./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1501351190 <...> Warning: Permanently added '10.128.0.15' (ED25519) to the list of known hosts. execve("./syz-executor1501351190", ["./syz-executor1501351190"], 0x7ffd5a05bcc0 /* 10 vars */) = 0 brk(NULL) = 0x5555934ed000 brk(0x5555934edd00) = 0x5555934edd00 arch_prctl(ARCH_SET_FS, 0x5555934ed380) = 0 set_tid_address(0x5555934ed650) = 5827 set_robust_list(0x5555934ed660, 24) = 0 rseq(0x5555934edca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1501351190", 4096) = 28 getrandom("\xe4\x34\x0a\xe2\x02\x8f\x42\x00", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555934edd00 brk(0x55559350ed00) = 0x55559350ed00 brk(0x55559350f000) = 0x55559350f000 mprotect(0x7ff1f3982000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached , child_tidptr=0x5555934ed650) = 5828 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] set_robust_list(0x5555934ed660, 24) = 0 [pid 5828] mkdir("./syzkaller.w2zcSR", 0700./strace-static-x86_64: Process 5829 attached ) = 0 [pid 5827] <... clone resumed>, child_tidptr=0x5555934ed650) = 5829 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] set_robust_list(0x5555934ed660, 24 [pid 5828] chmod("./syzkaller.w2zcSR", 0777 [pid 5829] <... set_robust_list resumed>) = 0 [pid 5828] <... chmod resumed>) = 0 [pid 5829] mkdir("./syzkaller.kvBy3g", 0700 [pid 5828] chdir("./syzkaller.w2zcSR") = 0 ./strace-static-x86_64: Process 5830 attached [pid 5829] <... mkdir resumed>) = 0 [pid 5828] mkdir("./0", 0777 [pid 5829] chmod("./syzkaller.kvBy3g", 0777) = 0 [pid 5827] <... clone resumed>, child_tidptr=0x5555934ed650) = 5830 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] set_robust_list(0x5555934ed660, 24 [pid 5829] chdir("./syzkaller.kvBy3g" [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5831 attached [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] <... chdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5827] <... clone resumed>, child_tidptr=0x5555934ed650) = 5831 [pid 5831] set_robust_list(0x5555934ed660, 24 [pid 5830] mkdir("./syzkaller.RbQEZg", 0700 [pid 5829] mkdir("./0", 0777 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5831] mkdir("./syzkaller.rLv1wk", 0700 [pid 5830] chmod("./syzkaller.RbQEZg", 0777./strace-static-x86_64: Process 5832 attached [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5827] <... clone resumed>, child_tidptr=0x5555934ed650) = 5832 [pid 5830] <... chmod resumed>) = 0 [pid 5828] close(3 [pid 5832] set_robust_list(0x5555934ed660, 24 [pid 5831] chmod("./syzkaller.rLv1wk", 0777 [pid 5830] chdir("./syzkaller.RbQEZg" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... set_robust_list resumed>) = 0 [pid 5831] <... chmod resumed>) = 0 [pid 5830] <... chdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5832] mkdir("./syzkaller.dEHiSU", 0700 [pid 5830] mkdir("./0", 0777 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] chdir("./syzkaller.rLv1wk"./strace-static-x86_64: Process 5833 attached [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... chdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] set_robust_list(0x5555934ed660, 24 [pid 5832] chmod("./syzkaller.dEHiSU", 0777 [pid 5831] mkdir("./0", 0777 [pid 5829] close(3 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x5555934ed660, 24 [pid 5833] chdir("./0" [pid 5832] <... chmod resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... openat resumed>) = 3 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5833] <... chdir resumed>) = 0 [pid 5832] chdir("./syzkaller.dEHiSU" [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5835] chdir("./0" [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5835 [pid 5833] <... prctl resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5835] <... chdir resumed>) = 0 [pid 5833] setpgid(0, 0 [pid 5832] mkdir("./0", 0777 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... setpgid resumed>) = 0 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5835] <... prctl resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5835] setpgid(0, 0) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached ./strace-static-x86_64: Process 5836 attached [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5836 [pid 5837] set_robust_list(0x5555934ed660, 24 [pid 5836] set_robust_list(0x5555934ed660, 24 [pid 5833] write(3, "1000", 4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5837 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] <... openat resumed>) = 3 [pid 5833] <... write resumed>) = 4 [pid 5837] chdir("./0" [pid 5836] chdir("./0" [pid 5833] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 5837] <... chdir resumed>) = 0 [pid 5836] <... chdir resumed>) = 0 [pid 5835] write(3, "1000", 4executing program [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5835] <... write resumed>) = 4 [pid 5833] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5835] close(3 [pid 5833] <... symlink resumed>) = 0 [pid 5832] close(3 [pid 5835] <... close resumed>) = 0 [pid 5833] write(1, "executing program\n", 18 [pid 5832] <... close resumed>) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... write resumed>) = 18 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5835] <... symlink resumed>) = 0 [pid 5837] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5838 attached [pid 5837] setpgid(0, 0 [pid 5836] <... prctl resumed>) = 0 [pid 5833] memfd_create("syzkaller", 0 [pid 5837] <... setpgid resumed>) = 0 [pid 5836] setpgid(0, 0 [pid 5833] <... memfd_create resumed>) = 3 [pid 5838] set_robust_list(0x5555934ed660, 24 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... setpgid resumed>) = 0 [pid 5833] <... mmap resumed>) = 0x7ff1eb400000 [pid 5837] <... openat resumed>) = 3 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... set_robust_list resumed>) = 0 [pid 5835] write(1, "executing program\n", 18executing program ) = 18 [pid 5836] <... openat resumed>) = 3 [pid 5835] memfd_create("syzkaller", 0 [pid 5838] chdir("./0" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5838 [pid 5835] <... memfd_create resumed>) = 3 [pid 5838] <... chdir resumed>) = 0 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0 [pid 5836] write(3, "1000", 4 [pid 5838] <... setpgid resumed>) = 0 executing program [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] write(3, "1000", 4 [pid 5836] <... write resumed>) = 4 [pid 5838] <... openat resumed>) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5838] write(1, "executing program\n", 18) = 18 [pid 5838] memfd_create("syzkaller", 0 [pid 5837] <... write resumed>) = 4 [pid 5836] close(3 [pid 5838] <... memfd_create resumed>) = 3 [pid 5837] close(3 [pid 5836] <... close resumed>) = 0 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] <... close resumed>) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs" [pid 5833] <... write resumed>) = 524288 [pid 5837] symlink("/dev/binderfs", "./binderfs" [pid 5838] <... mmap resumed>) = 0x7ff1eb400000 [pid 5836] <... symlink resumed>) = 0 executing program executing program [pid 5837] <... symlink resumed>) = 0 [pid 5836] write(1, "executing program\n", 18 [pid 5837] write(1, "executing program\n", 18 [pid 5836] <... write resumed>) = 18 [pid 5837] <... write resumed>) = 18 [pid 5836] memfd_create("syzkaller", 0 [pid 5837] memfd_create("syzkaller", 0) = 3 [pid 5836] <... memfd_create resumed>) = 3 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] <... mmap resumed>) = 0x7ff1eb400000 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5836] <... mmap resumed>) = 0x7ff1eb400000 [pid 5833] munmap(0x7ff1eb400000, 138412032 [pid 5835] <... write resumed>) = 524288 [pid 5833] <... munmap resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] <... write resumed>) = 524288 [pid 5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5835] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5833] ioctl(4, LOOP_SET_FD, 3 [pid 5838] munmap(0x7ff1eb400000, 138412032 [pid 5837] <... write resumed>) = 524288 [pid 5836] <... write resumed>) = 524288 [pid 5835] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3 [pid 5836] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5838] <... munmap resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5836] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] ioctl(4, LOOP_SET_FD, 3 [pid 5836] <... openat resumed>) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3 [pid 5837] munmap(0x7ff1eb400000, 138412032 [pid 5835] <... ioctl resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file1", 0777) = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5837] <... munmap resumed>) = 0 [pid 5836] <... ioctl resumed>) = 0 [pid 5835] close(3) = 0 [pid 5838] close(3 [pid 5837] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5836] close(3 [pid 5835] close(4 [pid 5833] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5838] <... close resumed>) = 0 [pid 5838] close(4) = 0 [pid 5838] mkdir("./file1", 0777) = 0 [pid 5835] <... close resumed>) = 0 [pid 5835] mkdir("./file1", 0777) = 0 [pid 5838] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5837] <... openat resumed>) = 4 [pid 5836] <... close resumed>) = 0 [ 90.865853][ T5833] loop0: detected capacity change from 0 to 1024 [ 90.875460][ T5835] loop1: detected capacity change from 0 to 1024 [ 90.886343][ T5838] loop4: detected capacity change from 0 to 1024 [ 90.895670][ T5836] loop2: detected capacity change from 0 to 1024 [pid 5836] close(4) = 0 [pid 5836] mkdir("./file1", 0777) = 0 [pid 5837] ioctl(4, LOOP_SET_FD, 3 [pid 5836] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5835] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5837] <... ioctl resumed>) = 0 [pid 5837] close(3) = 0 [pid 5837] close(4 [pid 5833] <... mount resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5837] mkdir("./file1", 0777 [pid 5833] <... openat resumed>) = 3 [pid 5837] <... mkdir resumed>) = 0 [pid 5836] <... mount resumed>) = 0 [pid 5833] chdir("./file1" [pid 5838] <... mount resumed>) = 0 [pid 5836] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5835] <... mount resumed>) = 0 [pid 5833] <... chdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5837] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5836] <... openat resumed>) = 3 [pid 5835] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [ 90.953764][ T5837] loop3: detected capacity change from 0 to 1024 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5838] <... openat resumed>) = 3 [pid 5836] chdir("./file1" [pid 5835] <... openat resumed>) = 3 [pid 5833] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] chdir("./file1" [pid 5836] <... chdir resumed>) = 0 [pid 5835] chdir("./file1" [pid 5838] <... chdir resumed>) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5835] <... chdir resumed>) = 0 [pid 5838] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5835] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5836] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5835] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5833] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5836] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5835] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5837] <... mount resumed>) = 0 [pid 5835] <... link resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] sync( [pid 5837] chdir("./file1") = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5838] <... link resumed>) = 0 [pid 5833] <... link resumed>) = 0 [pid 5838] sync( [pid 5836] <... link resumed>) = 0 [pid 5836] sync( [pid 5833] sync( [pid 5837] <... link resumed>) = 0 [pid 5837] sync() = 0 [pid 5836] <... sync resumed>) = 0 [pid 5835] <... sync resumed>) = 0 [pid 5838] <... sync resumed>) = 0 [pid 5837] exit_group(0 [pid 5836] exit_group(0 [pid 5835] exit_group(0 [pid 5838] exit_group(0 [pid 5837] <... exit_group resumed>) = ? [pid 5836] <... exit_group resumed>) = ? [pid 5833] <... sync resumed>) = 0 [pid 5838] <... exit_group resumed>) = ? [pid 5835] <... exit_group resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5832] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5833] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... exit_group resumed>) = ? [pid 5832] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(3, "", [pid 5830] <... openat resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5833] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 5829] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] getdents64(3, [pid 5829] <... openat resumed>) = 3 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5828] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", [pid 5832] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 5832] newfstatat(AT_FDCWD, "./0/file1", [pid 5831] newfstatat(AT_FDCWD, "./0/file1", [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/file1", [pid 5832] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./0/file1", [pid 5832] newfstatat(4, "", [pid 5831] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(4, "", [pid 5832] getdents64(4, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 5829] newfstatat(4, "", [pid 5832] close(4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] close(4 [pid 5830] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] rmdir("./0/file1" [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(4, [pid 5832] <... rmdir resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] rmdir("./0/file1" [pid 5828] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5832] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] getdents64(4, [pid 5829] close(4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./0/file1", [pid 5832] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, [pid 5829] rmdir("./0/file1" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] unlink("./0/binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(4 [pid 5828] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./0/binderfs" [pid 5830] rmdir("./0/file1" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5828] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(3, [pid 5831] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] unlink("./0/binderfs" [pid 5828] newfstatat(4, "", [pid 5832] close(3 [pid 5831] close(3 [pid 5830] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... unlink resumed>) = 0 [pid 5828] getdents64(4, [pid 5832] rmdir("./0" [pid 5831] rmdir("./0" [pid 5830] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5829] getdents64(3, [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5832] mkdir("./1", 0777 [pid 5831] mkdir("./1", 0777 [pid 5830] unlink("./0/binderfs" [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(4, [pid 5829] rmdir("./0" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] close(4) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] getdents64(3, [pid 5829] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] rmdir("./0/file1" [pid 5830] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5829] mkdir("./1", 0777 [pid 5830] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] rmdir("./0" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... mkdir resumed>) = 0 [pid 5828] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... ioctl resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] close(3 [pid 5831] close(3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] mkdir("./1", 0777) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] unlink("./0/binderfs" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5842 attached [pid 5842] set_robust_list(0x5555934ed660, 24 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5842 [pid 5830] <... openat resumed>) = 3 [pid 5829] close(3 [pid 5828] getdents64(3, [pid 5842] <... set_robust_list resumed>) = 0 [pid 5842] chdir("./1"./strace-static-x86_64: Process 5843 attached ) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5843] set_robust_list(0x5555934ed660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5843 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... close resumed>) = 0 [pid 5828] close(3 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5843] chdir("./1" [pid 5828] rmdir("./0" [pid 5843] <... chdir resumed>) = 0 [pid 5842] <... prctl resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] setpgid(0, 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached [pid 5843] <... prctl resumed>) = 0 [pid 5842] <... setpgid resumed>) = 0 [pid 5828] mkdir("./1", 0777 [pid 5844] set_robust_list(0x5555934ed660, 24 [pid 5843] setpgid(0, 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5844 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5843] <... setpgid resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5844] chdir("./1" [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5845 [pid 5828] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5845 attached [pid 5844] <... chdir resumed>) = 0 [pid 5843] <... openat resumed>) = 3 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] write(3, "1000", 4 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5844] <... prctl resumed>) = 0 [pid 5843] <... write resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs" [pid 5845] set_robust_list(0x5555934ed660, 24 [pid 5843] <... symlink resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(1, "executing program\n", 18 executing program [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5844] write(3, "1000", 4 [pid 5843] <... write resumed>) = 18 [pid 5828] <... ioctl resumed>) = 0 [pid 5844] <... write resumed>) = 4 [pid 5843] memfd_create("syzkaller", 0 [pid 5828] close(3 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5842] write(3, "1000", 4 [pid 5844] close(3 [pid 5842] <... write resumed>) = 4 [pid 5845] chdir("./1" [pid 5844] <... close resumed>) = 0 [pid 5843] <... memfd_create resumed>) = 3 [pid 5844] symlink("/dev/binderfs", "./binderfs" [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] close(3 [pid 5845] <... chdir resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5842] symlink("/dev/binderfs", "./binderfs" [pid 5844] <... symlink resumed>) = 0 [pid 5843] <... mmap resumed>) = 0x7ff1eb400000 [pid 5845] <... prctl resumed>) = 0 [pid 5842] <... symlink resumed>) = 0 executing program [pid 5842] write(1, "executing program\n", 18 [pid 5845] setpgid(0, 0 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5842] <... write resumed>) = 18 [pid 5845] <... setpgid resumed>) = 0 [pid 5844] write(1, "executing program\n", 18) = 18 [pid 5842] memfd_create("syzkaller", 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5844] memfd_create("syzkaller", 0 [pid 5842] <... memfd_create resumed>) = 3 [pid 5844] <... memfd_create resumed>) = 3 [pid 5845] <... openat resumed>) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5846 attached [pid 5845] write(3, "1000", 4 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... mmap resumed>) = 0x7ff1eb400000 [pid 5844] <... mmap resumed>) = 0x7ff1eb400000 [pid 5845] <... write resumed>) = 4 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] close(3 [pid 5846] set_robust_list(0x5555934ed660, 24) = 0 [pid 5846] chdir("./1" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5846 [pid 5846] <... chdir resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5843] <... write resumed>) = 524288 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs" [pid 5845] symlink("/dev/binderfs", "./binderfs"executing program [pid 5846] <... symlink resumed>) = 0 [pid 5845] <... symlink resumed>) = 0 [pid 5846] write(1, "executing program\n", 18) = 18 [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5844] <... write resumed>) = 524288 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5843] munmap(0x7ff1eb400000, 138412032 [pid 5845] write(1, "executing program\n", 18 [pid 5844] munmap(0x7ff1eb400000, 138412032 [pid 5842] <... write resumed>) = 524288 executing program [pid 5845] <... write resumed>) = 18 [pid 5842] munmap(0x7ff1eb400000, 138412032 [pid 5845] memfd_create("syzkaller", 0 [pid 5844] <... munmap resumed>) = 0 [pid 5843] <... munmap resumed>) = 0 [pid 5845] <... memfd_create resumed>) = 3 [pid 5842] <... munmap resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5844] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5846] <... write resumed>) = 524288 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5844] <... openat resumed>) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... mmap resumed>) = 0x7ff1eb400000 [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5842] close(3 [pid 5846] munmap(0x7ff1eb400000, 138412032 [pid 5842] <... close resumed>) = 0 [pid 5842] close(4 [pid 5846] <... munmap resumed>) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... write resumed>) = 524288 [pid 5844] close(3 [pid 5842] <... close resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5842] mkdir("./file1", 0777 [pid 5844] close(4) = 0 [pid 5844] mkdir("./file1", 0777) = 0 [pid 5844] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5842] <... mkdir resumed>) = 0 [pid 5843] <... ioctl resumed>) = 0 [pid 5846] <... ioctl resumed>) = 0 [pid 5845] munmap(0x7ff1eb400000, 138412032 [pid 5842] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5845] <... munmap resumed>) = 0 [pid 5846] close(3 [pid 5843] close(3 [pid 5846] <... close resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... close resumed>) = 0 [ 91.735673][ T5842] loop3: detected capacity change from 0 to 1024 [ 91.735940][ T5843] loop4: detected capacity change from 0 to 1024 [ 91.749493][ T5844] loop2: detected capacity change from 0 to 1024 [ 91.773349][ T5846] loop0: detected capacity change from 0 to 1024 [pid 5845] <... openat resumed>) = 4 [pid 5842] <... mount resumed>) = 0 [pid 5845] ioctl(4, LOOP_SET_FD, 3 [pid 5846] close(4 [pid 5843] close(4 [pid 5846] <... close resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5846] mkdir("./file1", 0777 [pid 5843] mkdir("./file1", 0777 [pid 5846] <... mkdir resumed>) = 0 [pid 5843] <... mkdir resumed>) = 0 [pid 5843] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5846] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5842] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5845] <... ioctl resumed>) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file1", 0777 [pid 5846] <... mount resumed>) = 0 [pid 5846] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5843] <... mount resumed>) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5843] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] chdir("./file1" [pid 5845] <... mkdir resumed>) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5843] chdir("./file1" [pid 5844] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5845] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5843] <... chdir resumed>) = 0 [pid 5846] <... chdir resumed>) = 0 [pid 5844] <... openat resumed>) = 3 [pid 5843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5844] chdir("./file1" [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5844] <... chdir resumed>) = 0 [pid 5846] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5843] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5844] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5842] <... openat resumed>) = 3 [ 91.811858][ T5845] loop1: detected capacity change from 0 to 1024 [pid 5844] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5842] chdir("./file1") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5846] <... link resumed>) = 0 [pid 5843] <... link resumed>) = 0 [pid 5843] sync( [pid 5846] sync( [pid 5845] <... mount resumed>) = 0 [pid 5844] <... link resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5844] sync( [pid 5845] <... openat resumed>) = 3 [pid 5845] chdir("./file1" [pid 5842] <... link resumed>) = 0 [pid 5845] <... chdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5842] sync( [pid 5845] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5845] sync( [pid 5844] <... sync resumed>) = 0 [pid 5842] <... sync resumed>) = 0 [pid 5846] <... sync resumed>) = 0 [pid 5843] <... sync resumed>) = 0 [pid 5845] <... sync resumed>) = 0 [pid 5843] exit_group(0) = ? [pid 5844] exit_group(0 [pid 5846] exit_group(0 [pid 5845] exit_group(0 [pid 5844] <... exit_group resumed>) = ? [pid 5843] +++ exited with 0 +++ [pid 5842] exit_group(0 [pid 5845] <... exit_group resumed>) = ? [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5846] <... exit_group resumed>) = ? [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5842] <... exit_group resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5832] <... restart_syscall resumed>) = 0 [pid 5844] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5846] +++ exited with 0 +++ [pid 5830] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] <... openat resumed>) = 3 [pid 5829] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(3, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(3, "", [pid 5831] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(3, "", [pid 5832] getdents64(3, [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] newfstatat(3, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5828] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./1/file1", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5828] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./1/file1", [pid 5828] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] newfstatat(AT_FDCWD, "./1/file1", [pid 5831] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(4, "", [pid 5831] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 5831] newfstatat(4, "", [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 5831] getdents64(4, [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] close(4 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5831] close(4 [pid 5832] close(4 [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./1/file1", [pid 5829] <... openat resumed>) = 4 [pid 5828] rmdir("./1/file1" [pid 5831] rmdir("./1/file1" [pid 5832] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] newfstatat(4, "", [pid 5828] <... rmdir resumed>) = 0 [pid 5831] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./1/file1" [pid 5831] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5830] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5831] unlink("./1/binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(4, [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] unlink("./1/binderfs" [pid 5832] <... rmdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... openat resumed>) = 4 [pid 5829] getdents64(4, [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(4, "", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] close(4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5830] getdents64(4, [pid 5829] <... close resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] rmdir("./1/file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./1" [pid 5829] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, [pid 5832] unlink("./1/binderfs" [pid 5830] getdents64(4, [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] mkdir("./2", 0777 [pid 5830] close(4 [pid 5828] close(3 [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5830] rmdir("./1/file1" [pid 5829] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] close(3 [pid 5829] unlink("./1/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5828] rmdir("./1" [pid 5832] rmdir("./1" [pid 5830] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... unlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./2", 0777 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5829] getdents64(3, [pid 5828] <... mkdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] mkdir("./2", 0777 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] unlink("./1/binderfs" [pid 5829] close(3 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 5830] getdents64(3, [pid 5829] rmdir("./1" [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./1" [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] mkdir("./2", 0777 [pid 5832] <... ioctl resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5832] close(3 [pid 5830] mkdir("./2", 0777 [pid 5828] <... ioctl resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] close(3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5828] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached ./strace-static-x86_64: Process 5848 attached [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... openat resumed>) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] set_robust_list(0x5555934ed660, 24 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5849 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3./strace-static-x86_64: Process 5850 attached [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] set_robust_list(0x5555934ed660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5850 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5848 [pid 5829] <... close resumed>) = 0 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5848] chdir("./2") = 0 [pid 5850] set_robust_list(0x5555934ed660, 24 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] <... set_robust_list resumed>) = 0 [pid 5848] <... prctl resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5851 [pid 5850] chdir("./2" [pid 5848] setpgid(0, 0./strace-static-x86_64: Process 5851 attached [pid 5850] <... chdir resumed>) = 0 [pid 5849] chdir("./2" [pid 5848] <... setpgid resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0 [pid 5848] <... openat resumed>) = 3 [pid 5851] set_robust_list(0x5555934ed660, 24 [pid 5850] <... setpgid resumed>) = 0 [pid 5849] <... chdir resumed>) = 0 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] chdir("./2" [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... prctl resumed>) = 0 [pid 5848] write(3, "1000", 4 [pid 5851] <... chdir resumed>) = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] setpgid(0, 0 [pid 5848] <... write resumed>) = 4 [pid 5851] <... prctl resumed>) = 0 [pid 5849] <... setpgid resumed>) = 0 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs" [pid 5851] setpgid(0, 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... symlink resumed>) = 0 [pid 5851] <... setpgid resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] <... openat resumed>) = 3 [pid 5849] <... openat resumed>) = 3 [pid 5848] write(1, "executing program\n", 18 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5851] <... openat resumed>) = 3 [pid 5849] write(3, "1000", 4./strace-static-x86_64: Process 5852 attached [pid 5851] write(3, "1000", 4 [pid 5849] <... write resumed>) = 4 [pid 5851] <... write resumed>) = 4 [pid 5849] close(3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5852 executing program [pid 5848] <... write resumed>) = 18 [pid 5851] close(3 [pid 5849] <... close resumed>) = 0 [pid 5848] memfd_create("syzkaller", 0 [pid 5852] set_robust_list(0x5555934ed660, 24 [pid 5849] symlink("/dev/binderfs", "./binderfs" [pid 5851] <... close resumed>) = 0 executing program [pid 5852] <... set_robust_list resumed>) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs" [pid 5850] write(3, "1000", 4 [pid 5849] <... symlink resumed>) = 0 [pid 5848] <... memfd_create resumed>) = 3 [pid 5850] <... write resumed>) = 4 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... symlink resumed>) = 0 [pid 5850] close(3 [pid 5849] write(1, "executing program\n", 18 [pid 5848] <... mmap resumed>) = 0x7ff1eb400000 [pid 5852] chdir("./2" executing program [pid 5851] write(1, "executing program\n", 18 [pid 5849] <... write resumed>) = 18 [pid 5851] <... write resumed>) = 18 [pid 5849] memfd_create("syzkaller", 0 [pid 5852] <... chdir resumed>) = 0 [pid 5851] memfd_create("syzkaller", 0 [pid 5850] <... close resumed>) = 0 [pid 5849] <... memfd_create resumed>) = 3 [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5850] symlink("/dev/binderfs", "./binderfs" [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] <... memfd_create resumed>) = 3 [pid 5850] <... symlink resumed>) = 0 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 5852] <... prctl resumed>) = 0 [pid 5850] write(1, "executing program\n", 18) = 18 [pid 5852] setpgid(0, 0 [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] memfd_create("syzkaller", 0 [pid 5849] <... mmap resumed>) = 0x7ff1eb400000 [pid 5852] <... setpgid resumed>) = 0 [pid 5851] <... mmap resumed>) = 0x7ff1eb400000 [pid 5850] <... memfd_create resumed>) = 3 [pid 5848] <... write resumed>) = 524288 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5852] write(3, "1000", 4 [pid 5848] munmap(0x7ff1eb400000, 138412032 [pid 5852] <... write resumed>) = 4 [pid 5848] <... munmap resumed>) = 0 [pid 5852] close(3 [pid 5848] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5852] <... close resumed>) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) executing program [pid 5852] write(1, "executing program\n", 18 [pid 5848] ioctl(4, LOOP_CLR_FD [pid 5852] <... write resumed>) = 18 [pid 5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] <... ioctl resumed>) = 0 [pid 5852] memfd_create("syzkaller", 0 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] <... memfd_create resumed>) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] ioctl(4, LOOP_SET_FD, 3 [pid 5852] <... mmap resumed>) = 0x7ff1eb400000 [pid 5848] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5850] <... mmap resumed>) = 0x7ff1eb400000 [pid 5848] close(4 [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5851] <... write resumed>) = 524288 [pid 5849] <... write resumed>) = 524288 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5851] munmap(0x7ff1eb400000, 138412032 [pid 5850] <... write resumed>) = 524288 [pid 5848] <... close resumed>) = 0 [pid 5850] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5852] <... write resumed>) = 524288 [pid 5851] <... munmap resumed>) = 0 [pid 5849] munmap(0x7ff1eb400000, 138412032 [pid 5848] close(3 [pid 5850] <... openat resumed>) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] <... close resumed>) = 0 [pid 5852] munmap(0x7ff1eb400000, 138412032 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] <... munmap resumed>) = 0 [pid 5852] <... munmap resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5851] ioctl(4, LOOP_SET_FD, 3 [pid 5848] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5849] <... openat resumed>) = 4 [pid 5852] <... openat resumed>) = 4 [pid 5850] close(3 [pid 5849] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5852] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... close resumed>) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file1", 0777) = 0 [pid 5850] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5848] sync( [pid 5851] <... ioctl resumed>) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5849] <... ioctl resumed>) = 0 [pid 5852] close(3) = 0 [pid 5849] close(3 [pid 5852] close(4 [pid 5851] close(3 [pid 5849] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5849] close(4 [pid 5852] mkdir("./file1", 0777 [pid 5851] <... close resumed>) = 0 [pid 5850] <... mount resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5848] <... sync resumed>) = 0 [pid 5851] close(4) = 0 [pid 5848] exit_group(0 [pid 5849] mkdir("./file1", 0777 [pid 5848] <... exit_group resumed>) = ? [pid 5851] mkdir("./file1", 0777) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file1") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] +++ exited with 0 +++ [pid 5852] <... mkdir resumed>) = 0 [pid 5850] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 92.261130][ T5850] loop4: detected capacity change from 0 to 1024 [ 92.279347][ T5851] loop3: detected capacity change from 0 to 1024 [ 92.288168][ T5849] loop0: detected capacity change from 0 to 1024 [ 92.295118][ T5852] loop1: detected capacity change from 0 to 1024 [pid 5850] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5851] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5852] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5849] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5849] <... openat resumed>) = 3 [pid 5849] chdir("./file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] <... chdir resumed>) = 0 [pid 5830] unlink("./2/binderfs" [pid 5850] <... link resumed>) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... unlink resumed>) = 0 [pid 5850] sync( [pid 5830] getdents64(3, [pid 5849] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5849] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] close(3) = 0 [pid 5830] rmdir("./2" [pid 5852] <... mount resumed>) = 0 [pid 5851] <... mount resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5851] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] mkdir("./3", 0777 [pid 5852] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5851] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5852] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5851] chdir("./file1") = 0 [pid 5830] <... openat resumed>) = 3 [pid 5851] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5852] chdir("./file1" [pid 5851] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5849] <... link resumed>) = 0 [pid 5849] sync( [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached [pid 5852] <... chdir resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5853 [pid 5853] set_robust_list(0x5555934ed660, 24) = 0 [pid 5852] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5853] chdir("./3" [pid 5852] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5851] <... link resumed>) = 0 [pid 5853] <... chdir resumed>) = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] sync( [pid 5850] <... sync resumed>) = 0 [pid 5849] <... sync resumed>) = 0 [pid 5850] exit_group(0 [pid 5849] exit_group(0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5849] <... exit_group resumed>) = ? [pid 5850] <... exit_group resumed>) = ? [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5849] +++ exited with 0 +++ [pid 5853] <... symlink resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5853] write(1, "executing program\n", 18 [pid 5850] +++ exited with 0 +++ [pid 5828] <... restart_syscall resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5828] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5853] <... write resumed>) = 18 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] <... link resumed>) = 0 [pid 5853] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5852] sync( [pid 5832] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5851] <... sync resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5851] exit_group(0) = ? [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5851] +++ exited with 0 +++ [pid 5832] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5853] <... write resumed>) = 524288 [pid 5852] <... sync resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5852] exit_group(0 [pid 5831] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5852] <... exit_group resumed>) = ? [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./2/file1", [pid 5832] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5853] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(AT_FDCWD, "./2/file1", [pid 5831] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./2/file1", [pid 5828] newfstatat(4, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] newfstatat(4, "", [pid 5832] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] getdents64(4, [pid 5832] newfstatat(4, "", [pid 5831] getdents64(4, [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] close(4) = 0 [pid 5831] getdents64(4, [pid 5828] rmdir("./2/file1" [pid 5829] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5831] rmdir("./2/file1" [pid 5828] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(4, [pid 5828] unlink("./2/binderfs" [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... unlink resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(3, [pid 5853] <... ioctl resumed>) = 0 [pid 5853] close(3) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5831] unlink("./2/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./2/file1" [pid 5853] close(4) = 0 [pid 5829] close(4 [pid 5853] mkdir("./file1", 0777 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5853] <... mkdir resumed>) = 0 [pid 5832] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... unlink resumed>) = 0 [pid 5828] close(3 [pid 5829] rmdir("./2/file1" [pid 5828] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, [pid 5829] <... rmdir resumed>) = 0 [pid 5828] rmdir("./2" [pid 5853] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5831] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./2" [pid 5828] mkdir("./3", 0777 [pid 5829] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./2/binderfs" [pid 5828] <... mkdir resumed>) = 0 [ 92.526300][ T5853] loop2: detected capacity change from 0 to 1024 [pid 5832] unlink("./2/binderfs" [pid 5831] mkdir("./3", 0777 [pid 5829] <... unlink resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 5832] getdents64(3, [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] close(3 [pid 5828] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5829] <... close resumed>) = 0 [pid 5828] close(3 [pid 5829] rmdir("./2" [pid 5853] <... mount resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5829] mkdir("./3", 0777 [pid 5832] <... close resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5853] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] rmdir("./2") = 0 [pid 5853] <... openat resumed>) = 3 [pid 5832] mkdir("./3", 0777./strace-static-x86_64: Process 5854 attached [pid 5853] chdir("./file1" [pid 5832] <... mkdir resumed>) = 0 [pid 5853] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5853] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5854 [pid 5832] <... openat resumed>) = 3 [pid 5853] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... openat resumed>) = 3 [pid 5853] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] close(3 [pid 5832] close(3 [pid 5854] set_robust_list(0x5555934ed660, 24 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5854] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5855 attached [pid 5854] chdir("./3" [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5855 [pid 5855] set_robust_list(0x5555934ed660, 24) = 0 [pid 5854] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5853] <... link resumed>) = 0 [pid 5855] chdir("./3") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5853] sync( [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0 [pid 5854] <... prctl resumed>) = 0 [pid 5855] <... setpgid resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] setpgid(0, 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 ./strace-static-x86_64: Process 5857 attached ./strace-static-x86_64: Process 5856 attached [pid 5855] symlink("/dev/binderfs", "./binderfs" [pid 5854] <... setpgid resumed>) = 0 executing program [pid 5855] <... symlink resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5857] set_robust_list(0x5555934ed660, 24 [pid 5856] set_robust_list(0x5555934ed660, 24 [pid 5854] <... openat resumed>) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5857 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5856 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5855] write(1, "executing program\n", 18 [pid 5854] write(3, "1000", 4) = 4 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5854] close(3 [pid 5855] <... write resumed>) = 18 [pid 5857] chdir("./3" [pid 5855] memfd_create("syzkaller", 0 [pid 5854] <... close resumed>) = 0 [pid 5857] <... chdir resumed>) = 0 [pid 5856] chdir("./3" [pid 5854] symlink("/dev/binderfs", "./binderfs" [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] <... chdir resumed>) = 0 [pid 5855] <... memfd_create resumed>) = 3 [pid 5854] <... symlink resumed>) = 0 executing program [pid 5857] setpgid(0, 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5854] write(1, "executing program\n", 18 [pid 5857] <... setpgid resumed>) = 0 [pid 5853] <... sync resumed>) = 0 [pid 5854] <... write resumed>) = 18 [pid 5856] <... prctl resumed>) = 0 [pid 5855] <... mmap resumed>) = 0x7ff1eb400000 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5856] setpgid(0, 0 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5854] memfd_create("syzkaller", 0 [pid 5853] exit_group(0 [pid 5856] <... setpgid resumed>) = 0 [pid 5854] <... memfd_create resumed>) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] <... openat resumed>) = 3 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5854] <... mmap resumed>) = 0x7ff1eb400000 [pid 5853] <... exit_group resumed>) = ? [pid 5856] <... openat resumed>) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3 [pid 5855] <... write resumed>) = 524288 [pid 5856] <... close resumed>) = 0 executing program [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] write(1, "executing program\n", 18) = 18 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5853] +++ exited with 0 +++ [pid 5857] write(3, "1000", 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5855] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5857] <... write resumed>) = 4 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5855] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5857] close(3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5830] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5857] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... symlink resumed>) = 0 [pid 5855] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 5857] write(1, "executing program\n", 18 [pid 5830] newfstatat(3, "", executing program [pid 5856] <... write resumed>) = 524288 [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5854] <... write resumed>) = 524288 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5857] <... write resumed>) = 18 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5856] munmap(0x7ff1eb400000, 138412032 [pid 5830] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5857] memfd_create("syzkaller", 0) = 3 [pid 5856] <... munmap resumed>) = 0 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3 [pid 5854] munmap(0x7ff1eb400000, 138412032 [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5854] <... munmap resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5855] <... ioctl resumed>) = 0 [pid 5856] <... ioctl resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] close(3 [pid 5855] close(3 [pid 5856] <... close resumed>) = 0 [pid 5855] <... close resumed>) = 0 [pid 5856] close(4 [pid 5855] close(4 [pid 5856] <... close resumed>) = 0 [pid 5855] <... close resumed>) = 0 [pid 5856] mkdir("./file1", 0777 [pid 5855] mkdir("./file1", 0777 [pid 5856] <... mkdir resumed>) = 0 [pid 5855] <... mkdir resumed>) = 0 [pid 5856] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5855] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5854] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5857] <... write resumed>) = 524288 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5855] <... mount resumed>) = 0 [ 92.722464][ T5855] loop1: detected capacity change from 0 to 1024 [ 92.738282][ T5856] loop3: detected capacity change from 0 to 1024 [pid 5855] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file1") = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5855] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5856] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] newfstatat(4, "", [pid 5856] chdir("./file1") = 0 [pid 5857] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5856] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5855] <... link resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5857] <... munmap resumed>) = 0 [pid 5856] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 5857] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5856] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5855] sync( [pid 5854] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5857] <... openat resumed>) = 4 [pid 5830] rmdir("./3/file1" [pid 5854] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5854] <... close resumed>) = 0 [pid 5830] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5854] close(4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5854] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5854] mkdir("./file1", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5854] <... mkdir