [pid 5850] close(21) = -1 EBADF (Bad file descriptor) [pid 5850] close(22) = -1 EBADF (Bad file descriptor) [pid 5850] close(23) = -1 EBADF (Bad file descriptor) [pid 5850] close(24) = -1 EBADF (Bad file descriptor) [pid 5850] close(25) = -1 EBADF (Bad file descriptor) [pid 5850] close(26) = -1 EBADF (Bad file descriptor) [pid 5850] close(27) = -1 EBADF (Bad file descriptor) [pid 5850] close(28) = -1 EBADF (Bad file descriptor) [pid 5850] close(29) = -1 EBADF (Bad file descriptor) [pid 5850] exit_group(0) = ? [ 91.639978][ T5850] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5850] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5833] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 91.806320][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./4/file1") = 0 [pid 5833] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./4/binderfs") = 0 [pid 5833] umount2("./4/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./4/cgroup.net") = 0 [pid 5833] umount2("./4/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./4/cgroup.cpu") = 0 [pid 5833] umount2("./4/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./4/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./4") = 0 [pid 5833] mkdir("./5", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached [pid 5853] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 7 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5853] chdir("./5") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5853] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5853] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5853] write(1, "executing program\n", 18executing program ) = 18 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5853] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5853] munmap(0x7f82ff000000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./file1", 0777) = 0 [ 92.456145][ T5853] loop0: detected capacity change from 0 to 32768 [pid 5853] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5853] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file1") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.498918][ T5853] JBD2: Ignoring recovery information on journal [ 92.534602][ T5853] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5853] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5853] close(3) = 0 [pid 5853] close(4) = -1 EBADF (Bad file descriptor) [pid 5853] close(5) = -1 EBADF (Bad file descriptor) [pid 5853] close(6) = -1 EBADF (Bad file descriptor) [pid 5853] close(7) = -1 EBADF (Bad file descriptor) [pid 5853] close(8) = -1 EBADF (Bad file descriptor) [pid 5853] close(9) = -1 EBADF (Bad file descriptor) [pid 5853] close(10) = -1 EBADF (Bad file descriptor) [pid 5853] close(11) = -1 EBADF (Bad file descriptor) [pid 5853] close(12) = -1 EBADF (Bad file descriptor) [pid 5853] close(13) = -1 EBADF (Bad file descriptor) [pid 5853] close(14) = -1 EBADF (Bad file descriptor) [pid 5853] close(15) = -1 EBADF (Bad file descriptor) [pid 5853] close(16) = -1 EBADF (Bad file descriptor) [pid 5853] close(17) = -1 EBADF (Bad file descriptor) [pid 5853] close(18) = -1 EBADF (Bad file descriptor) [pid 5853] close(19) = -1 EBADF (Bad file descriptor) [pid 5853] close(20) = -1 EBADF (Bad file descriptor) [pid 5853] close(21) = -1 EBADF (Bad file descriptor) [pid 5853] close(22) = -1 EBADF (Bad file descriptor) [pid 5853] close(23) = -1 EBADF (Bad file descriptor) [pid 5853] close(24) = -1 EBADF (Bad file descriptor) [pid 5853] close(25) = -1 EBADF (Bad file descriptor) [pid 5853] close(26) = -1 EBADF (Bad file descriptor) [pid 5853] close(27) = -1 EBADF (Bad file descriptor) [pid 5853] close(28) = -1 EBADF (Bad file descriptor) [pid 5853] close(29) = -1 EBADF (Bad file descriptor) [pid 5853] exit_group(0) = ? [pid 5853] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=16 /* 0.16 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./5/file1") = 0 [pid 5833] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 92.688880][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] unlink("./5/binderfs") = 0 [pid 5833] umount2("./5/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./5/cgroup.net") = 0 [pid 5833] umount2("./5/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./5/cgroup.cpu") = 0 [pid 5833] umount2("./5/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./5/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./5") = 0 [pid 5833] mkdir("./6", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached , child_tidptr=0x55556134f650) = 8 [pid 5856] set_robust_list(0x55556134f660, 24) = 0 [pid 5856] chdir("./6") = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5856] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5856] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] write(1, "executing program\n", 18executing program ) = 18 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5856] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5856] munmap(0x7f82ff000000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file1", 0777) = 0 [ 93.327816][ T5856] loop0: detected capacity change from 0 to 32768 [ 93.361127][ T5856] JBD2: Ignoring recovery information on journal [pid 5856] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file1") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5856] close(3) = 0 [pid 5856] close(4) = -1 EBADF (Bad file descriptor) [pid 5856] close(5) = -1 EBADF (Bad file descriptor) [pid 5856] close(6) = -1 EBADF (Bad file descriptor) [pid 5856] close(7) = -1 EBADF (Bad file descriptor) [pid 5856] close(8) = -1 EBADF (Bad file descriptor) [pid 5856] close(9) = -1 EBADF (Bad file descriptor) [pid 5856] close(10) = -1 EBADF (Bad file descriptor) [pid 5856] close(11) = -1 EBADF (Bad file descriptor) [pid 5856] close(12) = -1 EBADF (Bad file descriptor) [pid 5856] close(13) = -1 EBADF (Bad file descriptor) [pid 5856] close(14) = -1 EBADF (Bad file descriptor) [pid 5856] close(15) = -1 EBADF (Bad file descriptor) [pid 5856] close(16) = -1 EBADF (Bad file descriptor) [pid 5856] close(17) = -1 EBADF (Bad file descriptor) [pid 5856] close(18) = -1 EBADF (Bad file descriptor) [pid 5856] close(19) = -1 EBADF (Bad file descriptor) [pid 5856] close(20) = -1 EBADF (Bad file descriptor) [pid 5856] close(21) = -1 EBADF (Bad file descriptor) [pid 5856] close(22) = -1 EBADF (Bad file descriptor) [pid 5856] close(23) = -1 EBADF (Bad file descriptor) [pid 5856] close(24) = -1 EBADF (Bad file descriptor) [pid 5856] close(25) = -1 EBADF (Bad file descriptor) [pid 5856] close(26) = -1 EBADF (Bad file descriptor) [pid 5856] close(27) = -1 EBADF (Bad file descriptor) [pid 5856] close(28) = -1 EBADF (Bad file descriptor) [pid 5856] close(29) = -1 EBADF (Bad file descriptor) [pid 5856] exit_group(0) = ? [ 93.400026][ T5856] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5856] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- [pid 5833] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [ 93.489915][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./6/file1") = 0 [pid 5833] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./6/binderfs") = 0 [pid 5833] umount2("./6/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./6/cgroup.net") = 0 [pid 5833] umount2("./6/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./6/cgroup.cpu") = 0 [pid 5833] umount2("./6/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./6/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./6") = 0 [pid 5833] mkdir("./7", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x55556134f650) = 9 [pid 5859] set_robust_list(0x55556134f660, 24) = 0 [pid 5859] chdir("./7") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5859] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5859] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5859] write(1, "executing program\n", 18executing program ) = 18 [pid 5859] memfd_create("syzkaller", 0) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5859] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5859] munmap(0x7f82ff000000, 138412032) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] close(4) = 0 [pid 5859] mkdir("./file1", 0777) = 0 [ 94.144233][ T5859] loop0: detected capacity change from 0 to 32768 [ 94.175335][ T5859] JBD2: Ignoring recovery information on journal [pid 5859] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./file1") = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5859] close(3) = 0 [pid 5859] close(4) = -1 EBADF (Bad file descriptor) [pid 5859] close(5) = -1 EBADF (Bad file descriptor) [pid 5859] close(6) = -1 EBADF (Bad file descriptor) [pid 5859] close(7) = -1 EBADF (Bad file descriptor) [pid 5859] close(8) = -1 EBADF (Bad file descriptor) [pid 5859] close(9) = -1 EBADF (Bad file descriptor) [pid 5859] close(10) = -1 EBADF (Bad file descriptor) [pid 5859] close(11) = -1 EBADF (Bad file descriptor) [pid 5859] close(12) = -1 EBADF (Bad file descriptor) [pid 5859] close(13) = -1 EBADF (Bad file descriptor) [pid 5859] close(14) = -1 EBADF (Bad file descriptor) [pid 5859] close(15) = -1 EBADF (Bad file descriptor) [pid 5859] close(16) = -1 EBADF (Bad file descriptor) [pid 5859] close(17) = -1 EBADF (Bad file descriptor) [pid 5859] close(18) = -1 EBADF (Bad file descriptor) [pid 5859] close(19) = -1 EBADF (Bad file descriptor) [pid 5859] close(20) = -1 EBADF (Bad file descriptor) [pid 5859] close(21) = -1 EBADF (Bad file descriptor) [pid 5859] close(22) = -1 EBADF (Bad file descriptor) [pid 5859] close(23) = -1 EBADF (Bad file descriptor) [pid 5859] close(24) = -1 EBADF (Bad file descriptor) [pid 5859] close(25) = -1 EBADF (Bad file descriptor) [pid 5859] close(26) = -1 EBADF (Bad file descriptor) [pid 5859] close(27) = -1 EBADF (Bad file descriptor) [pid 5859] close(28) = -1 EBADF (Bad file descriptor) [pid 5859] close(29) = -1 EBADF (Bad file descriptor) [pid 5859] exit_group(0) = ? [ 94.210898][ T5859] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5859] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [ 94.350840][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./7/file1") = 0 [pid 5833] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./7/binderfs") = 0 [pid 5833] umount2("./7/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./7/cgroup.net") = 0 [pid 5833] umount2("./7/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./7/cgroup.cpu") = 0 [pid 5833] umount2("./7/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./7/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./7") = 0 [pid 5833] mkdir("./8", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 10 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5862] chdir("./8") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5862] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5862] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5862] write(1, "executing program\n", 18) = 18 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5862] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5862] munmap(0x7f82ff000000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./file1", 0777) = 0 [ 95.004570][ T5862] loop0: detected capacity change from 0 to 32768 [pid 5862] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5862] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 95.056630][ T5862] JBD2: Ignoring recovery information on journal [ 95.091821][ T5862] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5862] chdir("./file1") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5862] close(3) = 0 [pid 5862] close(4) = -1 EBADF (Bad file descriptor) [pid 5862] close(5) = -1 EBADF (Bad file descriptor) [pid 5862] close(6) = -1 EBADF (Bad file descriptor) [pid 5862] close(7) = -1 EBADF (Bad file descriptor) [pid 5862] close(8) = -1 EBADF (Bad file descriptor) [pid 5862] close(9) = -1 EBADF (Bad file descriptor) [pid 5862] close(10) = -1 EBADF (Bad file descriptor) [pid 5862] close(11) = -1 EBADF (Bad file descriptor) [pid 5862] close(12) = -1 EBADF (Bad file descriptor) [pid 5862] close(13) = -1 EBADF (Bad file descriptor) [pid 5862] close(14) = -1 EBADF (Bad file descriptor) [pid 5862] close(15) = -1 EBADF (Bad file descriptor) [pid 5862] close(16) = -1 EBADF (Bad file descriptor) [pid 5862] close(17) = -1 EBADF (Bad file descriptor) [pid 5862] close(18) = -1 EBADF (Bad file descriptor) [pid 5862] close(19) = -1 EBADF (Bad file descriptor) [pid 5862] close(20) = -1 EBADF (Bad file descriptor) [pid 5862] close(21) = -1 EBADF (Bad file descriptor) [pid 5862] close(22) = -1 EBADF (Bad file descriptor) [pid 5862] close(23) = -1 EBADF (Bad file descriptor) [pid 5862] close(24) = -1 EBADF (Bad file descriptor) [pid 5862] close(25) = -1 EBADF (Bad file descriptor) [pid 5862] close(26) = -1 EBADF (Bad file descriptor) [pid 5862] close(27) = -1 EBADF (Bad file descriptor) [pid 5862] close(28) = -1 EBADF (Bad file descriptor) [pid 5862] close(29) = -1 EBADF (Bad file descriptor) [pid 5862] exit_group(0) = ? [pid 5862] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 95.234296][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./8/file1") = 0 [pid 5833] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./8/binderfs") = 0 [pid 5833] umount2("./8/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./8/cgroup.net") = 0 [pid 5833] umount2("./8/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./8/cgroup.cpu") = 0 [pid 5833] umount2("./8/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./8/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./8") = 0 [pid 5833] mkdir("./9", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached [pid 5865] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 11 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5865] chdir("./9") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5865] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5865] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5865] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5865] write(1, "executing program\n", 18executing program ) = 18 [pid 5865] memfd_create("syzkaller", 0) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5865] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5865] munmap(0x7f82ff000000, 138412032) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] close(4) = 0 [pid 5865] mkdir("./file1", 0777) = 0 [ 95.919044][ T5865] loop0: detected capacity change from 0 to 32768 [pid 5865] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5865] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./file1") = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5865] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5865] close(3) = 0 [pid 5865] close(4) = -1 EBADF (Bad file descriptor) [pid 5865] close(5) = -1 EBADF (Bad file descriptor) [pid 5865] close(6) = -1 EBADF (Bad file descriptor) [pid 5865] close(7) = -1 EBADF (Bad file descriptor) [pid 5865] close(8) = -1 EBADF (Bad file descriptor) [pid 5865] close(9) = -1 EBADF (Bad file descriptor) [pid 5865] close(10) = -1 EBADF (Bad file descriptor) [pid 5865] close(11) = -1 EBADF (Bad file descriptor) [pid 5865] close(12) = -1 EBADF (Bad file descriptor) [pid 5865] close(13) = -1 EBADF (Bad file descriptor) [pid 5865] close(14) = -1 EBADF (Bad file descriptor) [pid 5865] close(15) = -1 EBADF (Bad file descriptor) [pid 5865] close(16) = -1 EBADF (Bad file descriptor) [pid 5865] close(17) = -1 EBADF (Bad file descriptor) [pid 5865] close(18) = -1 EBADF (Bad file descriptor) [pid 5865] close(19) = -1 EBADF (Bad file descriptor) [pid 5865] close(20) = -1 EBADF (Bad file descriptor) [pid 5865] close(21) = -1 EBADF (Bad file descriptor) [pid 5865] close(22) = -1 EBADF (Bad file descriptor) [pid 5865] close(23) = -1 EBADF (Bad file descriptor) [pid 5865] close(24) = -1 EBADF (Bad file descriptor) [pid 5865] close(25) = -1 EBADF (Bad file descriptor) [pid 5865] close(26) = -1 EBADF (Bad file descriptor) [pid 5865] close(27) = -1 EBADF (Bad file descriptor) [pid 5865] close(28) = -1 EBADF (Bad file descriptor) [ 95.987366][ T5865] JBD2: Ignoring recovery information on journal [ 96.024161][ T5865] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5865] close(29) = -1 EBADF (Bad file descriptor) [pid 5865] exit_group(0) = ? [pid 5865] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [ 96.178862][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./9/file1") = 0 [pid 