resumed>) = 0 [pid 5830] unlink("./3/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./3") = 0 [pid 5830] mkdir("./4", 0777 [pid 5854] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5856] <... link resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [ 92.774715][ T5854] loop0: detected capacity change from 0 to 1024 [ 92.815123][ T5857] loop4: detected capacity change from 0 to 1024 [pid 5856] sync( [pid 5857] <... ioctl resumed>) = 0 [pid 5857] close(3 [pid 5854] <... mount resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5857] close(4 [pid 5855] <... sync resumed>) = 0 [pid 5854] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5857] <... close resumed>) = 0 [pid 5855] exit_group(0 [pid 5854] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5855] <... exit_group resumed>) = ? [pid 5854] chdir("./file1" [pid 5857] mkdir("./file1", 0777) = 0 [pid 5854] <... chdir resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5857] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5854] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached [pid 5856] <... sync resumed>) = 0 [pid 5856] exit_group(0 [pid 5858] set_robust_list(0x5555934ed660, 24 [pid 5856] <... exit_group resumed>) = ? [pid 5858] <... set_robust_list resumed>) = 0 [pid 5858] chdir("./4" [pid 5855] +++ exited with 0 +++ [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5858 [pid 5858] <... chdir resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5856] +++ exited with 0 +++ [pid 5829] <... restart_syscall resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5858] <... openat resumed>) = 3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5858] write(3, "1000", 4 [pid 5854] <... link resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5858] <... write resumed>) = 4 [pid 5854] sync( [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5858] close(3 [pid 5831] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5858] <... close resumed>) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5858] <... symlink resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... openat resumed>) = 3 [pid 5829] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(3, "", executing program [pid 5858] write(1, "executing program\n", 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5858] <... write resumed>) = 18 [pid 5831] getdents64(3, [pid 5858] memfd_create("syzkaller", 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5858] <... memfd_create resumed>) = 3 [pid 5831] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5829] <... umount2 resumed>) = 0 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5857] <... mount resumed>) = 0 [pid 5857] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5858] <... write resumed>) = 524288 [pid 5857] chdir("./file1" [pid 5831] <... umount2 resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5858] munmap(0x7ff1eb400000, 138412032 [pid 5857] <... chdir resumed>) = 0 [pid 5831] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5858] <... munmap resumed>) = 0 [pid 5829] rmdir("./3/file1" [pid 5857] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5857] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5858] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5857] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5858] <... openat resumed>) = 4 [pid 5854] <... sync resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 4 [pid 5829] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./3/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5858] ioctl(4, LOOP_SET_FD, 3 [pid 5854] exit_group(0 [pid 5831] newfstatat(4, "", [pid 5829] close(3 [pid 5854] <... exit_group resumed>) = ? [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./3" [pid 5831] getdents64(4, [pid 5829] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5858] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] mkdir("./4", 0777 [pid 5831] close(4 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./3/file1" [pid 5854] +++ exited with 0 +++ [pid 5831] <... rmdir resumed>) = 0 [pid 5857] <... link resumed>) = 0 [pid 5858] close(3) = 0 [pid 5831] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5858] close(4 [pid 5857] sync( [pid 5831] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5858] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5858] mkdir("./file1", 0777 [pid 5831] unlink("./3/binderfs") = 0 [pid 5858] <... mkdir resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555934ed650) = 5859 ./strace-static-x86_64: Process 5859 attached [pid 5859] set_robust_list(0x5555934ed660, 24) = 0 [pid 5859] chdir("./4" [pid 5858] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] getdents64(3, [pid 5859] <... chdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 93.000331][ T5858] loop2: detected capacity change from 0 to 1024 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5858] <... mount resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] <... prctl resumed>) = 0 [pid 5858] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] rmdir("./3" [pid 5828] <... openat resumed>) = 3 [pid 5859] setpgid(0, 0 [pid 5828] newfstatat(3, "", [pid 5859] <... setpgid resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5858] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5858] chdir("./file1" [pid 5831] mkdir("./4", 0777 [pid 5859] <... openat resumed>) = 3 [pid 5858] <... chdir resumed>) = 0 [pid 5857] <... sync resumed>) = 0 [pid 5828] getdents64(3, [pid 5859] write(3, "1000", 4 [pid 5858] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5859] <... write resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5859] close(3 [pid 5858] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5859] <... close resumed>) = 0 [pid 5828] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5857] exit_group(0 [pid 5831] <... mkdir resumed>) = 0 executing program [pid 5859] write(1, "executing program\n", 18) = 18 [pid 5859] memfd_create("syzkaller", 0 [pid 5857] <... exit_group resumed>) = ? [pid 5859] <... memfd_create resumed>) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5857] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5858] <... link resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5858] sync( [pid 5831] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(3 [pid 5828] newfstatat(AT_FDCWD, "./3/file1", [pid 5859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(3, "", [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5859] <... write resumed>) = 524288 ./strace-static-x86_64: Process 5860 attached [pid 5859] munmap(0x7ff1eb400000, 138412032 [pid 5860] set_robust_list(0x5555934ed660, 24 [pid 5859] <... munmap resumed>) = 0 [pid 5832] getdents64(3, [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5860 [pid 5828] <... openat resumed>) = 4 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] newfstatat(4, "", [pid 5860] chdir("./4" [pid 5859] <... openat resumed>) = 4 [pid 5860] <... chdir resumed>) = 0 [pid 5858] <... sync resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5859] ioctl(4, LOOP_SET_FD, 3 [pid 5858] exit_group(0 [pid 5832] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 5860] <... prctl resumed>) = 0 [pid 5858] <... exit_group resumed>) = ? [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, [pid 5860] setpgid(0, 0 [pid 5858] +++ exited with 0 +++ [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5860] <... setpgid resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 executing program [pid 5860] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... restart_syscall resumed>) = 0 [pid 5860] <... symlink resumed>) = 0 [pid 5828] close(4 [pid 5860] write(1, "executing program\n", 18) = 18 [pid 5860] memfd_create("syzkaller", 0 [pid 5830] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5860] <... memfd_create resumed>) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./3/file1" [pid 5830] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5860] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5828] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5828] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5859] <... ioctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5859] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./3/binderfs" [pid 5832] newfstatat(AT_FDCWD, "./3/file1", [pid 5830] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] <... write resumed>) = 524288 [pid 5859] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5859] close(4 [pid 5832] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5859] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5859] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] close(3 [pid 5859] <... mkdir resumed>) = 0 [pid 5859] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... close resumed>) = 0 [pid 5860] munmap(0x7ff1eb400000, 138412032 [pid 5832] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 93.135014][ T5859] loop1: detected capacity change from 0 to 1024 [pid 5828] rmdir("./3" [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 5828] <... rmdir resumed>) = 0 [pid 5860] <... munmap resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] mkdir("./4", 0777 [pid 5832] getdents64(4, [pid 5859] <... mount resumed>) = 0 [pid 5859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5860] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5859] <... openat resumed>) = 3 [pid 5860] <... openat resumed>) = 4 [pid 5828] <... mkdir resumed>) = 0 [pid 5860] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5859] chdir("./file1" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] close(4 [pid 5859] <... chdir resumed>) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] rmdir("./3/file1") = 0 [pid 5830] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... ioctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./4/file1", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] unlink("./3/binderfs" [pid 5830] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5861 attached [pid 5832] <... unlink resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5861] set_robust_list(0x5555934ed660, 24 [pid 5832] getdents64(3, [pid 5830] <... openat resumed>) = 4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5861 [pid 5861] <... set_robust_list resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(4, "", [pid 5861] chdir("./4" [pid 5859] <... link resumed>) = 0 [pid 5832] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5859] sync( [pid 5832] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 5861] <... chdir resumed>) = 0 [pid 5832] rmdir("./3" [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5861] <... prctl resumed>) = 0 [pid 5832] mkdir("./4", 0777 [pid 5830] getdents64(4, [pid 5861] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5861] <... setpgid resumed>) = 0 [pid 5860] <... ioctl resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] close(4 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5860] close(3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5860] <... close resumed>) = 0 [pid 5860] close(4 [pid 5832] <... openat resumed>) = 3 [pid 5830] rmdir("./4/file1" [pid 5860] <... close resumed>) = 0 [pid 5860] mkdir("./file1", 0777 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5861] <... openat resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3) = 0 [pid 5861] write(3, "1000", 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached [pid 5861] <... write resumed>) = 4 [pid 5862] set_robust_list(0x5555934ed660, 24 [pid 5861] close(3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5862 [pid 5861] <... close resumed>) = 0 [ 93.225327][ T5860] loop3: detected capacity change from 0 to 1024 [pid 5860] <... mkdir resumed>) = 0 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... rmdir resumed>) = 0 [pid 5860] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5862] chdir("./4" [pid 5830] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5862] <... chdir resumed>) = 0 [pid 5861] <... symlink resumed>) = 0 [pid 5859] <... sync resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] write(1, "executing program\n", 18executing program ) = 18 [pid 5859] exit_group(0 [pid 5830] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5861] memfd_create("syzkaller", 0 [pid 5859] <... exit_group resumed>) = ? [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5862] setpgid(0, 0 [pid 5861] <... memfd_create resumed>) = 3 [pid 5859] +++ exited with 0 +++ [pid 5830] unlink("./4/binderfs" [pid 5862] <... setpgid resumed>) = 0 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5861] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] getdents64(3, [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5860] <... mount resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5862] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5862] write(3, "1000", 4 [pid 5860] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5862] <... write resumed>) = 4 [pid 5860] <... openat resumed>) = 3 [pid 5830] rmdir("./4" [pid 5829] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5862] close(3 [pid 5860] chdir("./file1" [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5862] <... close resumed>) = 0 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5860] <... chdir resumed>) = 0 [pid 5830] mkdir("./5", 0777 [pid 5829] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5862] symlink("/dev/binderfs", "./binderfs" [pid 5860] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5862] <... symlink resumed>) = 0 [pid 5860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5862] write(1, "executing program\n", 18executing program ./strace-static-x86_64: Process 5863 attached ) = 18 [pid 5862] memfd_create("syzkaller", 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5863 [pid 5863] set_robust_list(0x5555934ed660, 24 [pid 5862] <... memfd_create resumed>) = 3 [pid 5861] <... write resumed>) = 524288 [pid 5860] <... link resumed>) = 0 [pid 5860] sync( [pid 5863] <... set_robust_list resumed>) = 0 [pid 5863] chdir("./5" [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] munmap(0x7ff1eb400000, 138412032 [pid 5862] <... mmap resumed>) = 0x7ff1eb400000 [pid 5861] <... munmap resumed>) = 0 [pid 5863] <... chdir resumed>) = 0 [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5863] <... prctl resumed>) = 0 [pid 5861] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = 0 [pid 5861] ioctl(4, LOOP_SET_FD, 3 [pid 5863] setpgid(0, 0 [pid 5829] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] <... setpgid resumed>) = 0 [pid 5829] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] newfstatat(4, "", [pid 5863] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5863] write(3, "1000", 4) = 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5863] close(3 [pid 5829] close(4 [pid 5863] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./4/file1") = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs" [pid 5860] <... sync resumed>) = 0 [pid 5860] exit_group(0 [pid 5829] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5860] <... exit_group resumed>) = ? [pid 5829] newfstatat(AT_FDCWD, "./4/binderfs", executing program [pid 5863] <... symlink resumed>) = 0 [pid 5862] <... write resumed>) = 524288 [pid 5860] +++ exited with 0 +++ [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] write(1, "executing program\n", 18 [pid 5862] munmap(0x7ff1eb400000, 138412032 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5863] <... write resumed>) = 18 [pid 5831] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5863] memfd_create("syzkaller", 0) = 3 [pid 5862] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] unlink("./4/binderfs" [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5862] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5861] <... ioctl resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... unlink resumed>) = 0 [pid 5863] <... mmap resumed>) = 0x7ff1eb400000 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5862] <... openat resumed>) = 4 [pid 5861] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5862] ioctl(4, LOOP_SET_FD, 3 [pid 5861] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5829] <... close resumed>) = 0 [pid 5862] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5861] <... close resumed>) = 0 [pid 5861] mkdir("./file1", 0777 [pid 5831] getdents64(3, [pid 5829] rmdir("./4" [pid 5861] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... rmdir resumed>) = 0 [ 93.376224][ T5861] loop0: detected capacity change from 0 to 1024 [pid 5831] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] mkdir("./5", 0777 [pid 5863] <... write resumed>) = 524288 [pid 5862] ioctl(4, LOOP_CLR_FD [pid 5861] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5863] munmap(0x7ff1eb400000, 138412032 [pid 5862] <... ioctl resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5862] ioctl(4, LOOP_SET_FD, 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5862] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5862] close(4 [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached [pid 5863] <... munmap resumed>) = 0 [pid 5864] set_robust_list(0x5555934ed660, 24 [pid 5863] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5864] <... set_robust_list resumed>) = 0 [pid 5863] <... openat resumed>) = 4 [pid 5862] <... close resumed>) = 0 [pid 5831] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5863] ioctl(4, LOOP_SET_FD, 3 [pid 5862] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5864] chdir("./5" [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5864 [pid 5864] <... chdir resumed>) = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5862] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./4/file1", [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5864] <... openat resumed>) = 3 [pid 5831] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5864] write(3, "1000", 4 [pid 5831] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5864] <... write resumed>) = 4 [pid 5864] close(3) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5864] symlink("/dev/binderfs", "./binderfs" [pid 5831] newfstatat(4, "", [pid 5864] <... symlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5861] <... mount resumed>) = 0 [pid 5831] getdents64(4, executing program [pid 5864] write(1, "executing program\n", 18 [pid 5862] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5861] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5864] <... write resumed>) = 18 [pid 5861] <... openat resumed>) = 3 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5864] memfd_create("syzkaller", 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./4/file1" [pid 5864] <... memfd_create resumed>) = 3 [pid 5862] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5863] <... ioctl resumed>) = 0 [pid 5862] sync( [pid 5861] chdir("./file1" [pid 5831] <... rmdir resumed>) = 0 [pid 5861] <... chdir resumed>) = 0 [pid 5831] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5863] close(3 [pid 5861] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./4/binderfs" [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5863] <... close resumed>) = 0 [pid 5862] <... sync resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5863] close(4 [pid 5831] getdents64(3, [pid 5863] <... close resumed>) = 0 [pid 5862] exit_group(0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5863] mkdir("./file1", 0777 [pid 5862] <... exit_group resumed>) = ? [ 93.462210][ T5863] loop2: detected capacity change from 0 to 1024 [pid 5831] close(3 [pid 5863] <... mkdir resumed>) = 0 [pid 5862] +++ exited with 0 +++ [pid 5831] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] rmdir("./4" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... rmdir resumed>) = 0 [pid 5863] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5861] <... link resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] mkdir("./5", 0777 [pid 5832] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... mkdir resumed>) = 0 [pid 5861] sync( [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5864] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... openat resumed>) = 3 [pid 5864] <... munmap resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5864] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5864] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(3, [pid 5831] <... openat resumed>) = 3 [pid 5864] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5864] ioctl(4, LOOP_CLR_FD) = 0 [pid 5864] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... ioctl resumed>) = 0 [pid 5864] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5864] close(4 [pid 5831] close(3) = 0 [pid 5832] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./4/binderfs") = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./4") = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] mkdir("./5", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached ./strace-static-x86_64: Process 5866 attached [pid 5864] <... close resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5865 [pid 5865] set_robust_list(0x5555934ed660, 24 [pid 5866] set_robust_list(0x5555934ed660, 24 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5865] chdir("./5" [pid 5864] close(3 [pid 5863] <... mount resumed>) = 0 [pid 5866] chdir("./5" [pid 5864] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5866 [pid 5865] <... chdir resumed>) = 0 [pid 5866] <... chdir resumed>) = 0 [pid 5863] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5861] <... sync resumed>) = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5866] <... prctl resumed>) = 0 [pid 5865] <... prctl resumed>) = 0 [pid 5861] exit_group(0 [pid 5866] setpgid(0, 0 [pid 5865] setpgid(0, 0 [pid 5863] <... openat resumed>) = 3 [pid 5861] <... exit_group resumed>) = ? [pid 5866] <... setpgid resumed>) = 0 [pid 5865] <... setpgid resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] <... openat resumed>) = 3 [pid 5866] write(3, "1000", 4 [pid 5865] write(3, "1000", 4 [pid 5866] <... write resumed>) = 4 [pid 5865] <... write resumed>) = 4 [pid 5866] close(3 [pid 5865] close(3 [pid 5861] +++ exited with 0 +++ [pid 5866] <... close resumed>) = 0 [pid 5865] <... close resumed>) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs" [pid 5865] symlink("/dev/binderfs", "./binderfs" [pid 5863] chdir("./file1" [pid 5866] <... symlink resumed>) = 0 [pid 5865] <... symlink resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5863] <... chdir resumed>) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 5866] write(1, "executing program\n", 18executing program [pid 5865] write(1, "executing program\n", 18 [pid 5864] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5866] <... write resumed>) = 18 [pid 5865] <... write resumed>) = 18 [pid 5864] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5863] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5866] memfd_create("syzkaller", 0 [pid 5863] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] <... memfd_create resumed>) = 3 [pid 5865] memfd_create("syzkaller", 0 [pid 5864] sync( [pid 5828] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5865] <... memfd_create resumed>) = 3 [pid 5866] <... mmap resumed>) = 0x7ff1eb400000 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... openat resumed>) = 3 [pid 5865] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 5865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5863] <... link resumed>) = 0 [pid 5863] sync( [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5865] <... write resumed>) = 524288 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5866] <... write resumed>) = 524288 [pid 5863] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5864] <... sync resumed>) = 0 [pid 5864] exit_group(0) = ? [pid 5863] exit_group(0 [pid 5828] newfstatat(AT_FDCWD, "./4/file1", [pid 5863] <... exit_group resumed>) = ? [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] +++ exited with 0 +++ [pid 5828] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5864] +++ exited with 0 +++ [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] <... openat resumed>) = 4 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] newfstatat(4, "", [pid 5865] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5865] <... munmap resumed>) = 0 [pid 5828] getdents64(4, [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 5866] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... close resumed>) = 0 [pid 5866] <... munmap resumed>) = 0 [pid 5828] rmdir("./4/file1" [pid 5830] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5865] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5865] <... openat resumed>) = 4 [pid 5830] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... rmdir resumed>) = 0 [pid 5866] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5829] newfstatat(3, "", [pid 5828] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5866] ioctl(4, LOOP_SET_FD, 3 [pid 5865] ioctl(4, LOOP_SET_FD, 3 [pid 5830] getdents64(3, [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5829] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./4/binderfs" [pid 5829] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5829] unlink("./5/binderfs" [pid 5828] getdents64(3, [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./5") = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] mkdir("./6", 0777 [pid 5828] close(3 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./4" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5867 attached [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5867 [pid 5866] <... ioctl resumed>) = 0 [pid 5867] set_robust_list(0x5555934ed660, 24 [pid 5865] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] mkdir("./5", 0777 [pid 5865] close(3) = 0 [pid 5866] close(3 [pid 5865] close(4 [pid 5866] <... close resumed>) = 0 [pid 5865] <... close resumed>) = 0 [pid 5866] close(4 [pid 5865] mkdir("./file1", 0777 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] <... close resumed>) = 0 [pid 5865] <... mkdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5866] mkdir("./file1", 0777 [pid 5865] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] chdir("./6" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5867] <... chdir resumed>) = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5866] <... mkdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5867] <... prctl resumed>) = 0 [pid 5866] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] newfstatat(AT_FDCWD, "./5/file1", [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5867] setpgid(0, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5867] <... setpgid resumed>) = 0 [pid 5830] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 93.687078][ T5865] loop4: detected capacity change from 0 to 1024 [ 93.694539][ T5866] loop3: detected capacity change from 0 to 1024 [pid 5867] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] close(3 [pid 5866] <... mount resumed>) = 0 [pid 5865] <... mount resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5865] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] newfstatat(4, "", [pid 5867] write(3, "1000", 4 [pid 5865] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5866] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5865] chdir("./file1" [pid 5830] getdents64(4, [pid 5866] <... openat resumed>) = 3 [pid 5865] <... chdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5866] chdir("./file1" [pid 5830] close(4 [pid 5866] <... chdir resumed>) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5867] <... write resumed>) = 4 [pid 5866] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5865] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] rmdir("./5/file1" [pid 5828] <... close resumed>) = 0 [pid 5867] close(3 [pid 5866] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... rmdir resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5866] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5868 attached [pid 5867] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5868] set_robust_list(0x5555934ed660, 24 [pid 5867] <... symlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5868 [pid 5830] unlink("./5/binderfs" [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] write(1, "executing program\n", 18 [pid 5866] <... link resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5868] chdir("./5" [pid 5867] <... write resumed>) = 18 [pid 5866] sync( [pid 5830] getdents64(3, [pid 5867] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 executing program [pid 5868] <... chdir resumed>) = 0 [pid 5867] <... memfd_create resumed>) = 3 [pid 5830] close(3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] <... mmap resumed>) = 0x7ff1eb400000 [pid 5865] <... link resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5868] setpgid(0, 0 [pid 5865] sync( [pid 5830] rmdir("./5" [pid 5868] <... setpgid resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./6", 0777 [pid 5868] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5868] write(3, "1000", 4) = 4 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5868] close(3) = 0 [pid 5866] <... sync resumed>) = 0 [pid 5865] <... sync resumed>) = 0 [pid 5865] exit_group(0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5866] exit_group(0 [pid 5865] <... exit_group resumed>) = ? [pid 5830] <... openat resumed>) = 3 [pid 5868] symlink("/dev/binderfs", "./binderfs" [pid 5867] <... write resumed>) = 524288 [pid 5865] +++ exited with 0 +++ [pid 5868] <... symlink resumed>) = 0 [pid 5868] write(1, "executing program\n", 18 [pid 5866] <... exit_group resumed>) = ? [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5866] +++ exited with 0 +++ [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5832] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5868] <... write resumed>) = 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] memfd_create("syzkaller", 0 [pid 5867] munmap(0x7ff1eb400000, 138412032 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... memfd_create resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5867] <... munmap resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... mmap resumed>) = 0x7ff1eb400000 [pid 5867] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5867] <... openat resumed>) = 4 [pid 5832] newfstatat(3, "", [pid 5831] newfstatat(3, "", [pid 5867] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] getdents64(3, [pid 5832] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached [pid 5869] set_robust_list(0x5555934ed660, 24) = 0 [pid 5869] chdir("./6") = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5869 [pid 5831] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5832] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] write(3, "1000", 4 [pid 5832] newfstatat(AT_FDCWD, "./5/file1", [pid 5869] <... write resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] close(3 [pid 5832] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/file1", [pid 5867] <... ioctl resumed>) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs" [pid 5867] close(3 [pid 5832] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5869] <... symlink resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, executing program [pid 5869] write(1, "executing program\n", 18 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5869] <... write resumed>) = 18 [pid 5832] getdents64(4, [pid 5869] memfd_create("syzkaller", 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./5/file1" [pid 5869] <... memfd_create resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5867] <... close resumed>) = 0 [pid 5832] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5867] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./5/binderfs" [pid 5867] <... close resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... write resumed>) = 524288 [pid 5867] mkdir("./file1", 0777 [pid 5832] getdents64(3, [pid 5831] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] newfstatat(4, "", [pid 5832] close(3 [pid 5867] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 93.856998][ T5867] loop1: detected capacity change from 0 to 1024 [pid 5867] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5868] munmap(0x7ff1eb400000, 138412032 [pid 5832] rmdir("./5" [pid 5831] getdents64(4, [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5868] <... munmap resumed>) = 0 [pid 5832] mkdir("./6", 0777 [pid 5831] getdents64(4, [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5831] rmdir("./5/file1" [pid 5868] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... openat resumed>) = 3 [pid 5831] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] unlink("./5/binderfs" [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached [pid 5870] set_robust_list(0x5555934ed660, 24 [pid 5869] <... write resumed>) = 524288 [pid 5831] <... unlink resumed>) = 0 [pid 5870] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5870 [pid 5870] chdir("./6" [pid 5869] munmap(0x7ff1eb400000, 138412032 [pid 5831] getdents64(3, [pid 5870] <... chdir resumed>) = 0 [pid 5869] <... munmap resumed>) = 0 [pid 5867] <... mount resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... ioctl resumed>) = 0 [pid 5867] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] rmdir("./5" [pid 5870] <... prctl resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 5870] setpgid(0, 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 5870] <... setpgid resumed>) = 0 [pid 5869] <... openat resumed>) = 4 [pid 5867] chdir("./file1" [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5868] close(3 [pid 5867] <... chdir resumed>) = 0 [pid 5831] mkdir("./6", 0777 [pid 5868] <... close resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 5868] close(4 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... openat resumed>) = 3 [pid 5868] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5870] write(3, "1000", 4 [pid 5868] mkdir("./file1", 0777 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5870] <... write resumed>) = 4 [pid 5867] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... ioctl resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 5870] close(3 [pid 5867] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... close resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5870] write(1, "executing program\n", 18) = 18 [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 ./strace-static-x86_64: Process 5871 attached [pid 5868] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5871] set_robust_list(0x5555934ed660, 24) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5871 [pid 5871] chdir("./6" [ 93.933258][ T5868] loop0: detected capacity change from 0 to 1024 [ 93.963926][ T5869] loop2: detected capacity change from 0 to 1024 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5871] <... chdir resumed>) = 0 [pid 5870] <... write resumed>) = 524288 [pid 5869] <... ioctl resumed>) = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] close(3) = 0 [pid 5869] close(4 [pid 5867] <... link resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5867] sync( [pid 5871] <... prctl resumed>) = 0 [pid 5869] mkdir("./file1", 0777 [pid 5871] setpgid(0, 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5871] <... setpgid resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... mount resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5869] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5868] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5871] write(3, "1000", 4) = 4 [pid 5868] <... openat resumed>) = 3 [pid 5871] close(3 [pid 5868] chdir("./file1" [pid 5871] <... close resumed>) = 0 [pid 5868] <... chdir resumed>) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs" [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 5871] <... symlink resumed>) = 0 [pid 5870] munmap(0x7ff1eb400000, 138412032 [pid 5868] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] write(1, "executing program\n", 18) = 18 [pid 5870] <... munmap resumed>) = 0 [pid 5868] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5870] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5871] memfd_create("syzkaller", 0 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5870] ioctl(4, LOOP_CLR_FD [pid 5869] <... mount resumed>) = 0 [pid 5870] <... ioctl resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5871] <... memfd_create resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5869] chdir("./file1") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5870] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5871] <... mmap resumed>) = 0x7ff1eb400000 [pid 5870] close(4) = 0 [pid 5870] close(3 [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5870] <... close resumed>) = 0 [pid 5868] <... link resumed>) = 0 [pid 5869] <... link resumed>) = 0 [pid 5870] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5870] sync( [pid 5868] sync( [pid 5869] sync( [pid 5867] <... sync resumed>) = 0 [pid 5871] <... write resumed>) = 524288 [pid 5870] <... sync resumed>) = 0 [pid 5869] <... sync resumed>) = 0 [pid 5869] exit_group(0) = ? [pid 5870] exit_group(0 [pid 5869] +++ exited with 0 +++ [pid 5867] exit_group(0 [pid 5870] <... exit_group resumed>) = ? [pid 5867] <... exit_group resumed>) = ? [pid 5870] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5868] <... sync resumed>) = 0 [pid 5832] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] +++ exited with 0 +++ [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... openat resumed>) = 4 [pid 5868] exit_group(0 [pid 5832] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... exit_group resumed>) = ? [pid 5832] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] newfstatat(3, "", [pid 5830] <... openat resumed>) = 3 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5868] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(3, "", [pid 5832] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 5829] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] newfstatat(3, "", [pid 5832] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(3, [pid 5832] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] unlink("./6/binderfs") = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./6") = 0 [pid 5832] mkdir("./7", 0777 [pid 5871] <... ioctl resumed>) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5871] close(3) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5871] close(4 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5873 attached [pid 5871] <... close resumed>) = 0 [pid 5828] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] mkdir("./file1", 0777 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... mkdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5873 [pid 5828] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] set_robust_list(0x5555934ed660, 24) = 0 [pid 5871] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... openat resumed>) = 3 [pid 5873] chdir("./7" [pid 5828] newfstatat(3, "", [pid 5873] <... chdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] getdents64(3, [pid 5873] <... prctl resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5873] setpgid(0, 0 [pid 5828] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... setpgid resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4) = 4 [pid 5873] close(3) = 0 [pid 5830] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] symlink("/dev/binderfs", "./binderfs" [pid 5830] newfstatat(AT_FDCWD, "./6/file1", [pid 5873] <... symlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5830] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] write(1, "executing program\n", 18 [pid 5830] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] <... write resumed>) = 18 [pid 5830] <... openat resumed>) = 4 [pid 5873] memfd_create("syzkaller", 0 [pid 5830] newfstatat(4, "", [pid 5871] <... mount resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 94.129397][ T5871] loop3: detected capacity change from 0 to 1024 [pid 5873] <... memfd_create resumed>) = 3 [pid 5871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(4, [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... openat resumed>) = 3 [pid 5873] <... mmap resumed>) = 0x7ff1eb400000 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5871] chdir("./file1" [pid 5828] <... umount2 resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./6/file1" [pid 5871] <... chdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./6/binderfs") = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5828] newfstatat(AT_FDCWD, "./5/file1", [pid 5871] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5828] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./6" [pid 5873] <... write resumed>) = 524288 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... link resumed>) = 0 [pid 5829] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 4 [pid 5830] mkdir("./7", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(4, "", [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 5829] newfstatat(AT_FDCWD, "./6/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] sync( [pid 5873] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] <... sync resumed>) = 0 [pid 5829] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5873] <... openat resumed>) = 4 [pid 5871] exit_group(0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... exit_group resumed>) = ? [pid 5829] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] +++ exited with 0 +++ [pid 5828] getdents64(4, [pid 5829] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] newfstatat(4, "", [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] getdents64(4, [pid 5828] close(4./strace-static-x86_64: Process 5874 attached [pid 5831] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5874 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./5/file1" [pid 5831] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] getdents64(4, [pid 5828] <... rmdir resumed>) = 0 [pid 5874] set_robust_list(0x5555934ed660, 24 [pid 5831] newfstatat(3, "", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, [pid 5828] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5874] <... set_robust_list resumed>) = 0 [pid 5829] close(4 [pid 5874] chdir("./7" [pid 5829] <... close resumed>) = 0 [pid 5874] <... chdir resumed>) = 0 [pid 5829] rmdir("./6/file1" [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... rmdir resumed>) = 0 [pid 5874] <... prctl resumed>) = 0 [pid 5829] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] setpgid(0, 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... setpgid resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5829] unlink("./6/binderfs") = 0 [pid 5874] write(3, "1000", 4 [pid 5829] getdents64(3, [pid 5874] <... write resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] unlink("./5/binderfs" [pid 5874] <... close resumed>) = 0 [pid 5873] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5828] <... unlink resumed>) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs" [pid 5873] close(3 [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5874] <... symlink resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 5829] rmdir("./6"executing program [pid 5874] write(1, "executing program\n", 18 [pid 5873] close(4 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5874] <... write resumed>) = 18 [pid 5873] <... close resumed>) = 0 [pid 5828] close(3) = 0 [pid 5874] memfd_create("syzkaller", 0 [pid 5873] mkdir("./file1", 0777 [pid 5828] rmdir("./5" [pid 5874] <... memfd_create resumed>) = 3 [pid 5873] <... mkdir resumed>) = 0 [pid 5829] mkdir("./7", 0777 [pid 5828] <... rmdir resumed>) = 0 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] mkdir("./6", 0777 [pid 5874] <... mmap resumed>) = 0x7ff1eb400000 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... mkdir resumed>) = 0 [pid 5873] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5828] close(3 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... close resumed>) = 0 ./strace-static-x86_64: Process 5875 attached [ 94.262738][ T5873] loop4: detected capacity change from 0 to 1024 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached , child_tidptr=0x5555934ed650) = 5876 [pid 5876] set_robust_list(0x5555934ed660, 24 [pid 5875] set_robust_list(0x5555934ed660, 24 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5875] chdir("./7") = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5875 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] chdir("./6" [pid 5875] write(3, "1000", 4 [pid 5873] <... mount resumed>) = 0 [pid 5831] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] <... chdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] newfstatat(AT_FDCWD, "./6/file1", [pid 5876] <... prctl resumed>) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5873] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5876] <... openat resumed>) = 3 [pid 5875] <... write resumed>) = 4 [pid 5873] <... openat resumed>) = 3 [pid 5875] close(3 [pid 5873] chdir("./file1" [pid 5875] <... close resumed>) = 0 [pid 5873] <... chdir resumed>) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs" [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5875] <... symlink resumed>) = 0 [pid 5873] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5876] write(3, "1000", 4 [pid 5873] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5876] <... write resumed>) = 4 [pid 5875] write(1, "executing program\n", 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5876] close(3 [pid 5875] <... write resumed>) = 18 [pid 5831] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] <... close resumed>) = 0 [pid 5875] memfd_create("syzkaller", 0 [pid 5876] symlink("/dev/binderfs", "./binderfs" [pid 5875] <... memfd_create resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] <... symlink resumed>) = 0 [pid 5874] <... write resumed>) = 524288 [pid 5831] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5876] write(1, "executing program\n", 18executing program [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... openat resumed>) = 4 [pid 5876] <... write resumed>) = 18 [pid 5875] <... mmap resumed>) = 0x7ff1eb400000 [pid 5876] memfd_create("syzkaller", 0 [pid 5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] newfstatat(4, "", [pid 5874] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3 [pid 5876] <... memfd_create resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5875] <... write resumed>) = 524288 [pid 5873] <... link resumed>) = 0 [pid 5873] sync( [pid 5875] munmap(0x7ff1eb400000, 138412032 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5874] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5875] <... munmap resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5876] <... mmap resumed>) = 0x7ff1eb400000 [pid 5874] close(3) = 0 [pid 5874] close(4 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5874] <... close resumed>) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5875] ioctl(4, LOOP_CLR_FD [pid 5874] mkdir("./file1", 0777 [pid 5875] <... ioctl resumed>) = 0 [pid 5874] <... mkdir resumed>) = 0 [pid 5831] close(4 [pid 5874] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./6/file1" [pid 5875] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5831] <... rmdir resumed>) = 0 [pid 5875] close(4) = 0 [ 94.372691][ T5874] loop2: detected capacity change from 0 to 1024 [pid 5875] close(3 [pid 5876] <... write resumed>) = 524288 [pid 5831] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5875] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5875] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./6/binderfs" [pid 5875] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5875] sync( [pid 5874] <... mount resumed>) = 0 [pid 5873] <... sync resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5873] exit_group(0) = ? [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5876] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5874] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] rmdir("./6" [pid 5874] <... openat resumed>) = 3 [pid 5873] +++ exited with 0 +++ [pid 5831] <... rmdir