5833] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./9/binderfs") = 0 [pid 5833] umount2("./9/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./9/cgroup.net") = 0 [pid 5833] umount2("./9/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./9/cgroup.cpu") = 0 [pid 5833] umount2("./9/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./9/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./9") = 0 [pid 5833] mkdir("./10", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x55556134f650) = 12 [pid 5868] set_robust_list(0x55556134f660, 24) = 0 [pid 5868] chdir("./10") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5868] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5868] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] write(1, "executing program\n", 18executing program ) = 18 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5868] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5868] munmap(0x7f82ff000000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./file1", 0777) = 0 [ 96.887933][ T5868] loop0: detected capacity change from 0 to 32768 [pid 5868] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5868] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./file1") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5868] close(3) = 0 [pid 5868] close(4) = -1 EBADF (Bad file descriptor) [pid 5868] close(5) = -1 EBADF (Bad file descriptor) [pid 5868] close(6) = -1 EBADF (Bad file descriptor) [pid 5868] close(7) = -1 EBADF (Bad file descriptor) [pid 5868] close(8) = -1 EBADF (Bad file descriptor) [ 96.944163][ T5868] JBD2: Ignoring recovery information on journal [ 96.981185][ T5868] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5868] close(9) = -1 EBADF (Bad file descriptor) [pid 5868] close(10) = -1 EBADF (Bad file descriptor) [pid 5868] close(11) = -1 EBADF (Bad file descriptor) [pid 5868] close(12) = -1 EBADF (Bad file descriptor) [pid 5868] close(13) = -1 EBADF (Bad file descriptor) [pid 5868] close(14) = -1 EBADF (Bad file descriptor) [pid 5868] close(15) = -1 EBADF (Bad file descriptor) [pid 5868] close(16) = -1 EBADF (Bad file descriptor) [pid 5868] close(17) = -1 EBADF (Bad file descriptor) [pid 5868] close(18) = -1 EBADF (Bad file descriptor) [pid 5868] close(19) = -1 EBADF (Bad file descriptor) [pid 5868] close(20) = -1 EBADF (Bad file descriptor) [pid 5868] close(21) = -1 EBADF (Bad file descriptor) [pid 5868] close(22) = -1 EBADF (Bad file descriptor) [pid 5868] close(23) = -1 EBADF (Bad file descriptor) [pid 5868] close(24) = -1 EBADF (Bad file descriptor) [pid 5868] close(25) = -1 EBADF (Bad file descriptor) [pid 5868] close(26) = -1 EBADF (Bad file descriptor) [pid 5868] close(27) = -1 EBADF (Bad file descriptor) [pid 5868] close(28) = -1 EBADF (Bad file descriptor) [pid 5868] close(29) = -1 EBADF (Bad file descriptor) [pid 5868] exit_group(0) = ? [pid 5868] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./10/file1") = 0 [pid 5833] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./10/binderfs") = 0 [pid 5833] umount2("./10/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./10/cgroup.net") = 0 [pid 5833] umount2("./10/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./10/cgroup.cpu") = 0 [pid 5833] umount2("./10/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./10/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./10") = 0 [pid 5833] mkdir("./11", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [ 97.062444][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x55556134f650) = 13 [pid 5871] set_robust_list(0x55556134f660, 24) = 0 [pid 5871] chdir("./11") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5871] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5871] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5871] write(1, "executing program\n", 18) = 18 [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5871] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5871] munmap(0x7f82ff000000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./file1", 0777) = 0 [ 97.490391][ T5871] loop0: detected capacity change from 0 to 32768 [pid 5871] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./file1") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5871] close(3) = 0 [pid 5871] close(4) = -1 EBADF (Bad file descriptor) [pid 5871] close(5) = -1 EBADF (Bad file descriptor) [pid 5871] close(6) = -1 EBADF (Bad file descriptor) [pid 5871] close(7) = -1 EBADF (Bad file descriptor) [pid 5871] close(8) = -1 EBADF (Bad file descriptor) [pid 5871] close(9) = -1 EBADF (Bad file descriptor) [pid 5871] close(10) = -1 EBADF (Bad file descriptor) [pid 5871] close(11) = -1 EBADF (Bad file descriptor) [pid 5871] close(12) = -1 EBADF (Bad file descriptor) [pid 5871] close(13) = -1 EBADF (Bad file descriptor) [pid 5871] close(14) = -1 EBADF (Bad file descriptor) [pid 5871] close(15) = -1 EBADF (Bad file descriptor) [pid 5871] close(16) = -1 EBADF (Bad file descriptor) [pid 5871] close(17) = -1 EBADF (Bad file descriptor) [pid 5871] close(18) = -1 EBADF (Bad file descriptor) [pid 5871] close(19) = -1 EBADF (Bad file descriptor) [pid 5871] close(20) = -1 EBADF (Bad file descriptor) [pid 5871] close(21) = -1 EBADF (Bad file descriptor) [pid 5871] close(22) = -1 EBADF (Bad file descriptor) [pid 5871] close(23) = -1 EBADF (Bad file descriptor) [pid 5871] close(24) = -1 EBADF (Bad file descriptor) [pid 5871] close(25) = -1 EBADF (Bad file descriptor) [pid 5871] close(26) = -1 EBADF (Bad file descriptor) [pid 5871] close(27) = -1 EBADF (Bad file descriptor) [pid 5871] close(28) = -1 EBADF (Bad file descriptor) [pid 5871] close(29) = -1 EBADF (Bad file descriptor) [pid 5871] exit_group(0) = ? [ 97.556964][ T5871] JBD2: Ignoring recovery information on journal [ 97.590076][ T5871] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5871] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5833] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 97.692106][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./11/file1") = 0 [pid 5833] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./11/binderfs") = 0 [pid 5833] umount2("./11/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./11/cgroup.net") = 0 [pid 5833] umount2("./11/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./11/cgroup.cpu") = 0 [pid 5833] umount2("./11/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./11/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./11") = 0 [pid 5833] mkdir("./12", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556134f650) = 14 ./strace-static-x86_64: Process 5874 attached [pid 5874] set_robust_list(0x55556134f660, 24) = 0 [pid 5874] chdir("./12") = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] setpgid(0, 0) = 0 [pid 5874] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5874] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5874] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5874] write(3, "1000", 4) = 4 [pid 5874] close(3) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5874] write(1, "executing program\n", 18executing program ) = 18 [pid 5874] memfd_create("syzkaller", 0) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5874] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5874] munmap(0x7f82ff000000, 138412032) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] close(4) = 0 [pid 5874] mkdir("./file1", 0777) = 0 [ 98.319428][ T5874] loop0: detected capacity change from 0 to 32768 [ 98.351494][ T5874] JBD2: Ignoring recovery information on journal [pid 5874] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5874] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./file1") = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5874] close(3) = 0 [pid 5874] close(4) = -1 EBADF (Bad file descriptor) [pid 5874] close(5) = -1 EBADF (Bad file descriptor) [pid 5874] close(6) = -1 EBADF (Bad file descriptor) [pid 5874] close(7) = -1 EBADF (Bad file descriptor) [pid 5874] close(8) = -1 EBADF (Bad file descriptor) [pid 5874] close(9) = -1 EBADF (Bad file descriptor) [pid 5874] close(10) = -1 EBADF (Bad file descriptor) [pid 5874] close(11) = -1 EBADF (Bad file descriptor) [pid 5874] close(12) = -1 EBADF (Bad file descriptor) [pid 5874] close(13) = -1 EBADF (Bad file descriptor) [pid 5874] close(14) = -1 EBADF (Bad file descriptor) [pid 5874] close(15) = -1 EBADF (Bad file descriptor) [pid 5874] close(16) = -1 EBADF (Bad file descriptor) [pid 5874] close(17) = -1 EBADF (Bad file descriptor) [pid 5874] close(18) = -1 EBADF (Bad file descriptor) [pid 5874] close(19) = -1 EBADF (Bad file descriptor) [pid 5874] close(20) = -1 EBADF (Bad file descriptor) [pid 5874] close(21) = -1 EBADF (Bad file descriptor) [pid 5874] close(22) = -1 EBADF (Bad file descriptor) [pid 5874] close(23) = -1 EBADF (Bad file descriptor) [pid 5874] close(24) = -1 EBADF (Bad file descriptor) [pid 5874] close(25) = -1 EBADF (Bad file descriptor) [pid 5874] close(26) = -1 EBADF (Bad file descriptor) [pid 5874] close(27) = -1 EBADF (Bad file descriptor) [pid 5874] close(28) = -1 EBADF (Bad file descriptor) [pid 5874] close(29) = -1 EBADF (Bad file descriptor) [pid 5874] exit_group(0) = ? [pid 5874] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 98.388536][ T5874] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [ 98.496687][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./12/file1") = 0 [pid 5833] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./12/binderfs") = 0 [pid 5833] umount2("./12/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./12/cgroup.net") = 0 [pid 5833] umount2("./12/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./12/cgroup.cpu") = 0 [pid 5833] umount2("./12/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./12/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./12") = 0 [pid 5833] mkdir("./13", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5877 attached , child_tidptr=0x55556134f650) = 15 [pid 5877] set_robust_list(0x55556134f660, 24) = 0 [pid 5877] chdir("./13") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5877] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5877] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] write(1, "executing program\n", 18executing program ) = 18 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5877] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5877] munmap(0x7f82ff000000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./file1", 0777) = 0 [ 99.220909][ T5877] loop0: detected capacity change from 0 to 32768 [ 99.260925][ T5877] JBD2: Ignoring recovery information on journal [pid 5877] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5877] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./file1") = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5877] close(3) = 0 [ 99.296737][ T5877] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5877] close(4) = -1 EBADF (Bad file descriptor) [pid 5877] close(5) = -1 EBADF (Bad file descriptor) [pid 5877] close(6) = -1 EBADF (Bad file descriptor) [pid 5877] close(7) = -1 EBADF (Bad file descriptor) [pid 5877] close(8) = -1 EBADF (Bad file descriptor) [pid 5877] close(9) = -1 EBADF (Bad file descriptor) [pid 5877] close(10) = -1 EBADF (Bad file descriptor) [pid 5877] close(11) = -1 EBADF (Bad file descriptor) [pid 5877] close(12) = -1 EBADF (Bad file descriptor) [pid 5877] close(13) = -1 EBADF (Bad file descriptor) [pid 5877] close(14) = -1 EBADF (Bad file descriptor) [pid 5877] close(15) = -1 EBADF (Bad file descriptor) [pid 5877] close(16) = -1 EBADF (Bad file descriptor) [pid 5877] close(17) = -1 EBADF (Bad file descriptor) [pid 5877] close(18) = -1 EBADF (Bad file descriptor) [pid 5877] close(19) = -1 EBADF (Bad file descriptor) [pid 5877] close(20) = -1 EBADF (Bad file descriptor) [pid 5877] close(21) = -1 EBADF (Bad file descriptor) [pid 5877] close(22) = -1 EBADF (Bad file descriptor) [pid 5877] close(23) = -1 EBADF (Bad file descriptor) [pid 5877] close(24) = -1 EBADF (Bad file descriptor) [pid 5877] close(25) = -1 EBADF (Bad file descriptor) [pid 5877] close(26) = -1 EBADF (Bad file descriptor) [pid 5877] close(27) = -1 EBADF (Bad file descriptor) [pid 5877] close(28) = -1 EBADF (Bad file descriptor) [pid 5877] close(29) = -1 EBADF (Bad file descriptor) [pid 5877] exit_group(0) = ? [pid 5877] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./13/file1") = 0 [pid 5833] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./13/binderfs") = 0 [pid 5833] umount2("./13/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./13/cgroup.net") = 0 [pid 5833] umount2("./13/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./13/cgroup.cpu") = 0 [pid 5833] umount2("./13/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./13/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./13") = 0 [pid 5833] mkdir("./14", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [ 99.432629][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached [pid 5880] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 16 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5880] chdir("./14") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5880] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5880] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5880] write(1, "executing program\n", 18executing program ) = 18 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5880] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5880] munmap(0x7f82ff000000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5880] mkdir("./file1", 0777) = 0 [ 99.850174][ T5880] loop0: detected capacity change from 0 to 32768 [ 99.876661][ T5880] JBD2: Ignoring recovery information on journal [pid 5880] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5880] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./file1") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 99.911299][ T5880] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5880] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5880] close(3) = 0 [pid 5880] close(4) = -1 EBADF (Bad file descriptor) [pid 5880] close(5) = -1 EBADF (Bad file descriptor) [pid 5880] close(6) = -1 EBADF (Bad file descriptor) [pid 5880] close(7) = -1 EBADF (Bad file descriptor) [pid 5880] close(8) = -1 EBADF (Bad file descriptor) [pid 5880] close(9) = -1 EBADF (Bad file descriptor) [pid 5880] close(10) = -1 EBADF (Bad file descriptor) [pid 5880] close(11) = -1 EBADF (Bad file descriptor) [pid 5880] close(12) = -1 EBADF (Bad file descriptor) [pid 5880] close(13) = -1 EBADF (Bad file descriptor) [pid 5880] close(14) = -1 EBADF (Bad file descriptor) [pid 5880] close(15) = -1 EBADF (Bad file descriptor) [pid 5880] close(16) = -1 EBADF (Bad file descriptor) [pid 5880] close(17) = -1 EBADF (Bad file descriptor) [pid 5880] close(18) = -1 EBADF (Bad file descriptor) [pid 5880] close(19) = -1 EBADF (Bad file descriptor) [pid 5880] close(20) = -1 EBADF (Bad file descriptor) [pid 5880] close(21) = -1 EBADF (Bad file descriptor) [pid 5880] close(22) = -1 EBADF (Bad file descriptor) [pid 5880] close(23) = -1 EBADF (Bad file descriptor) [pid 5880] close(24) = -1 EBADF (Bad file descriptor) [pid 5880] close(25) = -1 EBADF (Bad file descriptor) [pid 5880] close(26) = -1 EBADF (Bad file descriptor) [pid 5880] close(27) = -1 EBADF (Bad file descriptor) [pid 5880] close(28) = -1 EBADF (Bad file descriptor) [pid 5880] close(29) = -1 EBADF (Bad file descriptor) [pid 5880] exit_group(0) = ? [pid 5880] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./14/file1") = 0 [pid 5833] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./14/binderfs") = 0 [pid 5833] umount2("./14/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./14/cgroup.net") = 0 [pid 5833] umount2("./14/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./14/cgroup.cpu") = 0 [pid 5833] umount2("./14/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./14/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./14") = 0 [pid 5833] mkdir("./15", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [ 100.041189][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x55556134f650) = 17 [pid 5883] set_robust_list(0x55556134f660, 24) = 0 [pid 5883] chdir("./15") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5883] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5883] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] write(1, "executing