resumed>) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5875] <... sync resumed>) = 0 [pid 5874] chdir("./file1") = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5876] <... openat resumed>) = 4 [pid 5875] exit_group(0 [pid 5874] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5875] <... exit_group resumed>) = ? [pid 5874] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... restart_syscall resumed>) = 0 [pid 5874] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5876] ioctl(4, LOOP_SET_FD, 3 [pid 5875] +++ exited with 0 +++ [pid 5832] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] mkdir("./7", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... mkdir resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 5829] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5829] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... openat resumed>) = 3 [pid 5832] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(3, "", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5829] getdents64(3, [pid 5874] <... link resumed>) = 0 [pid 5831] close(3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5874] sync( [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./7/binderfs"./strace-static-x86_64: Process 5877 attached ) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./7" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5877 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./8", 0777 [pid 5877] set_robust_list(0x5555934ed660, 24 [pid 5876] <... ioctl resumed>) = 0 [pid 5832] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... mkdir resumed>) = 0 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5877] chdir("./7" [pid 5876] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] <... chdir resumed>) = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] newfstatat(AT_FDCWD, "./7/file1", [pid 5877] <... prctl resumed>) = 0 [pid 5876] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5877] setpgid(0, 0 [pid 5876] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5877] <... setpgid resumed>) = 0 [pid 5832] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5876] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5877] <... openat resumed>) = 3 [pid 5876] mkdir("./file1", 0777 [pid 5832] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5877] write(3, "1000", 4 [pid 5832] <... openat resumed>) = 4 [pid 5877] <... write resumed>) = 4 [pid 5877] close(3 [pid 5832] newfstatat(4, "", [pid 5877] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5874] <... sync resumed>) = 0 [pid 5832] getdents64(4, [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 94.497588][ T5876] loop0: detected capacity change from 0 to 1024 [pid 5874] exit_group(0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached [pid 5876] <... mkdir resumed>) = 0 [pid 5874] <... exit_group resumed>) = ? [pid 5878] set_robust_list(0x5555934ed660, 24 [pid 5876] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5874] +++ exited with 0 +++ [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5878 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5878] chdir("./8" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5878] <... chdir resumed>) = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4executing program ) = 4 [pid 5877] write(1, "executing program\n", 18 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5877] <... write resumed>) = 18 [pid 5876] <... mount resumed>) = 0 [pid 5832] getdents64(4, [pid 5878] close(3 [pid 5877] memfd_create("syzkaller", 0 [pid 5876] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5878] <... close resumed>) = 0 [pid 5877] <... memfd_create resumed>) = 3 [pid 5876] <... openat resumed>) = 3 [pid 5832] close(4 [pid 5878] symlink("/dev/binderfs", "./binderfs" [pid 5876] chdir("./file1" [pid 5830] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5878] <... symlink resumed>) = 0 [pid 5877] <... mmap resumed>) = 0x7ff1eb400000 [pid 5876] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5878] write(1, "executing program\n", 18 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5878] <... write resumed>) = 18 [pid 5876] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... openat resumed>) = 3 [pid 5878] memfd_create("syzkaller", 0 [pid 5876] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] newfstatat(3, "", [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] rmdir("./7/file1" [pid 5878] <... memfd_create resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] getdents64(3, [pid 5878] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5830] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5877] <... write resumed>) = 524288 [pid 5832] unlink("./7/binderfs" [pid 5876] <... link resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5876] sync( [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./7") = 0 [pid 5832] mkdir("./8", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5878] <... write resumed>) = 524288 [pid 5832] <... openat resumed>) = 3 [pid 5878] munmap(0x7ff1eb400000, 138412032 [pid 5877] munmap(0x7ff1eb400000, 138412032 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5877] <... munmap resumed>) = 0 [pid 5832] close(3 [pid 5878] <... munmap resumed>) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3 [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5832] <... close resumed>) = 0 [pid 5877] ioctl(4, LOOP_SET_FD, 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./7/file1") = 0 [pid 5878] <... ioctl resumed>) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./file1", 0777) = 0 [pid 5830] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5879 attached ) = -1 EINVAL (Invalid argument) [pid 5878] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./7/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./7") = 0 [pid 5830] mkdir("./8", 0777) = 0 [pid 5879] set_robust_list(0x5555934ed660, 24 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5879] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5879 [pid 5879] chdir("./8" [pid 5830] <... openat resumed>) = 3 [pid 5879] <... chdir resumed>) = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0 [pid 5877] <... ioctl resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5879] <... setpgid resumed>) = 0 [pid 5877] close(3 [pid 5830] <... ioctl resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5877] <... close resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached [pid 5877] close(4 [pid 5879] <... openat resumed>) = 3 [pid 5877] <... close resumed>) = 0 [pid 5879] write(3, "1000", 4 [pid 5877] mkdir("./file1", 0777 [pid 5880] set_robust_list(0x5555934ed660, 24 [pid 5879] <... write resumed>) = 4 [pid 5877] <... mkdir resumed>) = 0 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5880 [pid 5880] chdir("./8") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] close(3 [pid 5878] <... mount resumed>) = 0 [pid 5877] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5878] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./file1" [pid 5880] <... openat resumed>) = 3 [pid 5878] <... chdir resumed>) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 94.640524][ T5878] loop1: detected capacity change from 0 to 1024 [ 94.672390][ T5877] loop3: detected capacity change from 0 to 1024 [pid 5880] write(3, "1000", 4 [pid 5878] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5880] <... write resumed>) = 4 [pid 5878] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5880] write(1, "executing program\n", 18 [pid 5879] <... close resumed>) = 0 [pid 5878] <... link resumed>) = 0 [pid 5878] sync( [pid 5880] <... write resumed>) = 18 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5879] symlink("/dev/binderfs", "./binderfs" [pid 5877] <... mount resumed>) = 0 [pid 5876] <... sync resumed>) = 0 [pid 5880] <... mmap resumed>) = 0x7ff1eb400000 [pid 5877] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5876] exit_group(0 [pid 5877] <... openat resumed>) = 3 [pid 5876] <... exit_group resumed>) = ? [pid 5877] chdir("./file1" [pid 5879] <... symlink resumed>) = 0 [pid 5877] <... chdir resumed>) = 0 [pid 5876] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5877] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 5879] write(1, "executing program\n", 18 [pid 5877] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5879] <... write resumed>) = 18 [pid 5877] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] memfd_create("syzkaller", 0 [pid 5878] <... sync resumed>) = 0 [pid 5877] <... link resumed>) = 0 [pid 5879] <... memfd_create resumed>) = 3 [pid 5878] exit_group(0 [pid 5828] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5878] <... exit_group resumed>) = ? [pid 5880] <... write resumed>) = 524288 [pid 5879] <... mmap resumed>) = 0x7ff1eb400000 [pid 5878] +++ exited with 0 +++ [pid 5877] sync( [pid 5828] <... openat resumed>) = 3 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] newfstatat(3, "", [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5880] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5879] <... write resumed>) = 524288 [pid 5829] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5880] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5877] <... sync resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5880] ioctl(4, LOOP_CLR_FD [pid 5879] munmap(0x7ff1eb400000, 138412032 [pid 5877] exit_group(0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] <... exit_group resumed>) = ? [pid 5880] <... ioctl resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... munmap resumed>) = 0 [pid 5877] +++ exited with 0 +++ [pid 5828] newfstatat(AT_FDCWD, "./6/file1", [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5879] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./8/file1", [pid 5880] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5879] <... openat resumed>) = 4 [pid 5828] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5880] close(4 [pid 5831] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5828] newfstatat(4, "", [pid 5831] newfstatat(3, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(4, [pid 5880] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5829] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] newfstatat(4, "", [pid 5828] getdents64(4, [pid 5831] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(4, [pid 5828] close(4 [pid 5880] close(3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... close resumed>) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./8/file1" [pid 5831] <... umount2 resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] rmdir("./6/file1" [pid 5829] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5880] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... ioctl resumed>) = 0 [pid 5829] unlink("./8/binderfs" [pid 5831] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5879] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(3, [pid 5828] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./7/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5831] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] close(3 [pid 5828] unlink("./6/binderfs" [pid 5831] <... openat resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5879] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./8" [pid 5828] <... unlink resumed>) = 0 [pid 5831] getdents64(4, [pid 5828] getdents64(3, [pid 5879] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5880] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5879] mkdir("./file1", 0777 [pid 5831] getdents64(4, [pid 5829] mkdir("./9", 0777 [pid 5828] close(3 [pid 5880] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5879] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] close(4 [pid 5828] rmdir("./6" [pid 5880] sync( [pid 5879] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] rmdir("./7/file1" [pid 5829] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] mkdir("./7", 0777 [pid 5829] close(3 [pid 5831] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5831] unlink("./7/binderfs" [pid 5828] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5883 attached [pid 5883] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5883 [pid 5828] <... ioctl resumed>) = 0 [pid 5883] <... set_robust_list resumed>) = 0 [ 94.864083][ T5879] loop4: detected capacity change from 0 to 1024 [pid 5883] chdir("./9" [pid 5828] close(3 [pid 5831] <... unlink resumed>) = 0 [pid 5883] <... chdir resumed>) = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] <... mount resumed>) = 0 [pid 5883] <... openat resumed>) = 3 [pid 5883] write(3, "1000", 4 [pid 5879] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5883] <... write resumed>) = 4 [pid 5879] <... openat resumed>) = 3 [pid 5831] getdents64(3, [pid 5883] close(3 [pid 5879] chdir("./file1" [pid 5883] <... close resumed>) = 0 [pid 5879] <... chdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5883] <... symlink resumed>) = 0 [pid 5879] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"executing program [pid 5831] close(3 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5883] write(1, "executing program\n", 18) = 18 [pid 5831] <... close resumed>) = 0 [pid 5883] memfd_create("syzkaller", 0 [pid 5831] rmdir("./7"./strace-static-x86_64: Process 5884 attached [pid 5883] <... memfd_create resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] mkdir("./8", 0777 [pid 5883] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... mkdir resumed>) = 0 [pid 5884] set_robust_list(0x5555934ed660, 24 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5884] <... set_robust_list resumed>) = 0 [pid 5884] chdir("./7" [pid 5880] <... sync resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5884 [pid 5884] <... chdir resumed>) = 0 [pid 5880] exit_group(0 [pid 5879] <... link resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5880] <... exit_group resumed>) = ? [pid 5879] sync( [pid 5831] <... ioctl resumed>) = 0 [pid 5884] <... prctl resumed>) = 0 [pid 5880] +++ exited with 0 +++ [pid 5831] close(3 [pid 5884] setpgid(0, 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] <... close resumed>) = 0 [pid 5884] <... setpgid resumed>) = 0 [pid 5830] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./8/binderfs") = 0 [pid 5883] <... write resumed>) = 524288 [pid 5884] <... openat resumed>) = 3 [pid 5879] <... sync resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./8") = 0 [pid 5884] write(3, "1000", 4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5884] <... write resumed>) = 4 [pid 5879] exit_group(0) = ? ./strace-static-x86_64: Process 5885 attached [pid 5884] close(3 [pid 5879] +++ exited with 0 +++ [pid 5884] <... close resumed>) = 0 [pid 5883] munmap(0x7ff1eb400000, 138412032 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5885 [pid 5830] mkdir("./9", 0777 [pid 5885] set_robust_list(0x5555934ed660, 24 [pid 5884] symlink("/dev/binderfs", "./binderfs" [pid 5883] <... munmap resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... mkdir resumed>) = 0 [pid 5885] <... set_robust_list resumed>) = 0 [pid 5885] chdir("./8" [pid 5884] <... symlink resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5885] <... chdir resumed>) = 0 [pid 5884] write(1, "executing program\n", 18 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 5883] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5885] <... prctl resumed>) = 0 [pid 5884] <... write resumed>) = 18 [pid 5883] <... openat resumed>) = 4 [pid 5885] setpgid(0, 0 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5885] <... setpgid resumed>) = 0 [pid 5884] memfd_create("syzkaller", 0 [pid 5883] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5884] <... memfd_create resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5883] ioctl(4, LOOP_CLR_FD [pid 5832] <... openat resumed>) = 3 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] newfstatat(3, "", [pid 5883] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 5885] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(3, [pid 5884] <... mmap resumed>) = 0x7ff1eb400000 [pid 5885] write(3, "1000", 4 [pid 5883] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5885] <... write resumed>) = 4 [pid 5883] close(4./strace-static-x86_64: Process 5886 attached [pid 5885] close(3 [pid 5883] <... close resumed>) = 0 [pid 5832] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] set_robust_list(0x5555934ed660, 24 [pid 5885] <... close resumed>) = 0 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5883] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5886 [pid 5883] <... close resumed>) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5886] <... set_robust_list resumed>) = 0 [pid 5886] chdir("./9" [pid 5885] write(1, "executing program\n", 18) = 18 [pid 5885] memfd_create("syzkaller", 0 [pid 5886] <... chdir resumed>) = 0 [pid 5885] <... memfd_create resumed>) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5885] <... mmap resumed>) = 0x7ff1eb400000 [pid 5886] <... prctl resumed>) = 0 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4 [pid 5883] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5886] <... write resumed>) = 4 [pid 5883] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5886] close(3 [pid 5883] sync( [pid 5886] <... close resumed>) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5832] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] write(1, "executing program\n", 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5886] <... write resumed>) = 18 [pid 5832] newfstatat(AT_FDCWD, "./8/file1", [pid 5886] memfd_create("syzkaller", 0) = 3 [pid 5883] <... sync resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] <... mmap resumed>) = 0x7ff1eb400000 [pid 5883] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5883] <... exit_group resumed>) = ? [pid 5832] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] <... write resumed>) = 524288 [pid 5886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5884] munmap(0x7ff1eb400000, 138412032 [pid 5883] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 4 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5885] <... write resumed>) = 524288 [pid 5884] <... munmap resumed>) = 0 [pid 5832] getdents64(4, [pid 5829] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... openat resumed>) = 3 [pid 5886] <... write resumed>) = 524288 [pid 5885] munmap(0x7ff1eb400000, 138412032 [pid 5884] <... openat resumed>) = 4 [pid 5832] getdents64(4, [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5885] <... munmap resumed>) = 0 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(3, [pid 5832] close(4 [pid 5885] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5885] <... openat resumed>) = 4 [pid 5829] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5832] rmdir("./8/file1" [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./9/binderfs") = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./9") = 0 [pid 5829] mkdir("./10", 0777) = 0 [pid 5886] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5832] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] <... ioctl resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5885] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5886] <... openat resumed>) = 4 [pid 5885] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5885] <... close resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5886] <... ioctl resumed>) = 0 [pid 5885] close(4 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5885] <... close resumed>) = 0 [pid 5884] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] close(3 [pid 5885] mkdir("./file1", 0777 [pid 5884] <... close resumed>) = 0 [pid 5832] unlink("./8/binderfs" [pid 5829] <... close resumed>) = 0 [pid 5885] <... mkdir resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached [pid 5885] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5884] close(4 [pid 5832] <... unlink resumed>) = 0 [pid 5884] <... close resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5884] mkdir("./file1", 0777 [pid 5832] close(3 [pid 5887] set_robust_list(0x5555934ed660, 24) = 0 [pid 5884] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5887] chdir("./10") = 0 [pid 5832] rmdir("./8" [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5887 [pid 5887] <... setpgid resumed>) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5887] write(3, "1000", 4 [pid 5832] mkdir("./9", 0777 [pid 5887] <... write resumed>) = 4 [pid 5887] close(3 [pid 5886] close(3 [pid 5887] <... close resumed>) = 0 [pid 5886] <... close resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5886] close(4 [pid 5887] symlink("/dev/binderfs", "./binderfs" [pid 5886] <... close resumed>) = 0 [pid 5887] <... symlink resumed>) = 0 [ 95.131804][ T5884] loop0: detected capacity change from 0 to 1024 [ 95.135457][ T5885] loop3: detected capacity change from 0 to 1024 [ 95.171803][ T5886] loop2: detected capacity change from 0 to 1024 [pid 5886] mkdir("./file1", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR executing program [pid 5887] write(1, "executing program\n", 18 [pid 5884] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... openat resumed>) = 3 [pid 5885] <... mount resumed>) = 0 [pid 5887] <... write resumed>) = 18 [pid 5885] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5887] memfd_create("syzkaller", 0 [pid 5885] <... openat resumed>) = 3 [pid 5887] <... memfd_create resumed>) = 3 [pid 5886] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5885] chdir("./file1" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5885] <... chdir resumed>) = 0 [pid 5887] <... mmap resumed>) = 0x7ff1eb400000 [pid 5885] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... ioctl resumed>) = 0 [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5885] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] close(3 [pid 5885] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5886] <... mount resumed>) = 0 [pid 5886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./file1") = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] <... close resumed>) = 0 [pid 5886] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5885] <... link resumed>) = 0 [pid 5885] sync( [pid 5884] <... mount resumed>) = 0 [pid 5884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5884] chdir("./file1" [pid 5887] <... write resumed>) = 524288 [pid 5884] <... chdir resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5889 attached ) = -1 EBUSY (Device or resource busy) [pid 5889] set_robust_list(0x5555934ed660, 24 [pid 5886] <... link resumed>) = 0 [pid 5884] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5889] <... set_robust_list resumed>) = 0 [pid 5886] sync( [pid 5889] chdir("./9" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5889 [pid 5887] munmap(0x7ff1eb400000, 138412032 [pid 5889] <... chdir resumed>) = 0 [pid 5887] <... munmap resumed>) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3 [pid 5884] <... link resumed>) = 0 [pid 5889] <... close resumed>) = 0 [pid 5884] sync( [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5889] write(1, "executing program\n", 18) = 18 [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5887] <... ioctl resumed>) = 0 [pid 5887] close(3 [pid 5889] <... mmap resumed>) = 0x7ff1eb400000 [pid 5887] <... close resumed>) = 0 [pid 5887] close(4) = 0 [pid 5885] <... sync resumed>) = 0 [pid 5887] mkdir("./file1", 0777 [pid 5885] exit_group(0) = ? [pid 5887] <... mkdir resumed>) = 0 [pid 5886] <... sync resumed>) = 0 [pid 5885] +++ exited with 0 +++ [pid 5887] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5886] exit_group(0 [pid 5884] <... sync resumed>) = 0 [pid 5886] <... exit_group resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5884] exit_group(0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5884] <... exit_group resumed>) = ? [ 95.287470][ T5887] loop1: detected capacity change from 0 to 1024 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5884] +++ exited with 0 +++ [pid 5831] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5830] newfstatat(3, "", [pid 5828] newfstatat(3, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] getdents64(3, [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] <... write