program\n", 18executing program ) = 18 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5883] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5883] munmap(0x7f82ff000000, 138412032) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] close(4) = 0 [pid 5883] mkdir("./file1", 0777) = 0 [ 100.490618][ T5883] loop0: detected capacity change from 0 to 32768 [ 100.540260][ T5883] JBD2: Ignoring recovery information on journal [pid 5883] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5883] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file1") = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5883] close(3) = 0 [pid 5883] close(4) = -1 EBADF (Bad file descriptor) [pid 5883] close(5) = -1 EBADF (Bad file descriptor) [pid 5883] close(6) = -1 EBADF (Bad file descriptor) [pid 5883] close(7) = -1 EBADF (Bad file descriptor) [pid 5883] close(8) = -1 EBADF (Bad file descriptor) [pid 5883] close(9) = -1 EBADF (Bad file descriptor) [pid 5883] close(10) = -1 EBADF (Bad file descriptor) [pid 5883] close(11) = -1 EBADF (Bad file descriptor) [pid 5883] close(12) = -1 EBADF (Bad file descriptor) [pid 5883] close(13) = -1 EBADF (Bad file descriptor) [pid 5883] close(14) = -1 EBADF (Bad file descriptor) [pid 5883] close(15) = -1 EBADF (Bad file descriptor) [pid 5883] close(16) = -1 EBADF (Bad file descriptor) [pid 5883] close(17) = -1 EBADF (Bad file descriptor) [pid 5883] close(18) = -1 EBADF (Bad file descriptor) [pid 5883] close(19) = -1 EBADF (Bad file descriptor) [pid 5883] close(20) = -1 EBADF (Bad file descriptor) [pid 5883] close(21) = -1 EBADF (Bad file descriptor) [pid 5883] close(22) = -1 EBADF (Bad file descriptor) [pid 5883] close(23) = -1 EBADF (Bad file descriptor) [pid 5883] close(24) = -1 EBADF (Bad file descriptor) [pid 5883] close(25) = -1 EBADF (Bad file descriptor) [pid 5883] close(26) = -1 EBADF (Bad file descriptor) [pid 5883] close(27) = -1 EBADF (Bad file descriptor) [pid 5883] close(28) = -1 EBADF (Bad file descriptor) [pid 5883] close(29) = -1 EBADF (Bad file descriptor) [pid 5883] exit_group(0) = ? [ 100.582414][ T5883] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5883] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 5833] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [ 100.636019][ T5883] syz-executor190 (5883) used greatest stack depth: 18712 bytes left [pid 5833] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 100.702520][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./15/file1") = 0 [pid 5833] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./15/binderfs") = 0 [pid 5833] umount2("./15/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./15/cgroup.net") = 0 [pid 5833] umount2("./15/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./15/cgroup.cpu") = 0 [pid 5833] umount2("./15/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./15/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./15") = 0 [pid 5833] mkdir("./16", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5886 attached [pid 5886] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 18 [pid 5886] <... set_robust_list resumed>) = 0 [pid 5886] chdir("./16") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5886] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5886] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] write(1, "executing program\n", 18executing program ) = 18 [pid 5886] memfd_create("syzkaller", 0) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5886] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5886] munmap(0x7f82ff000000, 138412032) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5886] close(3) = 0 [pid 5886] close(4) = 0 [pid 5886] mkdir("./file1", 0777) = 0 [ 101.387519][ T5886] loop0: detected capacity change from 0 to 32768 [ 101.422132][ T5886] JBD2: Ignoring recovery information on journal [pid 5886] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./file1") = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5886] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5886] close(3) = 0 [pid 5886] close(4) = -1 EBADF (Bad file descriptor) [pid 5886] close(5) = -1 EBADF (Bad file descriptor) [pid 5886] close(6) = -1 EBADF (Bad file descriptor) [pid 5886] close(7) = -1 EBADF (Bad file descriptor) [pid 5886] close(8) = -1 EBADF (Bad file descriptor) [pid 5886] close(9) = -1 EBADF (Bad file descriptor) [pid 5886] close(10) = -1 EBADF (Bad file descriptor) [pid 5886] close(11) = -1 EBADF (Bad file descriptor) [pid 5886] close(12) = -1 EBADF (Bad file descriptor) [pid 5886] close(13) = -1 EBADF (Bad file descriptor) [pid 5886] close(14) = -1 EBADF (Bad file descriptor) [pid 5886] close(15) = -1 EBADF (Bad file descriptor) [pid 5886] close(16) = -1 EBADF (Bad file descriptor) [pid 5886] close(17) = -1 EBADF (Bad file descriptor) [pid 5886] close(18) = -1 EBADF (Bad file descriptor) [pid 5886] close(19) = -1 EBADF (Bad file descriptor) [pid 5886] close(20) = -1 EBADF (Bad file descriptor) [pid 5886] close(21) = -1 EBADF (Bad file descriptor) [pid 5886] close(22) = -1 EBADF (Bad file descriptor) [pid 5886] close(23) = -1 EBADF (Bad file descriptor) [pid 5886] close(24) = -1 EBADF (Bad file descriptor) [pid 5886] close(25) = -1 EBADF (Bad file descriptor) [pid 5886] close(26) = -1 EBADF (Bad file descriptor) [pid 5886] close(27) = -1 EBADF (Bad file descriptor) [pid 5886] close(28) = -1 EBADF (Bad file descriptor) [pid 5886] close(29) = -1 EBADF (Bad file descriptor) [pid 5886] exit_group(0) = ? [pid 5886] +++ exited with 0 +++ [ 101.468828][ T5886] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5833] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [ 101.626608][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./16/file1") = 0 [pid 5833] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./16/binderfs") = 0 [pid 5833] umount2("./16/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./16/cgroup.net") = 0 [pid 5833] umount2("./16/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./16/cgroup.cpu") = 0 [pid 5833] umount2("./16/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./16/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./16") = 0 [pid 5833] mkdir("./17", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5889 attached , child_tidptr=0x55556134f650) = 19 [pid 5889] set_robust_list(0x55556134f660, 24) = 0 [pid 5889] chdir("./17") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5889] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5889] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] write(1, "executing program\n", 18executing program ) = 18 [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5889] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5889] munmap(0x7f82ff000000, 138412032) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5889] close(3) = 0 [pid 5889] close(4) = 0 [pid 5889] mkdir("./file1", 0777) = 0 [ 102.249207][ T5889] loop0: detected capacity change from 0 to 32768 [pid 5889] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5889] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./file1") = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 102.293839][ T5889] JBD2: Ignoring recovery information on journal [ 102.329415][ T5889] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5889] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5889] close(3) = 0 [pid 5889] close(4) = -1 EBADF (Bad file descriptor) [pid 5889] close(5) = -1 EBADF (Bad file descriptor) [pid 5889] close(6) = -1 EBADF (Bad file descriptor) [pid 5889] close(7) = -1 EBADF (Bad file descriptor) [pid 5889] close(8) = -1 EBADF (Bad file descriptor) [pid 5889] close(9) = -1 EBADF (Bad file descriptor) [pid 5889] close(10) = -1 EBADF (Bad file descriptor) [pid 5889] close(11) = -1 EBADF (Bad file descriptor) [pid 5889] close(12) = -1 EBADF (Bad file descriptor) [pid 5889] close(13) = -1 EBADF (Bad file descriptor) [pid 5889] close(14) = -1 EBADF (Bad file descriptor) [pid 5889] close(15) = -1 EBADF (Bad file descriptor) [pid 5889] close(16) = -1 EBADF (Bad file descriptor) [pid 5889] close(17) = -1 EBADF (Bad file descriptor) [pid 5889] close(18) = -1 EBADF (Bad file