resumed>) = 524288 [pid 5887] <... mount resumed>) = 0 [pid 5831] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5887] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5887] <... openat resumed>) = 3 [pid 5887] chdir("./file1") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5887] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5889] munmap(0x7ff1eb400000, 138412032 [pid 5828] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5889] <... munmap resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", [pid 5831] <... umount2 resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5889] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5887] <... link resumed>) = 0 [pid 5831] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5828] getdents64(4, [pid 5889] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] close(4 [pid 5831] newfstatat(AT_FDCWD, "./8/file1", [pid 5830] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5889] ioctl(4, LOOP_SET_FD, 3 [pid 5887] sync( [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./7/file1" [pid 5831] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./9/file1", [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5830] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(4, "", [pid 5830] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] unlink("./7/binderfs" [pid 5889] <... ioctl resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] <... openat resumed>) = 4 [pid 5828] <... unlink resumed>) = 0 [pid 5889] close(3) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(4, "", [pid 5828] getdents64(3, [pid 5889] close(4 [pid 5831] getdents64(4, [pid 5889] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5889] mkdir("./file1", 0777 [pid 5887] <... sync resumed>) = 0 [pid 5831] close(4 [pid 5830] getdents64(4, [pid 5828] close(3 [pid 5889] <... mkdir resumed>) = 0 [pid 5887] exit_group(0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] rmdir("./8/file1" [pid 5830] getdents64(4, [pid 5828] <... close resumed>) = 0 [pid 5889] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5887] <... exit_group resumed>) = ? [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] rmdir("./7" [pid 5830] close(4) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5887] +++ exited with 0 +++ [pid 5831] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./9/file1" [pid 5828] mkdir("./8", 0777 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 95.425327][ T5889] loop4: detected capacity change from 0 to 1024 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5830] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 5829] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... ioctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5831] unlink("./8/binderfs" [pid 5828] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] unlink("./9/binderfs" [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] getdents64(3, [pid 5889] <... mount resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5889] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] close(3 [pid 5830] close(3 [pid 5889] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./9"./strace-static-x86_64: Process 5892 attached [pid 5889] chdir("./file1" [pid 5831] rmdir("./8" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./10/file1", [pid 5831] <... rmdir resumed>) = 0 [pid 5889] <... chdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5892 [pid 5892] set_robust_list(0x5555934ed660, 24 [pid 5889] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] mkdir("./9", 0777 [pid 5830] mkdir("./10", 0777 [pid 5829] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5889] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", [pid 5830] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5831] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5830] close(3 [pid 5829] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5831] close(3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached [pid 5892] chdir("./8" [pid 5831] <... close resumed>) = 0 [pid 5829] rmdir("./10/file1" [pid 5892] <... chdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached [pid 5893] set_robust_list(0x5555934ed660, 24 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5889] <... link resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5893 [pid 5829] <... rmdir resumed>) = 0 [pid 5894] set_robust_list(0x5555934ed660, 24 [pid 5892] <... prctl resumed>) = 0 [pid 5889] sync( [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5894 [pid 5893] <... set_robust_list resumed>) = 0 [pid 5829] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5892] setpgid(0, 0 [pid 5893] chdir("./10" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] <... chdir resumed>) = 0 [pid 5892] <... setpgid resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5893] <... prctl resumed>) = 0 [pid 5829] unlink("./10/binderfs" [pid 5893] setpgid(0, 0 [pid 5829] <... unlink resumed>) = 0 [pid 5893] <... setpgid resumed>) = 0 [pid 5829] getdents64(3, [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] <... openat resumed>) = 3 [pid 5892] <... openat resumed>) = 3 [pid 5829] close(3 [pid 5894] chdir("./9" [pid 5893] write(3, "1000", 4 [pid 5892] write(3, "1000", 4 [pid 5829] <... close resumed>) = 0 [pid 5894] <... chdir resumed>) = 0 [pid 5892] <... write resumed>) = 4 [pid 5892] close(3) = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5892] symlink("/dev/binderfs", "./binderfs" [pid 5894] <... prctl resumed>) = 0 [pid 5894] setpgid(0, 0 [pid 5893] <... write resumed>) = 4 [pid 5892] <... symlink resumed>) = 0 [pid 5829] rmdir("./10"executing program [pid 5894] <... setpgid resumed>) = 0 [pid 5892] write(1, "executing program\n", 18 [pid 5829] <... rmdir resumed>) = 0 [pid 5892] <... write resumed>) = 18 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5893] close(3 [pid 5829] mkdir("./11", 0777) = 0 [pid 5893] <... close resumed>) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs" [pid 5892] memfd_create("syzkaller", 0 [pid 5894] <... openat resumed>) = 3 [pid 5892] <... memfd_create resumed>) = 3 [pid 5889] <... sync resumed>) = 0 [pid 5894] write(3, "1000", 4 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5894] <... write resumed>) = 4 [pid 5892] <... mmap resumed>) = 0x7ff1eb400000 [pid 5889] exit_group(0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5894] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 5893] <... symlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 executing program [pid 5894] <... close resumed>) = 0 [pid 5889] <... exit_group resumed>) = ? [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] write(1, "executing program\n", 18 [pid 5894] write(1, "executing program\n", 18 [pid 5893] <... write resumed>) = 18 [pid 5893] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5895 attached [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5895 executing program [pid 5893] <... mmap resumed>) = 0x7ff1eb400000 [pid 5894] <... write resumed>) = 18 [pid 5889] +++ exited with 0 +++ [pid 5895] set_robust_list(0x5555934ed660, 24) = 0 [pid 5895] chdir("./11") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5894] memfd_create("syzkaller", 0 [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5894] <... memfd_create resumed>) = 3 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5895] <... openat resumed>) = 3 [pid 5894] <... mmap resumed>) = 0x7ff1eb400000 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5895] write(1, "executing program\n", 18 [pid 5893] <... write resumed>) = 524288 [pid 5895] <... write resumed>) = 18 [pid 5832] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5892] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5894] <... write resumed>) = 524288 [pid 5893] munmap(0x7ff1eb400000, 138412032 [pid 5892] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5895] <... write resumed>) = 524288 [pid 5893] <... munmap resumed>) = 0 [pid 5894] munmap(0x7ff1eb400000, 138412032 [pid 5892] <... munmap resumed>) = 0 [pid 5894] <... munmap resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] getdents64(3, [pid 5893] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5892] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5893] <... openat resumed>) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5832] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5894] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5893] ioctl(4, LOOP_SET_FD, 3 [pid 5894] <... openat resumed>) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3 [pid 5895] munmap(0x7ff1eb400000, 138412032 [pid 5893] <... ioctl resumed>) = 0 [pid 5893] close(3) = 0 [pid 5893] close(4) = 0 [pid 5893] mkdir("./file1", 0777) = 0 [pid 5893] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./9/file1", [pid 5895] <... munmap resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5893] <... mount resumed>) = 0 [pid 5893] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./file1") = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5892] <... ioctl resumed>) = 0 [pid 5832] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5892] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5892] <... close resumed>) = 0 [pid 5892] close(4 [pid 5832] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5895] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5892] <... close resumed>) = 0 [pid 5895] <... openat resumed>) = 4 [pid 5892] mkdir("./file1", 0777 [pid 5832] <... openat resumed>) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5892] <... mkdir resumed>) = 0 [ 95.691513][ T5892] loop0: detected capacity change from 0 to 1024 [ 95.700397][ T5893] loop2: detected capacity change from 0 to 1024 [ 95.708615][ T5894] loop3: detected capacity change from 0 to 1024 [pid 5895] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5894] <... ioctl resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5895] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5894] close(3) = 0 [pid 5893] <... link resumed>) = 0 [pid 5832] getdents64(4, [pid 5894] close(4 [pid 5893] sync( [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(4, [pid 5895] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5894] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5895] close(4 [pid 5894] mkdir("./file1", 0777 [pid 5832] close(4) = 0 [pid 5832] rmdir("./9/file1") = 0 [pid 5892] <... mount resumed>) = 0 [pid 5892] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./file1" [pid 5832] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5892] <... chdir resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5892] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5895] <... close resumed>) = 0 [pid 5894] <... mkdir resumed>) = 0 [pid 5894] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] unlink("./9/binderfs" [pid 5892] <... link resumed>) = 0 [pid 5892] sync( [pid 5832] <... unlink resumed>) = 0 [pid 5895] close(3 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./9") = 0 [pid 5895] <... close resumed>) = 0 [pid 5832] mkdir("./10", 0777 [pid 5895] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5895] sync( [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5894] <... mount resumed>) = 0 [pid 5893] <... sync resumed>) = 0 ./strace-static-x86_64: Process 5896 attached [pid 5894] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] exit_group(0) = ? [pid 5892] <... sync resumed>) = 0 [pid 5895] <... sync resumed>) = 0 [pid 5896] set_robust_list(0x5555934ed660, 24 [pid 5894] chdir("./file1" [pid 5896] <... set_robust_list resumed>) = 0 [pid 5895] exit_group(0 [pid 5894] <... chdir resumed>) = 0 [pid 5893] +++ exited with 0 +++ [pid 5892] exit_group(0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5896 [pid 5895] <... exit_group resumed>) = ? [pid 5892] <... exit_group resumed>) = ? [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5895] +++ exited with 0 +++ [pid 5892] +++ exited with 0 +++ [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5896] chdir("./10" [pid 5894] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5896] <... chdir resumed>) = 0 [pid 5894] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5894] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... restart_syscall resumed>) = 0 [pid 5896] <... prctl resumed>) = 0 [pid 5830] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5896] setpgid(0, 0 [pid 5830] getdents64(3, [pid 5896] <... setpgid resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5896] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5896] write(3, "1000", 4 [pid 5829] newfstatat(3, "", [pid 5896] <... write resumed>) = 4 [pid 5896] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5896] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5896] <... symlink resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 5829] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(3, "", [pid 5896] write(1, "executing program\n", 18 [pid 5829] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5896] <... write resumed>) = 18 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] getdents64(3, [pid 5896] memfd_create("syzkaller", 0 [pid 5829] unlink("./11/binderfs" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5896] <... memfd_create resumed>) = 3 [pid 5828] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5894] <... link resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5896] <... mmap resumed>) = 0x7ff1eb400000 [pid 5894] sync( [pid 5830] <... umount2 resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5828] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] rmdir("./11" [pid 5830] newfstatat(AT_FDCWD, "./10/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./8/file1", [pid 5896] <... write resumed>) = 524288 [pid 5894] <... sync resumed>) = 0 [pid 5830] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5894] exit_group(0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5894] <... exit_group resumed>) = ? [pid 5894] +++ exited with 0 +++ [pid 5830] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] mkdir("./12", 0777 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 5828] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] newfstatat(4, "", [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5896] munmap(0x7ff1eb400000, 138412032 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(4, "", [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5896] <... munmap resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] getdents64(4, [pid 5829] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] getdents64(4, [pid 5831] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] getdents64(4, [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5896] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] newfstatat(3, "", [pid 5829] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(4, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5897 attached [pid 5896] <... openat resumed>) = 4 [pid 5830] close(4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5897] set_robust_list(0x5555934ed660, 24 [pid 5830] <... close resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5897 [pid 5828] close(4 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5896] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] rmdir("./10/file1" [pid 5828] <... close resumed>) = 0 [pid 5897] chdir("./12" [pid 5830] <... rmdir resumed>) = 0 [pid 5828] rmdir("./8/file1" [pid 5897] <... chdir resumed>) = 0 [pid 5830] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... rmdir resumed>) = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... prctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] setpgid(0, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5897] <... setpgid resumed>) = 0 [pid 5830] unlink("./10/binderfs" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... unlink resumed>) = 0 [pid 5828] unlink("./8/binderfs" [pid 5830] getdents64(3, [pid 5828] <... unlink resumed>) = 0 [pid 5897] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(3, [pid 5830] close(3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] close(3 [pid 5897] write(3, "1000", 4 [pid 5830] rmdir("./10" [pid 5828] <... close resumed>) = 0 [pid 5897] <... write resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] rmdir("./8" [pid 5897] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 5897] <... close resumed>) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] mkdir("./11", 0777 [pid 5828] mkdir("./9", 0777 [pid 5831] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... mkdir resumed>) = 0 executing program [pid 5897] write(1, "executing program\n", 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] <... write resumed>) = 18 [pid 5830] <... mkdir resumed>) = 0 [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./9/file1", [pid 5830] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5831] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached [pid 5831] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5896] <... ioctl resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5898 [pid 5831] getdents64(4, [pid 5896] close(3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5898] set_robust_list(0x5555934ed660, 24 [pid 5897] <... write resumed>) = 524288 [pid 5896] <... close resumed>) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5898] chdir("./11" [pid 5831] rmdir("./9/file1" [pid 5898] <... chdir resumed>) = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 5898] setpgid(0, 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached [pid 5898] <... setpgid resumed>) = 0 [pid 5896] <... close resumed>) = 0 [pid 5831] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5896] mkdir("./file1", 0777 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5899] set_robust_list(0x5555934ed660, 24 [pid 5898] <... openat resumed>) = 3 [pid 5831] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5899] <... set_robust_list resumed>) = 0 [pid 5898] write(3, "1000", 4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5899 [pid 5899] chdir("./9" [pid 5898] <... write resumed>) = 4 [pid 5896] <... mkdir resumed>) = 0 [pid 5899] <... chdir resumed>) = 0 [pid 5898] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5898] <... close resumed>) = 0 [pid 5899] <... prctl resumed>) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs" [pid 5831] unlink("./9/binderfs" [ 95.990332][ T5896] loop4: detected capacity change from 0 to 1024 [pid 5899] setpgid(0, 0 [pid 5896] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5899] <... setpgid resumed>) = 0 [pid 5898] <... symlink resumed>) = 0 [pid 5897] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... unlink resumed>) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5897] <... munmap resumed>) = 0 [pid 5831] getdents64(3, [pid 5899] <... openat resumed>) = 3 [pid 5898] write(1, "executing program\n", 18executing program ) = 18 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5898] memfd_create("syzkaller", 0 [pid 5831] close(3 [pid 5899] write(3, "1000", 4 [pid 5898] <... memfd_create resumed>) = 3 [pid 5897] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... close resumed>) = 0 [pid 5899] <... write resumed>) = 4 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5897] <... openat resumed>) = 4 [pid 5831] rmdir("./9" [pid 5899] close(3) = 0 [pid 5898] <... mmap resumed>) = 0x7ff1eb400000 [pid 5899] symlink("/dev/binderfs", "./binderfs" [pid 5898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5897] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... rmdir resumed>) = 0 executing program [pid 5899] <... symlink resumed>) = 0 [pid 5831] mkdir("./10", 0777) = 0 [pid 5899] write(1, "executing program\n", 18) = 18 [pid 5899] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5899] <... memfd_create resumed>) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] <... openat resumed>) = 3 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5897] <... ioctl resumed>) = 0 [pid 5898] <... write resumed>) = 524288 [pid 5897] close(3 [pid 5898] munmap(0x7ff1eb400000, 138412032 [pid 5897] <... close resumed>) = 0 [pid 5898] <... munmap resumed>) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./file1", 0777 [pid 5898] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5897] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5900 attached [pid 5898] <... openat resumed>) = 4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5900 [pid 5899] <... write resumed>) = 524288 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5897] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5900] set_robust_list(0x5555934ed660, 24 [pid 5898] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5898] ioctl(4, LOOP_CLR_FD) = 0 [pid 5896] <... mount resumed>) = 0 [pid 5896] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5900] <... set_robust_list resumed>) = 0 [pid 5896] <... openat resumed>) = 3 [pid 5896] chdir("./file1") = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5896] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5899] munmap(0x7ff1eb400000, 138412032 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5900] chdir("./10" [pid 5899] <... munmap resumed>) = 0 [pid 5898] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] <... chdir resumed>) = 0 [ 96.065355][ T5897] loop1: detected capacity change from 0 to 1024 [pid 5898] close(4 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5898] <... close resumed>) = 0 [pid 5900] <... prctl resumed>) = 0 [pid 5899] <... openat resumed>) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5900] setpgid(0, 0 [pid 5898] close(3 [pid 5900] <... setpgid resumed>) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] <... mount resumed>) = 0 [pid 5900] write(3, "1000", 4 [pid 5897] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] <... write resumed>) = 4 [pid 5897] chdir("./file1" [pid 5896] <... link resumed>) = 0 [pid 5900] close(3) = 0 [pid 5897] <... chdir resumed>) = 0 [pid 5896] sync( [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5898] <... close resumed>) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] memfd_create("syzkaller", 0 [pid 5897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5897] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5900] <... memfd_create resumed>) = 3 [pid 5898] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5898] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5900] <... mmap resumed>) = 0x7ff1eb400000 [pid 5898] sync( [pid 5899] <... ioctl resumed>) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./file1", 0777) = 0 [pid 5899] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [ 96.128211][ T5899] loop0: detected capacity change from 0 to 1024 [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5897] <... link resumed>) = 0 [pid 5899] <... mount resumed>) = 0 [pid 5897] sync( [pid 5899] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5896] <... sync resumed>) = 0 [pid 5899] <... openat resumed>) = 3 [pid 5899] chdir("./file1") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5896] exit_group(0) = ? [pid 5900] <... write resumed>) = 524288 [pid 5899] <... link resumed>) = 0 [pid 5896] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5900] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] <... munmap resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] sync( [pid 5832] <... openat resumed>) = 3 [pid 5900] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5898] <... sync resumed>) = 0 [pid 5897] <... sync resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5898] exit_group(0) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5900] <... openat resumed>) = 4 [pid 5897] exit_group(0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5900] ioctl(4, LOOP_SET_FD, 3 [pid 5897] <... exit_group resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] +++ exited with 0 +++ [pid 5899] <... sync resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5899] exit_group(0 [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5899] <... exit_group resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = 0 [pid 5832] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] newfstatat(AT_FDCWD, "./10/file1", [pid 5830] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(AT_FDCWD, "./12/file1", [pid 5832] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(4, "", [pid 5830] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5900] <... ioctl resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5829] <... openat resumed>) = 4 [pid 5828] newfstatat(3, "", [pid 5900] close(3 [pid 5829] newfstatat(4, "", [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5830] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5828] getdents64(3, [pid 5900] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5900] close(4 [pid 5829] getdents64(4, [pid 5900] <... close resumed>) = 0 [pid 5900] mkdir("./file1", 0777 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] close(4 [pid 5830] unlink("./11/binderfs" [pid 5829] getdents64(4, [pid 5828] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5900] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 5829] close(4 [pid 5832] rmdir("./10/file1" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] close(3 [pid 5828] <... umount2 resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./11") = 0 [pid 5832] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] rmdir("./12/file1" [pid 5832] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5828] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] mkdir("./12", 0777 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] unlink("./10/binderfs" [pid 5830] <... mkdir resumed>) = 0 [pid 5829] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./9/file1", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 96.264063][ T5900] loop3: detected capacity change from 0 to 1024 [pid 5832] <... unlink resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5830] <... openat resumed>) = 3 [pid 5829] unlink("./12/binderfs" [pid 5828] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5829] getdents64(3, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5901 attached [pid 5832] close(3 [pid 5829] close(3 [pid 5828] newfstatat(4, "", [pid 5832] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./12" [pid 5832] rmdir("./10" [pid 5828] getdents64(4, [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5901 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5900] <... mount resumed>) = 0 [pid 5829] mkdir("./13", 0777 [pid 5901] set_robust_list(0x5555934ed660, 24 [pid 5832] mkdir("./11", 0777 [pid 5828] getdents64(4, [pid 5901] <... set_robust_list resumed>) = 0 [pid 5900] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5901] chdir("./12") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5900] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... openat resumed>) = 3 [pid 5828] close(4 [pid 5901] <... prctl resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5828] <... close resumed>) = 0 [pid 5900] chdir("./file1" [pid 5829] <... openat resumed>) = 3 [pid 5901] setpgid(0, 0 [pid 5900] <... chdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] rmdir("./9/file1" [pid 5901] <... setpgid resumed>) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] close(3 [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5900] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... close resumed>) = 0 [pid 5829] close(3 [pid 5901] <... openat resumed>) = 3 [pid 5900] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... close resumed>) = 0 [pid 5828] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] write(3, "1000", 4 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5901] <... write resumed>) = 4 [pid 5828] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5901] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5901] <... close resumed>) = 0 [pid 5828] unlink("./9/binderfs") = 0 ./strace-static-x86_64: Process 5902 attached [pid 5828] getdents64(3, [pid 5902] set_robust_list(0x5555934ed660, 24 [pid 5901] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5901] <... symlink resumed>) = 0 [pid 5828] <... close resumed>) = 0 executing program [pid 5902] <... set_robust_list resumed>) = 0 [pid 5901] write(1, "executing program\n", 18 [pid 5828] rmdir("./9" [pid 5901] <... write resumed>) = 18 [pid 5828] <... rmdir resumed>) = 0 [pid 5902] chdir("./13" [pid 5901] memfd_create("syzkaller", 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5902 [pid 5828] mkdir("./10", 0777 [pid 5902] <... chdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... mkdir resumed>) = 0 [pid 5901] <... memfd_create resumed>) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5903 attached [pid 5901] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... openat resumed>) = 3 [pid 5901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5903] set_robust_list(0x5555934ed660, 24 [pid 5828] close(3 [pid 5903] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5903 [pid 5828] <... close resumed>) = 0 [pid 5903] chdir("./11" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5904 attached [pid 5903] <... chdir resumed>) = 0 [pid 5902] setpgid(0, 0 [pid 5900] <... link resumed>) = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5902] <... setpgid resumed>) = 0 [pid 5900] sync( [pid 5903] <... prctl resumed>) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5904] set_robust_list(0x5555934ed660, 24 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5904] <... set_robust_list resumed>) = 0 [pid 5903] <... openat resumed>) = 3 [pid 5902] <... openat resumed>) = 3 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5904 [pid 5904] chdir("./10" [pid 5902] write(3, "1000", 4 [pid 5904] <... chdir resumed>) = 0 [pid 5903] write(3, "1000", 4 [pid 5902] <... write resumed>) = 4 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5903] <... write resumed>) = 4 [pid 5903] close(3 [pid 5902] close(3 [pid 5904] <... prctl resumed>) = 0 [pid 5903] <... close resumed>) = 0 [pid 5902] <... close resumed>) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs" [pid 5904] setpgid(0, 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5902] <... symlink resumed>) = 0 executing program [pid 5904] <... setpgid resumed>) = 0 [pid 5903] write(1, "executing program\n", 18executing program [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5903] <... write resumed>) = 18 [pid 5902] write(1, "executing program\n", 18 [pid 5903] memfd_create("syzkaller", 0 [pid 5902] <... write resumed>) = 18 [pid 5904] <... openat resumed>) = 3 [pid 5903] <... memfd_create resumed>) = 3 [pid 5902] memfd_create("syzkaller", 0 [pid 5901] <... write resumed>) = 524288 [pid 5900] <... sync resumed>) = 0 [pid 5900] exit_group(0 [pid 5902] <... memfd_create resumed>) = 3 [pid 5900] <... exit_group resumed>) = ? [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5904] write(3, "1000", 4 [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5901] munmap(0x7ff1eb400000, 138412032 [pid 5904] <... write resumed>) = 4 [pid 5901] <... munmap resumed>) = 0 [pid 5900] +++ exited with 0 +++ [pid 5902] <... mmap resumed>) = 0x7ff1eb400000 [pid 5904] close(3 [pid 5901] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5904] <... close resumed>) = 0 [pid 5901] <... openat resumed>) = 4 [pid 5904] symlink("/dev/binderfs", "./binderfs" [pid 5901] ioctl(4, LOOP_SET_FD, 3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5904] <... symlink resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 executing program [pid 5904] write(1, "executing program\n", 18 [pid 5903] <... write resumed>) = 524288 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5904] <... write resumed>) = 18 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5901] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5903] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [ 96.447102][ T5901] loop2: detected capacity change from 0 to 1024 [pid 5901] mkdir("./file1", 0777) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3 [pid 5901] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] getdents64(3, [pid 5902] <... write resumed>) = 524288 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5904] <... write resumed>) = 524288 [pid 5904] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5902] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5904] <... openat resumed>) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3 [pid 5902] <... munmap resumed>) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3 [pid 5903] <... ioctl resumed>) = 0 [pid 5901] <... mount resumed>) = 0 [pid 5904] <... ioctl resumed>) = 0 [pid 5901] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5904] close(3) = 0 [pid 5903] close(3 [pid 5901] <... openat resumed>) = 3 [pid 5903] <... close resumed>) = 0 [pid 5901] chdir("./file1" [pid 5903] close(4 [pid 5901] <... chdir resumed>) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5904] close(4 [pid 5901] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5903] <... close resumed>) = 0 [pid 5901] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5904] <... close resumed>) = 0 [pid 5903] mkdir("./file1", 0777 [pid 5904] mkdir("./file1", 0777 [pid 5903] <... mkdir resumed>) = 0 [pid 5904] <... mkdir resumed>) = 0 [pid 5903] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5902] <... ioctl resumed>) = 0 [pid 5902] close(3 [pid 5904] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5902] <... close resumed>) = 0 [pid 5902] close(4) = 0 [pid 5901] <... link resumed>) = 0 [pid 5901] sync( [pid 5902] mkdir("./file1", 0777) = 0 [ 96.498815][ T5903] loop4: detected capacity change from 0 to 1024 [ 96.520329][ T5904] loop0: detected capacity change from 0 to 1024 [ 96.531698][ T5902] loop1: detected capacity change from 0 to 1024 [pid 5902] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5903] <... mount resumed>) = 0 [pid 5831] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5903] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] <... openat resumed>) = 3 [pid 5903] chdir("./file1") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] <... openat resumed>) = 4 [pid 5903] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5902] <... mount resumed>) = 0 [pid 5831] rmdir("./10/file1") = 0 [pid 5831] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5903] <... link resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./10/binderfs") = 0 [pid 5904] <... mount resumed>) = 0 [pid 5903] sync( [pid 5904] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5902] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] getdents64(3, [pid 5904] <... openat resumed>) = 3 [pid 5902] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5902] chdir("./file1" [pid 5904] chdir("./file1") = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5904] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5902] <... chdir resumed>) = 0 [pid 5831] close(3 [pid 5902] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... close resumed>) = 0 [pid 5902] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] rmdir("./10" [pid 5902] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... rmdir resumed>) = 0 [pid 5901] <... sync resumed>) = 0 [pid 5901] exit_group(0) = ? [pid 5901] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] mkdir("./11", 0777) = 0 [pid 5904] <... link resumed>) = 0 [pid 5902] <... link resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... umount2 resumed>) = 0 [pid 5904] sync( [pid 5830] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5903] <... sync resumed>) = 0 [pid 5902] sync( [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] exit_group(0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... ioctl resumed>) = 0 [pid 5903] <... exit_group resumed>) = ? [pid 5831] close(3 [pid 5830] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] +++ exited with 0 +++ [pid 5831] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5905 attached [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5905 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] getdents64(4, [pid 5905] set_robust_list(0x5555934ed660, 24 [pid 5904] <... sync resumed>) = 0 [pid 5902] <... sync resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5905] <... set_robust_list resumed>) = 0 [pid 5905] chdir("./11" [pid 5832] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5902] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(4 [pid 5905] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5902] <... exit_group resumed>) = ? [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5902] +++ exited with 0 +++ [pid 5905] <... prctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] rmdir("./12/file1" [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5905] setpgid(0, 0 [pid 5832] newfstatat(3, "", [pid 5830] <... rmdir resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5905] <... setpgid resumed>) = 0 [pid 5832] getdents64(3, [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./12/binderfs" [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./12" [pid 5904] exit_group(0 [pid 5830] <... rmdir resumed>) = 0 [pid 5904] <... exit_group resumed>) = ? [pid 5905] <... openat resumed>) = 3 [pid 5829] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] write(3, "1000", 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5905] <... write resumed>) = 4 [pid 5829] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5905] close(3 [pid 5830] mkdir("./13", 0777 [pid 5905] <... close resumed>) = 0 [pid 5904] +++ exited with 0 +++ [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5905] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... umount2 resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5905] <... symlink resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3) = 0 [pid 5832] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5905] write(1, "executing program\n", 18 [pid 5829] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5906 attached [pid 5905] <... write resumed>) = 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./11/file1", [pid 5828] newfstatat(3, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] memfd_create("syzkaller", 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5905] <... memfd_create resumed>) = 3 [pid 5832] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5906] set_robust_list(0x5555934ed660, 24 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5905] <... mmap resumed>) = 0x7ff1eb400000 [pid 5906] <... set_robust_list resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5906 [pid 5828] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] chdir("./13" [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5906] <... chdir resumed>) = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] getdents64(4, [pid 5906] <... prctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5906] setpgid(0, 0 [pid 5832] getdents64(4, [pid 5906] <... setpgid resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] close(4 [pid 5906] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5906] write(3, "1000", 4 [pid 5832] rmdir("./11/file1" [pid 5828] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] <... write resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./10/file1", [pid 5906] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5906] symlink("/dev/binderfs", "./binderfs" [pid 5828] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5906] <... symlink resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5832] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(4, "", [pid 5905] <... write resumed>) = 524288 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./13/file1", executing program [pid 5906] write(1, "executing program\n", 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5906] <... write resumed>) = 18 [pid 5832] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5828] getdents64(4, [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5832] unlink("./11/binderfs" [pid 5829] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5906] memfd_create("syzkaller", 0 [pid 5832] <... unlink resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5906] <... memfd_create resumed>) = 3 [pid 5832] getdents64(3, [pid 5828] rmdir("./10/file1") = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] rmdir("./11" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5906] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] unlink("./10/binderfs" [pid 5829] newfstatat(4, "", [pid 5828] <... unlink resumed>) = 0 [pid 5832] mkdir("./12", 0777) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./10" [pid 5829] getdents64(4, [pid 5828] <... rmdir resumed>) = 0 [pid 5905] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] mkdir("./11", 0777 [pid 5905] <... munmap resumed>) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] close(4 [pid 5828] <... mkdir resumed>) = 0 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5905] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5905] ioctl(4, LOOP_SET_FD, 3 [pid 5829] rmdir("./13/file1" [pid 5905] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5905] ioctl(4, LOOP_CLR_FD [pid 5829] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5829] unlink("./13/binderfs" [pid 5828] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... unlink resumed>) = 0 [pid 5905] ioctl(4, LOOP_SET_FD, 3 [pid 5829] getdents64(3, [pid 5907] set_robust_list(0x5555934ed660, 24executing program [pid 5906] <... write resumed>) = 524288 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5908 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5907 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5908 attached [pid 5907] <... set_robust_list resumed>) = 0 [pid 5905] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] chdir("./11" [pid 5906] munmap(0x7ff1eb400000, 138412032 [pid 5907] <... chdir resumed>) = 0 [pid 5906] <... munmap resumed>) = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5906] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5907] <... prctl resumed>) = 0 [pid 5906] <... openat resumed>) = 4 [pid 5907] setpgid(0, 0 [pid 5906] ioctl(4, LOOP_SET_FD, 3 [pid 5907] <... setpgid resumed>) = 0 [pid 5906] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5906] ioctl(4, LOOP_CLR_FD [pid 5907] <... openat resumed>) = 3 [pid 5906] <... ioctl resumed>) = 0 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5906] close(4) = 0 [pid 5906] close(3 [pid 5907] write(1, "executing program\n", 18 [pid 5905] close(4 [pid 5829] close(3 [pid 5908] set_robust_list(0x5555934ed660, 24 [pid 5907] <... write resumed>) = 18 [pid 5907] memfd_create("syzkaller", 0 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5907] <... memfd_create resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5908] chdir("./12" [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5905] <... close resumed>) = 0 [pid 5829] rmdir("./13" [pid 5908] <... chdir resumed>) = 0 [pid 5906] <... close resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5906] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] mkdir("./14", 0777 [pid 5908] <... prctl resumed>) = 0 [pid 5906] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] <... mkdir resumed>) = 0 [pid 5906] sync( [pid 5908] setpgid(0, 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5908] <... setpgid resumed>) = 0 [pid 5905] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5908] <... openat resumed>) = 3 [pid 5905] <... close resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5908] write(3, "1000", 4) = 4 [pid 5907] <... write resumed>) = 524288 [pid 5906] <... sync resumed>) = 0 [pid 5829] close(3 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs" [pid 5906] exit_group(0) = ? executing program [pid 5908] <... symlink resumed>) = 0 [pid 5908] write(1, "executing program\n", 18) = 18 [pid 5908] memfd_create("syzkaller", 0 [pid 5906] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5907] munmap(0x7ff1eb400000, 138412032 [pid 5908] <... memfd_create resumed>) = 3 [pid 5905] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5907] <... munmap resumed>) = 0 [pid 5905] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5830] <... openat resumed>) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5909 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5905] sync( [pid 5830] newfstatat(3, "", ./strace-static-x86_64: Process 5909 attached [pid 5907] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, executing program [pid 5908] <... write resumed>) = 524288 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5907] ioctl(4, LOOP_SET_FD, 3 [pid 5905] <... sync resumed>) = 0 [pid 5909] set_robust_list(0x5555934ed660, 24) = 0 [pid 5909] chdir("./14") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5905] exit_group(0 [pid 5909] write(1, "executing program\n", 18) = 18 [pid 5909] memfd_create("syzkaller", 0) = 3 [pid 5905] <... exit_group resumed>) = ? [pid 5830] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5908] munmap(0x7ff1eb400000, 138412032 [pid 5905] +++ exited with 0 +++ [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5908] <... munmap resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5830] unlink("./13/binderfs" [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5908] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5907] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5907] close(3 [pid 5831] getdents64(3, [pid 5830] <... unlink resumed>) = 0 [pid 5907] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5907] close(4 [pid 5831] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5907] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5908] <... openat resumed>) = 4 [pid 5907] mkdir("./file1", 0777 [pid 5831] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5830] close(3 [pid 5908] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 96.927332][ T5907] loop0: detected capacity change from 0 to 1024 [pid 5909] <... write resumed>) = 524288 [pid 5907] <... mkdir resumed>) = 0 [pid 5831] unlink("./11/binderfs" [pid 5830] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./11") = 0 [pid 5831] mkdir("./12", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5909] munmap(0x7ff1eb400000, 138412032 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5909] <... munmap resumed>) = 0 [pid 5908] <... ioctl resumed>) = 0 [pid 5907] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] rmdir("./13" [pid 5831] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] mkdir("./14", 0777) = 0 [pid 5908] close(3) = 0 [pid 5908] close(4 [pid 5909] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5908] <... close resumed>) = 0 [pid 5909] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5910 attached [pid 5909] ioctl(4, LOOP_SET_FD, 3 [pid 5908] mkdir("./file1", 0777 [ 96.971619][ T5908] loop4: detected capacity change from 0 to 1024 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5908] <... mkdir resumed>) = 0 [pid 5907] <... mount resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5910 [pid 5830] <... openat resumed>) = 3 [pid 5907] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5910] set_robust_list(0x5555934ed660, 24 [pid 5907] <... openat resumed>) = 3 [pid 5907] chdir("./file1" [pid 5910] <... set_robust_list resumed>) = 0 [pid 5907] <... chdir resumed>) = 0 [pid 5910] chdir("./12" [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5910] <... chdir resumed>) = 0 [pid 5907] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5908] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] close(3 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5907] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... close resumed>) = 0 [pid 5910] <... prctl resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5911 [pid 5911] set_robust_list(0x5555934ed660, 24 [pid 5910] write(3, "1000", 4 [pid 5911] <... set_robust_list resumed>) = 0 [pid 5910] <... write resumed>) = 4 [pid 5910] close(3 [pid 5911] chdir("./14" [pid 5910] <... close resumed>) = 0 [pid 5911] <... chdir resumed>) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs" [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] <... symlink