descriptor) [pid 5889] close(19) = -1 EBADF (Bad file descriptor) [pid 5889] close(20) = -1 EBADF (Bad file descriptor) [pid 5889] close(21) = -1 EBADF (Bad file descriptor) [pid 5889] close(22) = -1 EBADF (Bad file descriptor) [pid 5889] close(23) = -1 EBADF (Bad file descriptor) [pid 5889] close(24) = -1 EBADF (Bad file descriptor) [pid 5889] close(25) = -1 EBADF (Bad file descriptor) [pid 5889] close(26) = -1 EBADF (Bad file descriptor) [pid 5889] close(27) = -1 EBADF (Bad file descriptor) [pid 5889] close(28) = -1 EBADF (Bad file descriptor) [pid 5889] close(29) = -1 EBADF (Bad file descriptor) [pid 5889] exit_group(0) = ? [pid 5889] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 5833] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 102.446514][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./17/file1") = 0 [pid 5833] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./17/binderfs") = 0 [pid 5833] umount2("./17/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./17/cgroup.net") = 0 [pid 5833] umount2("./17/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./17/cgroup.cpu") = 0 [pid 5833] umount2("./17/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./17/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./17") = 0 [pid 5833] mkdir("./18", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached , child_tidptr=0x55556134f650) = 20 [pid 5892] set_robust_list(0x55556134f660, 24) = 0 [pid 5892] chdir("./18") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5892] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5892] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] write(1, "executing program\n", 18executing program ) = 18 [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5892] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5892] munmap(0x7f82ff000000, 138412032) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] close(3) = 0 [pid 5892] close(4) = 0 [pid 5892] mkdir("./file1", 0777) = 0 [ 103.216408][ T5892] loop0: detected capacity change from 0 to 32768 [pid 5892] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5892] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./file1") = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 103.262766][ T5892] JBD2: Ignoring recovery information on journal [ 103.296748][ T5892] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5892] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5892] close(3) = 0 [pid 5892] close(4) = -1 EBADF (Bad file descriptor) [pid 5892] close(5) = -1 EBADF (Bad file descriptor) [pid 5892] close(6) = -1 EBADF (Bad file descriptor) [pid 5892] close(7) = -1 EBADF (Bad file descriptor) [pid 5892] close(8) = -1 EBADF (Bad file descriptor) [pid 5892] close(9) = -1 EBADF (Bad file descriptor) [pid 5892] close(10) = -1 EBADF (Bad file descriptor) [pid 5892] close(11) = -1 EBADF (Bad file descriptor) [pid 5892] close(12) = -1 EBADF (Bad file descriptor) [pid 5892] close(13) = -1 EBADF (Bad file descriptor) [pid 5892] close(14) = -1 EBADF (Bad file descriptor) [pid 5892] close(15) = -1 EBADF (Bad file descriptor) [pid 5892] close(16) = -1 EBADF (Bad file descriptor) [pid 5892] close(17) = -1 EBADF (Bad file descriptor) [pid 5892] close(18) = -1 EBADF (Bad file descriptor) [pid 5892] close(19) = -1 EBADF (Bad file descriptor) [pid 5892] close(20) = -1 EBADF (Bad file descriptor) [pid 5892] close(21) = -1 EBADF (Bad file descriptor) [pid 5892] close(22) = -1 EBADF (Bad file descriptor) [pid 5892] close(23) = -1 EBADF (Bad file descriptor) [pid 5892] close(24) = -1 EBADF (Bad file descriptor) [pid 5892] close(25) = -1 EBADF (Bad file descriptor) [pid 5892] close(26) = -1 EBADF (Bad file descriptor) [pid 5892] close(27) = -1 EBADF (Bad file descriptor) [pid 5892] close(28) = -1 EBADF (Bad file descriptor) [pid 5892] close(29) = -1 EBADF (Bad file descriptor) [pid 5892] exit_group(0) = ? [pid 5892] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- [pid 5833] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./18/file1") = 0 [pid 5833] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./18/binderfs") = 0 [pid 5833] umount2("./18/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./18/cgroup.net") = 0 [pid 5833] umount2("./18/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./18/cgroup.cpu") = 0 [pid 5833] umount2("./18/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./18/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./18") = 0 [pid 5833] mkdir("./19", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [ 103.396397][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached [pid 5895] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 21 [pid 5895] <... set_robust_list resumed>) = 0 [pid 5895] chdir("./19") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5895] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5895] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5895] write(1, "executing program\n", 18) = 18 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5895] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5895] munmap(0x7f82ff000000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./file1", 0777) = 0 [ 103.859711][ T5895] loop0: detected capacity change from 0 to 32768 [ 103.915265][ T5895] JBD2: Ignoring recovery information on journal [pid 5895] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5895] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file1") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5895] close(3) = 0 [pid 5895] close(4) = -1 EBADF (Bad file descriptor) [pid 5895] close(5) = -1 EBADF (Bad file descriptor) [pid 5895] close(6) = -1 EBADF (Bad file descriptor) [pid 5895] close(7) = -1 EBADF (Bad file descriptor) [pid 5895] close(8) = -1 EBADF (Bad file descriptor) [pid 5895] close(9) = -1 EBADF (Bad file descriptor) [pid 5895] close(10) = -1 EBADF (Bad file descriptor) [pid 5895] close(11) = -1 EBADF (Bad file descriptor) [pid 5895] close(12) = -1 EBADF (Bad file descriptor) [pid 5895] close(13) = -1 EBADF (Bad file descriptor) [pid 5895] close(14) = -1 EBADF (Bad file descriptor) [pid 5895] close(15) = -1 EBADF (Bad file descriptor) [pid 5895] close(16) = -1 EBADF (Bad file descriptor) [pid 5895] close(17) = -1 EBADF (Bad file descriptor) [pid 5895] close(18) = -1 EBADF (Bad file descriptor) [pid 5895] close(19) = -1 EBADF (Bad file descriptor) [pid 5895] close(20) = -1 EBADF (Bad file descriptor) [pid 5895] close(21) = -1 EBADF (Bad file descriptor) [pid 5895] close(22) = -1 EBADF (Bad file descriptor) [pid 5895] close(23) = -1 EBADF (Bad file descriptor) [pid 5895] close(24) = -1 EBADF (Bad file descriptor) [pid 5895] close(25) = -1 EBADF (Bad file descriptor) [pid 5895] close(26) = -1 EBADF (Bad file descriptor) [pid 5895] close(27) = -1 EBADF (Bad file descriptor) [pid 5895] close(28) = -1 EBADF (Bad file descriptor) [pid 5895] close(29) = -1 EBADF (Bad file descriptor) [pid 5895] exit_group(0) = ? [ 103.979608][ T5895] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5895] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [pid 5833] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./19/file1") = 0 [pid 5833] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./19/binderfs") = 0 [ 104.083371][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] umount2("./19/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./19/cgroup.net") = 0 [pid 5833] umount2("./19/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./19/cgroup.cpu") = 0 [pid 5833] umount2("./19/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./19/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./19") = 0 [pid 5833] mkdir("./20", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached [pid 5898] set_robust_list(0x55556134f660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55556134f650) = 22 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5898] chdir("./20") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5898] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5898] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5898] write(1, "executing program\n", 18) = 18 [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5898] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5898] munmap(0x7f82ff000000, 138412032) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5898] close(3) = 0 [pid 5898] close(4) = 0 [pid 5898] mkdir("./file1", 0777) = 0 [ 104.639409][ T5898] loop0: detected capacity change from 0 to 32768 [pid 5898] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5898] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5898] chdir("./file1") = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5898] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5898] close(3) = 0 [ 104.679927][ T5898] JBD2: Ignoring recovery information on journal [ 104.716844][ T5898] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5898] close(4) = -1 EBADF (Bad file descriptor) [pid 5898] close(5) = -1 EBADF (Bad file descriptor) [pid 5898] close(6) = -1 EBADF (Bad file descriptor) [pid 5898] close(7) = -1 EBADF (Bad file descriptor) [pid 5898] close(8) = -1 EBADF (Bad file descriptor) [pid 5898] close(9) = -1 EBADF (Bad file descriptor) [pid 5898] close(10) = -1 EBADF (Bad file descriptor) [pid 5898] close(11) = -1 EBADF (Bad file descriptor) [pid 5898] close(12) = -1 EBADF (Bad file descriptor) [pid 5898] close(13) = -1 EBADF (Bad file descriptor) [pid 5898] close(14) = -1 EBADF (Bad file descriptor) [pid 5898] close(15) = -1 EBADF (Bad file descriptor) [pid 5898] close(16) = -1 EBADF (Bad file descriptor) [pid 5898] close(17) = -1 EBADF (Bad file descriptor) [pid 5898] close(18) = -1 EBADF (Bad file descriptor) [pid 5898] close(19) = -1 EBADF (Bad file descriptor) [pid 5898] close(20) = -1 EBADF (Bad file descriptor) [pid 5898] close(21) = -1 EBADF (Bad file descriptor) [pid 5898] close(22) = -1 EBADF (Bad file descriptor) [pid 5898] close(23) = -1 EBADF (Bad file descriptor) [pid 5898] close(24) = -1 EBADF (Bad file descriptor) [pid 5898] close(25) = -1 EBADF (Bad file descriptor) [pid 5898] close(26) = -1 EBADF (Bad file descriptor) [pid 5898] close(27) = -1 EBADF (Bad file descriptor) [pid 5898] close(28) = -1 EBADF (Bad file descriptor) [pid 5898] close(29) = -1 EBADF (Bad file descriptor) [pid 5898] exit_group(0) = ? [pid 5898] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./20/file1") = 0 [pid 5833] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./20/binderfs") = 0 [pid 5833] umount2("./20/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./20/cgroup.net") = 0 [pid 5833] umount2("./20/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./20/cgroup.cpu") = 0 [pid 5833] umount2("./20/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./20/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./20") = 0 [pid 5833] mkdir("./21", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [ 104.827350][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached , child_tidptr=0x55556134f650) = 23 [pid 5901] set_robust_list(0x55556134f660, 24) = 0 [pid 5901] chdir("./21") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5901] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5901] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5901] write(1, "executing program\n", 18) = 18 [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5901] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5901] munmap(0x7f82ff000000, 138412032) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./file1", 0777) = 0 [ 105.199278][ T5901] loop0: detected capacity change from 0 to 32768 [ 105.241758][ T5901] JBD2: Ignoring recovery information on journal [pid 5901] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5901] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./file1") = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.286267][ T5901] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5901] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5901] close(3) = 0 [pid 5901] close(4) = -1 EBADF (Bad file descriptor) [pid 5901] close(5) = -1 EBADF (Bad file descriptor) [pid 5901] close(6) = -1 EBADF (Bad file descriptor) [pid 5901] close(7) = -1 EBADF (Bad file descriptor) [pid 5901] close(8) = -1 EBADF (Bad file descriptor) [pid 5901] close(9) = -1 EBADF (Bad file descriptor) [pid 5901] close(10) = -1 EBADF (Bad file descriptor) [pid 5901] close(11) = -1 EBADF (Bad file descriptor) [pid 5901] close(12) = -1 EBADF (Bad file descriptor) [pid 5901] close(13) = -1 EBADF (Bad file descriptor) [pid 5901] close(14) = -1 EBADF (Bad file descriptor) [pid 5901] close(15) = -1 EBADF (Bad file descriptor) [pid 5901] close(16) = -1 EBADF (Bad file descriptor) [pid 5901] close(17) = -1 EBADF (Bad file descriptor) [pid 5901] close(18) = -1 EBADF (Bad file descriptor) [pid 5901] close(19) = -1 EBADF (Bad file descriptor) [pid 5901] close(20) = -1 EBADF (Bad file descriptor) [pid 5901] close(21) = -1 EBADF (Bad file descriptor) [pid 5901] close(22) = -1 EBADF (Bad file descriptor) [pid 5901] close(23) = -1 EBADF (Bad file descriptor) [pid 5901] close(24) = -1 EBADF (Bad file descriptor) [pid 5901] close(25) = -1 EBADF (Bad file descriptor) [pid 5901] close(26) = -1 EBADF (Bad file descriptor) [pid 5901] close(27) = -1 EBADF (Bad file descriptor) [pid 5901] close(28) = -1 EBADF (Bad file descriptor) [pid 5901] close(29) = -1 EBADF (Bad file descriptor) [pid 5901] exit_group(0) = ? [pid 5901] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5833] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 105.492414][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./21/file1") = 0 [pid 5833] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./21/binderfs") = 0 [pid 5833] umount2("./21/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./21/cgroup.net") = 0 [pid 5833] umount2("./21/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./21/cgroup.cpu") = 0 [pid 5833] umount2("./21/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./21/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./21") = 0 [pid 5833] mkdir("./22", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x55556134f650) = 24 [pid 5904] set_robust_list(0x55556134f660, 24) = 0 [pid 5904] chdir("./22") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5904] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5904] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] write(1, "executing program\n", 18executing program ) = 18 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5904] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5904] munmap(0x7f82ff000000, 138412032) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] close(3) = 0 [pid 5904] close(4) = 0 [pid 5904] mkdir("./file1", 0777) = 0 [ 106.160383][ T5904] loop0: detected capacity change from 0 to 32768 [ 106.207064][ T5904] JBD2: Ignoring recovery information on journal [pid 5904] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0 [pid 5904] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./file1") = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5904] open(NULL, O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = -1 EFAULT (Bad address) [pid 5904] close(3) = 0 [pid 5904] close(4) = -1 EBADF (Bad file descriptor) [pid 5904] close(5) = -1 EBADF (Bad file descriptor) [pid 5904] close(6) = -1 EBADF (Bad file descriptor) [pid 5904] close(7) = -1 EBADF (Bad file descriptor) [pid 5904] close(8) = -1 EBADF (Bad file descriptor) [pid 5904] close(9) = -1 EBADF (Bad file descriptor) [pid 5904] close(10) = -1 EBADF (Bad file descriptor) [pid 5904] close(11) = -1 EBADF (Bad file descriptor) [pid 5904] close(12) = -1 EBADF (Bad file descriptor) [pid 5904] close(13) = -1 EBADF (Bad file descriptor) [pid 5904] close(14) = -1 EBADF (Bad file descriptor) [pid 5904] close(15) = -1 EBADF (Bad file descriptor) [pid 5904] close(16) = -1 EBADF (Bad file descriptor) [pid 5904] close(17) = -1 EBADF (Bad file descriptor) [pid 5904] close(18) = -1 EBADF (Bad file descriptor) [pid 5904] close(19) = -1 EBADF (Bad file descriptor) [pid 5904] close(20) = -1 EBADF (Bad file descriptor) [pid 5904] close(21) = -1 EBADF (Bad file descriptor) [pid 5904] close(22) = -1 EBADF (Bad file descriptor) [pid 5904] close(23) = -1 EBADF (Bad file descriptor) [pid 5904] close(24) = -1 EBADF (Bad file descriptor) [pid 5904] close(25) = -1 EBADF (Bad file descriptor) [pid 5904] close(26) = -1 EBADF (Bad file descriptor) [pid 5904] close(27) = -1 EBADF (Bad file descriptor) [pid 5904] close(28) = -1 EBADF (Bad file descriptor) [pid 5904] close(29) = -1 EBADF (Bad file descriptor) [pid 5904] exit_group(0) = ? [pid 5904] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=18 /* 0.18 s */} --- [ 106.247890][ T5904] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5833] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=140, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 7 entries */, 32768) = 208 [pid 5833] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5833] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5833] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(4, 0x555561358730 /* 2 entries */, 32768) = 48 [pid 5833] getdents64(4, 0x555561358730 /* 0 entries */, 32768) = 0 [pid 5833] close(4) = 0 [pid 5833] rmdir("./22/file1") = 0 [pid 5833] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./22/binderfs") = 0 [pid 5833] umount2("./22/cgroup.net", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./22/cgroup.net") = 0 [pid 5833] umount2("./22/cgroup.cpu", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./22/cgroup.cpu") = 0 [pid 5833] umount2("./22/cgroup", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./22/cgroup") = 0 [pid 5833] getdents64(3, 0x5555613506f0 /* 0 entries */, 32768) = 0 [pid 5833] close(3) = 0 [pid 5833] rmdir("./22") = 0 [pid 5833] mkdir("./23", 0777) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5833] ioctl(3, LOOP_CLR_FD) = 0 [ 106.367479][ T5833] ocfs2: Unmounting device (7,0) on (node local) [pid 5833] close(3) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x55556134f650) = 25 [pid 5907] set_robust_list(0x55556134f660, 24) = 0 [pid 5907] chdir("./23") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5907] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5907] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82ff000000 [pid 5907] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5907] munmap(0x7f82ff000000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./file1", 0777) = 0 [ 106.718807][ T5907] loop0: detected capacity change from 0 to 32768 [ 106.773492][ T5907] JBD2: Ignoring recovery information on journal [ 106.784466][ T1111] list_add double add: new=ffff888026597e70, prev=ffff888026597e70, next=ffff888145a87160. [ 106.794905][ T1111] ------------[ cut here ]------------ [ 106.800607][ T1111] kernel BUG at lib/list_debug.c:37! [ 106.805904][ T1111] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 106.812823][ T1111] CPU: 1 UID: 0 PID: 1111 Comm: kworker/u8:6 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 106.823122][ T1111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 106.833156][ T1111] Workqueue: loop0 loop_workfn [ 106.837927][ T1111] RIP: 0010:__list_add_valid_or_report+0xa4/0x130 [ 106.844329][ T1111] Code: f7 74 11 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 c7 c7 a0 59 81 8c 4c 89 fe 4c 89 e2 4c 89 f1 e8 0d e8 27 fc 90 <0f> 0b 48 c7 c7 a0 57 81 8c e8 fe e7 27 fc 90 0f 0b 48 c7 c7 40 58 [ 106.863913][ T1111] RSP: 0018:ffffc90003dff628 EFLAGS: 00010046 [ 106.869976][ T1111] RAX: 0000000000000058 RBX: 1ffff11004cb2fce RCX: fc49eacae7075700 [ 106.877943][ T1111] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 [ 106.885890][ T1111] RBP: 1ffff11028b50e2d R08: ffffffff81a170dc R09: 1ffff920007bfe60 [ 106.893838][ T1111] R10: dffffc0000000000 R11: fffff520007bfe61 R12: ffff888026597e70 [ 106.901785][ T1111] R13: dffffc0000000000 R14: ffff888145a87160 R15: ffff888026597e70 [ 106.909732][ T1111] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 106.918637][ T1111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.925197][ T1111] CR2: 00007f82fffff000 CR3: 0000000033b4a000 CR4: 00000000003526f0 [ 106.933164][ T1111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 106.941112][ T1111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 106.949057][ T1111] Call Trace: [ 106.952314][ T1111] [ 106.955224][ T1111] ? __die_body+0x5f/0xb0 [ 106.959538][ T1111] ? die+0x9e/0xc0 [ 106.963239][ T1111] ? do_trap+0x15a/0x3a0 [ 106.967461][ T1111] ? __list_add_valid_or_report+0xa4/0x130 [ 106.973252][ T1111] ? do_error_trap+0x1dc/0x2c0 [ 106.977995][ T1111] ? __list_add_valid_or_report+0xa4/0x130 [ 106.983784][ T1111] ? __pfx_do_error_trap+0x10/0x10 [ 106.988873][ T1111] ? report_bug+0x3cd/0x500 [ 106.993370][ T1111] ? __list_add_valid_or_report+0xa4/0x130 [ 106.999158][ T1111] ? handle_invalid_op+0x34/0x40 [ 107.004072][ T1111] ? __list_add_valid_or_report+0xa4/0x130 [ 107.009859][ T1111] ? exc_invalid_op+0x38/0x50 [ 107.014519][ T1111] ? asm_exc_invalid_op+0x1a/0x20 [ 107.019524][ T1111] ? __wake_up_klogd+0xcc/0x110 [ 107.024355][ T1111] ? __list_add_valid_or_report+0xa4/0x130 [ 107.030143][ T1111] ? __list_add_valid_or_report+0xa3/0x130 [ 107.035930][ T1111] loop_process_work+0x1f96/0x21c0 [ 107.041026][ T1111] ? __pfx_validate_chain+0x10/0x10 [ 107.046222][ T1111] ? mark_lock+0x9a/0x360 [ 107.050544][ T1111] ? __lock_acquire+0x1397/0x2100 [ 107.055566][ T1111] ? __pfx_loop_process_work+0x10/0x10 [ 107.061034][ T1111] ? register_lock_class+0x102/0x980 [ 107.066306][ T1111] ? __pfx_register_lock_class+0x10/0x10 [ 107.071919][ T1111] ? mark_lock+0x9a/0x360 [ 107.076243][ T1111] ? debug_object_deactivate+0x2d5/0x390 [ 107.081853][ T1111] ? __lock_acquire+0x1397/0x2100 [ 107.086857][ T1111] ? do_raw_spin_unlock+0x13c/0x8b0 [ 107.092040][ T1111] ? __pfx_lock_acquire+0x10/0x10 [ 107.097043][ T1111] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 107.103437][ T1111] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 107.109749][ T1111] ? process_scheduled_works+0x9c6/0x18e0 [ 107.115448][ T1111] process_scheduled_works+0xabe/0x18e0 [ 107.120991][ T1111] ? __pfx_process_scheduled_works+0x10/0x10 [ 107.126950][ T1111] ? assign_work+0x364/0x3d0 [ 107.131519][ T1111] worker_thread+0x870/0xd30 [ 107.136089][ T1111] ? __kthread_parkme+0x169/0x1d0 [ 107.141094][ T1111] ? __pfx_worker_thread+0x10/0x10 [ 107.146186][ T1111] kthread+0x7a9/0x920 [ 107.150251][ T1111] ? __pfx_kthread+0x10/0x10 [ 107.154817][ T1111] ? __pfx_worker_thread+0x10/0x10 [ 107.159907][ T1111] ? __pfx_kthread+0x10/0x10 [ 107.164473][ T1111] ? __pfx_kthread+0x10/0x10 [ 107.169038][ T1111] ? __pfx_kthread+0x10/0x10 [ 107.173604][ T1111] ? _raw_spin_unlock_irq+0x23/0x50 [ 107.178782][ T1111] ? lockdep_hardirqs_on+0x99/0x150 [ 107.183960][ T1111] ? __pfx_kthread+0x10/0x10 [ 107.188525][ T1111] ret_from_fork+0x4b/0x80 [ 107.192922][ T1111] ? __pfx_kthread+0x10/0x10 [ 107.197486][ T1111] ret_from_fork_asm+0x1a/0x30 [ 107.202230][ T1111] [ 107.205226][ T1111] Modules linked in: [ 107.209109][ T1111] ---[ end trace 0000000000000000 ]--- [ 107.214539][ T1111] RIP: 0010:__list_add_valid_or_report+0xa4/0x130 [ 107.221043][ T1111] Code: f7 74 11 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 c7 c7 a0 59 81 8c 4c 89 fe 4c 89 e2 4c 89 f1 e8 0d e8 27 fc 90 <0f> 0b 48 c7 c7 a0 57 81 8c e8 fe e7 27 fc 90 0f 0b 48 c7 c7 40 58 [ 107.240624][ T1111] RSP: 0018:ffffc90003dff628 EFLAGS: 00010046 [ 107.246669][ T1111] RAX: 0000000000000058 RBX: 1ffff11004cb2fce RCX: fc49eacae7075700 [ 107.254618][ T1111] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 [ 107.262568][ T1111] RBP: 1ffff11028b50e2d R08: ffffffff81a170dc R09: 1ffff920007bfe60 [ 107.270519][ T1111] R10: dffffc0000000000 R11: fffff520007bfe61 R12: ffff888026597e70 [ 107.278485][ T1111] R13: dffffc0000000000 R14: ffff888145a87160 R15: ffff888026597e70 [ 107.286440][ T1111] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 107.295353][ T1111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.302018][ T1111] CR2: 00007f82fffff000 CR3: 0000000033b4a000 CR4: 00000000003526f0 [ 107.309970][ T1111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 107.317916][ T1111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 107.325872][ T1111] Kernel panic - not syncing: Fatal exception [ 108.419390][ T1111] Shutting down cpus with NMI [ 108.424428][ T1111] Kernel Offset: disabled [ 108.428743][ T1111] Rebooting in 86400 seconds..