resumed>) = 0 [pid 5910] write(1, "executing program\n", 18 [pid 5911] setpgid(0, 0executing program [pid 5910] <... write resumed>) = 18 [pid 5911] <... setpgid resumed>) = 0 [pid 5910] memfd_create("syzkaller", 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5909] <... ioctl resumed>) = 0 [pid 5907] <... link resumed>) = 0 [pid 5910] <... memfd_create resumed>) = 3 [pid 5911] <... openat resumed>) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5909] close(3 [pid 5908] <... mount resumed>) = 0 [pid 5907] sync( [pid 5911] write(3, "1000", 4 [pid 5910] <... mmap resumed>) = 0x7ff1eb400000 [pid 5908] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5909] <... close resumed>) = 0 [pid 5908] <... openat resumed>) = 3 [pid 5911] <... write resumed>) = 4 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5909] close(4 [pid 5908] chdir("./file1") = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5911] close(3 [pid 5908] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5909] <... close resumed>) = 0 [pid 5911] <... close resumed>) = 0 [pid 5909] mkdir("./file1", 0777 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] <... mkdir resumed>) = 0 [ 97.014051][ T5909] loop1: detected capacity change from 0 to 1024 [pid 5911] write(1, "executing program\n", 18executing program ) = 18 [pid 5909] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5911] memfd_create("syzkaller", 0 [pid 5908] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5911] <... memfd_create resumed>) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5910] <... write resumed>) = 524288 [pid 5908] <... link resumed>) = 0 [pid 5908] sync( [pid 5910] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5909] <... mount resumed>) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5909] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5907] <... sync resumed>) = 0 [pid 5911] munmap(0x7ff1eb400000, 138412032 [pid 5910] <... openat resumed>) = 4 [pid 5909] <... openat resumed>) = 3 [pid 5907] exit_group(0 [pid 5909] chdir("./file1" [pid 5910] ioctl(4, LOOP_SET_FD, 3 [pid 5911] <... munmap resumed>) = 0 [pid 5907] <... exit_group resumed>) = ? [pid 5911] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5909] <... chdir resumed>) = 0 [pid 5907] +++ exited with 0 +++ [pid 5911] <... openat resumed>) = 4 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5911] ioctl(4, LOOP_SET_FD, 3 [pid 5909] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5910] <... ioctl resumed>) = 0 [pid 5828] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5910] close(3) = 0 [pid 5910] close(4) = 0 [pid 5910] mkdir("./file1", 0777) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5910] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5908] <... sync resumed>) = 0 [pid 5908] exit_group(0) = ? [pid 5908] +++ exited with 0 +++ [pid 5909] <... link resumed>) = 0 [pid 5909] sync( [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5828] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... restart_syscall resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", [pid 5911] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 5911] close(3) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5911] close(4) = 0 [pid 5832] getdents64(3, [pid 5911] mkdir("./file1", 0777 [pid 5910] <... mount resumed>) = 0 [pid 5910] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./file1") = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5910] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5910] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5911] <... mkdir resumed>) = 0 [pid 5832] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5911] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5910] <... link resumed>) = 0 [ 97.123938][ T5910] loop3: detected capacity change from 0 to 1024 [ 97.133368][ T5911] loop2: detected capacity change from 0 to 1024 [ 97.151766][ T1212] cfg80211: failed to load regulatory.db [pid 5910] sync( [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... umount2 resumed>) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./11/file1") = 0 [pid 5828] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./11/binderfs") = 0 [pid 5828] getdents64(3, [pid 5832] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5911] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] close(3 [pid 5832] newfstatat(AT_FDCWD, "./12/file1", [pid 5828] <... close resumed>) = 0 [pid 5911] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] rmdir("./11" [pid 5909] <... sync resumed>) = 0 [pid 5909] exit_group(0) = ? [pid 5911] <... openat resumed>) = 3 [pid 5832] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... rmdir resumed>) = 0 [pid 5911] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5911] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5911] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... openat resumed>) = 4 [pid 5828] mkdir("./12", 0777 [pid 5911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(4, "", [pid 5828] <... mkdir resumed>) = 0 [pid 5911] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5910] <... sync resumed>) = 0 [pid 5909] +++ exited with 0 +++ [pid 5832] getdents64(4, [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5910] exit_group(0) = ? [pid 5910] +++ exited with 0 +++ [pid 5832] getdents64(4, [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(4 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5832] rmdir("./12/file1" [pid 5828] close(3 [pid 5911] <... link resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5829] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5911] sync( [pid 5829] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./14/file1") = 0 [pid 5829] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./14/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] rmdir("./14") = 0 ./strace-static-x86_64: Process 5913 attached [pid 5832] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5913 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5913] set_robust_list(0x5555934ed660, 24 [pid 5832] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] mkdir("./15", 0777 [pid 5913] <... set_robust_list resumed>) = 0 [pid 5832] unlink("./12/binderfs") = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5913] chdir("./12" [pid 5832] getdents64(3, [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached [pid 5913] <... chdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5914 [pid 5914] set_robust_list(0x5555934ed660, 24 [pid 5913] <... prctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5913] setpgid(0, 0 [pid 5832] rmdir("./12" [pid 5914] chdir("./15") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5913] <... setpgid resumed>) = 0 [pid 5911] <... sync resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5914] <... prctl resumed>) = 0 [pid 5911] exit_group(0 [pid 5914] setpgid(0, 0 [pid 5911] <... exit_group resumed>) = ? [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] mkdir("./13", 0777 [pid 5913] <... openat resumed>) = 3 [pid 5832] <... mkdir resumed>) = 0 [pid 5913] write(3, "1000", 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5913] <... write resumed>) = 4 [pid 5914] <... setpgid resumed>) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5913] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5913] <... close resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs" [pid 5832] close(3 [pid 5914] <... openat resumed>) = 3 [pid 5913] <... symlink resumed>) = 0 [pid 5831] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5914] write(3, "1000", 4 [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... write resumed>) = 4 [pid 5913] write(1, "executing program\n", 18 [pid 5911] +++ exited with 0 +++ [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] newfstatat(AT_FDCWD, "./12/file1", [pid 5914] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5914] <... close resumed>) = 0 [pid 5831] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5914] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5914] <... symlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program executing program ./strace-static-x86_64: Process 5915 attached [pid 5914] write(1, "executing program\n", 18 [pid 5913] <... write resumed>) = 18 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5915 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5914] <... write resumed>) = 18 [pid 5831] newfstatat(4, "", [pid 5914] memfd_create("syzkaller", 0) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] set_robust_list(0x5555934ed660, 24 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5913] memfd_create("syzkaller", 0 [pid 5831] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 5915] <... set_robust_list resumed>) = 0 [pid 5913] <... memfd_create resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5915] chdir("./13" [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] getdents64(4, [pid 5830] newfstatat(3, "", [pid 5913] <... mmap resumed>) = 0x7ff1eb400000 [pid 5915] <... chdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] close(4 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5914] <... write resumed>) = 524288 [pid 5831] <... close resumed>) = 0 [pid 5915] <... prctl resumed>) = 0 [pid 5830] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./12/file1" [pid 5915] setpgid(0, 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5915] <... setpgid resumed>) = 0 [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./12/binderfs" [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5915] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5915] write(3, "1000", 4) = 4 [pid 5831] close(3 [pid 5915] close(3 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./12" [pid 5915] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] mkdir("./13", 0777 [pid 5915] write(1, "executing program\n", 18 [pid 5831] <... mkdir resumed>) = 0 executing program [pid 5830] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5915] <... write resumed>) = 18 [pid 5914] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5914] <... munmap resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./14/file1", [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] <... mmap resumed>) = 0x7ff1eb400000 [pid 5914] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5913] <... write resumed>) = 524288 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... openat resumed>) = 4 [pid 5914] <... openat resumed>) = 4 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5830] newfstatat(4, "", [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5913] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] ioctl(4, LOOP_SET_FD, 3 [pid 5830] getdents64(4, [pid 5913] <... munmap resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./14/file1") = 0 [pid 5915] <... write resumed>) = 524288 [pid 5913] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5915] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./14/binderfs") = 0 [pid 5915] <... munmap resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 5915] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5914] <... ioctl resumed>) = 0 [pid 5915] <... openat resumed>) = 4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] close(3 [pid 5914] close(3 [pid 5830] <... close resumed>) = 0 [pid 5915] ioctl(4, LOOP_SET_FD, 3 [pid 5830] rmdir("./14") = 0 ./strace-static-x86_64: Process 5916 attached [pid 5914] <... close resumed>) = 0 [pid 5913] <... ioctl resumed>) = 0 [pid 5916] set_robust_list(0x5555934ed660, 24 [pid 5914] close(4 [pid 5913] close(3 [pid 5830] mkdir("./15", 0777 [pid 5916] <... set_robust_list resumed>) = 0 [pid 5916] chdir("./13" [pid 5914] <... close resumed>) = 0 [pid 5913] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5916 [pid 5916] <... chdir resumed>) = 0 [pid 5913] close(4 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] mkdir("./file1", 0777 [pid 5913] <... close resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5916] setpgid(0, 0 [pid 5913] mkdir("./file1", 0777 [pid 5916] <... setpgid resumed>) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] <... mkdir resumed>) = 0 [pid 5913] <... mkdir resumed>) = 0 [pid 5916] write(3, "1000", 4 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5916] <... write resumed>) = 4 [pid 5916] close(3 [pid 5913] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... openat resumed>) = 3 [pid 5914] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5916] <... close resumed>) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs" [pid 5830] close(3 [pid 5916] <... symlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 executing program [pid 5916] write(1, "executing program\n", 18) = 18 [pid 5916] memfd_create("syzkaller", 0) = 3 [ 97.416697][ T5914] loop1: detected capacity change from 0 to 1024 [ 97.440114][ T5913] loop0: detected capacity change from 0 to 1024 [ 97.454837][ T5915] loop4: detected capacity change from 0 to 1024 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5913] <... mount resumed>) = 0 [pid 5915] <... ioctl resumed>) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5915] <... close resumed>) = 0 [pid 5913] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5915] mkdir("./file1", 0777) = 0 [pid 5913] <... openat resumed>) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5917 [pid 5913] chdir("./file1"./strace-static-x86_64: Process 5917 attached [pid 5915] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5913] <... chdir resumed>) = 0 [pid 5917] set_robust_list(0x5555934ed660, 24) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5917] chdir("./15" [pid 5913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5917] <... chdir resumed>) = 0 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5913] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] <... mount resumed>) = 0 [pid 5914] <... mount resumed>) = 0 [pid 5914] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5915] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5914] <... openat resumed>) = 3 [pid 5917] write(3, "1000", 4executing program [pid 5915] <... openat resumed>) = 3 [pid 5914] chdir("./file1" [pid 5917] <... write resumed>) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] <... chdir resumed>) = 0 [pid 5915] chdir("./file1" [pid 5914] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5915] <... chdir resumed>) = 0 [pid 5914] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5915] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5914] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5915] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5915] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5917] write(1, "executing program\n", 18) = 18 [pid 5917] memfd_create("syzkaller", 0) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5915] <... link resumed>) = 0 [pid 5914] <... link resumed>) = 0 [pid 5915] sync( [pid 5914] sync( [pid 5913] <... link resumed>) = 0 [pid 5916] <... write resumed>) = 524288 [pid 5913] sync( [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5916] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3 [pid 5917] <... write resumed>) = 524288 [pid 5917] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5915] <... sync resumed>) = 0 [pid 5915] exit_group(0) = ? [pid 5915] +++ exited with 0 +++ [pid 5913] <... sync resumed>) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5917] <... openat resumed>) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3 [pid 5916] <... ioctl resumed>) = 0 [pid 5914] <... sync resumed>) = 0 [pid 5913] exit_group(0 [pid 5916] close(3 [pid 5914] exit_group(0 [pid 5913] <... exit_group resumed>) = ? [pid 5832] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5916] <... close resumed>) = 0 [pid 5914] <... exit_group resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5916] close(4 [pid 5914] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 5916] <... close resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5916] mkdir("./file1", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] getdents64(3, [pid 5916] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 5828] newfstatat(3, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] getdents64(3, [pid 5829] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5916] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5917] <... ioctl resumed>) = 0 [pid 5917] close(3) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5917] close(4 [pid 5829] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5917] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5917] mkdir("./file1", 0777 [pid 5829] newfstatat(AT_FDCWD, "./15/file1", [ 97.582602][ T5916] loop3: detected capacity change from 0 to 1024 [ 97.606680][ T5917] loop2: detected capacity change from 0 to 1024 [pid 5828] newfstatat(AT_FDCWD, "./12/file1", [pid 5917] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(4, "", [pid 5828] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5917] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5828] getdents64(4, [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(4, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 5829] close(4 [pid 5828] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] rmdir("./12/file1" [pid 5829] rmdir("./15/file1" [pid 5828] <... rmdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./13/file1", [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5917] <... mount resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5829] unlink("./15/binderfs" [pid 5828] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5917] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5916] <... mount resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] unlink("./12/binderfs" [pid 5917] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5828] <... unlink resumed>) = 0 [pid 5917] chdir("./file1" [pid 5916] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(3, [pid 5917] <... chdir resumed>) = 0 [pid 5916] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(3, [pid 5917] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5916] chdir("./file1" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5917] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... close resumed>) = 0 [pid 5829] close(3) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5916] <... chdir resumed>) = 0 [pid 5832] rmdir("./13/file1" [pid 5828] close(3 [pid 5829] rmdir("./15" [pid 5917] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./12") = 0 [pid 5828] mkdir("./13", 0777) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 5829] mkdir("./16", 0777 [pid 5916] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... mkdir resumed>) = 0 [pid 5916] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5829] close(3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5829] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5917] <... link resumed>) = 0 [pid 5832] unlink("./13/binderfs" [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] close(3./strace-static-x86_64: Process 5918 attached [pid 5832] <... unlink resumed>) = 0 [pid 5917] sync( [pid 5832] getdents64(3, [pid 5828] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5916] <... link resumed>) = 0 [pid 5832] close(3 [pid 5916] sync(./strace-static-x86_64: Process 5919 attached [pid 5918] set_robust_list(0x5555934ed660, 24 [pid 5832] <... close resumed>) = 0 [pid 5918] <... set_robust_list resumed>) = 0 [pid 5832] rmdir("./13" [pid 5918] chdir("./16" [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./14", 0777 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5918 [pid 5918] <... chdir resumed>) = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] set_robust_list(0x5555934ed660, 24 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5919 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5918] setpgid(0, 0 [pid 5919] chdir("./13" [pid 5832] <... mkdir resumed>) = 0 [pid 5918] <... setpgid resumed>) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5919] <... chdir resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5918] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5919] <... openat resumed>) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5832] <... ioctl resumed>) = 0 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs" [pid 5832] close(3 [pid 5918] <... symlink resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5919] write(3, "1000", 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5919] <... write resumed>) = 4 [pid 5919] close(3) = 0 [pid 5918] write(1, "executing program\n", 18 [pid 5919] symlink("/dev/binderfs", "./binderfs" [pid 5918] <... write resumed>) = 18 ./strace-static-x86_64: Process 5920 attached [pid 5919] <... symlink resumed>) = 0 [pid 5918] memfd_create("syzkaller", 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5920 [pid 5918] <... memfd_create resumed>) = 3 [pid 5919] write(1, "executing program\n", 18executing program [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] set_robust_list(0x5555934ed660, 24 [pid 5919] <... write resumed>) = 18 [pid 5918] <... mmap resumed>) = 0x7ff1eb400000 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5920] chdir("./14" [pid 5919] memfd_create("syzkaller", 0 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5917] <... sync resumed>) = 0 [pid 5919] <... memfd_create resumed>) = 3 [pid 5917] exit_group(0 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] <... chdir resumed>) = 0 [pid 5917] <... exit_group resumed>) = ? [pid 5919] <... mmap resumed>) = 0x7ff1eb400000 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5917] +++ exited with 0 +++ [pid 5916] <... sync resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5920] <... prctl resumed>) = 0 [pid 5918] <... write resumed>) = 524288 [pid 5916] exit_group(0 [pid 5920] setpgid(0, 0 [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5916] <... exit_group resumed>) = ? [pid 5830] <... restart_syscall resumed>) = 0 [pid 5920] <... setpgid resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5916] +++ exited with 0 +++ [pid 5830] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5920] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] getdents64(3, [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] write(3, "1000", 4 [pid 5918] munmap(0x7ff1eb400000, 138412032executing program [pid 5920] <... write resumed>) = 4 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5920] write(1, "executing program\n", 18 [pid 5831] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5920] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5920] <... memfd_create resumed>) = 3 [pid 5918] <... munmap resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5919] <... write resumed>) = 524288 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] munmap(0x7ff1eb400000, 138412032 [pid 5918] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5919] <... munmap resumed>) = 0 [pid 5918] <... openat resumed>) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3 [pid 5830] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5919] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./15/file1") = 0 [pid 5830] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./15/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] rmdir("./15") = 0 [pid 5830] mkdir("./16", 0777 [pid 5918] <... ioctl resumed>) = 0 [pid 5831] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5918] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5918] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./13/file1", [pid 5830] <... openat resumed>) = 3 [pid 5918] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5918] <... close resumed>) = 0 [pid 5831] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5920] <... write resumed>) = 524288 [pid 5918] mkdir("./file1", 0777 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... ioctl resumed>) = 0 [pid 5920] munmap(0x7ff1eb400000, 138412032 [pid 5919] <... ioctl resumed>) = 0 [pid 5918] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5920] <... munmap resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] close(3 [pid 5831] newfstatat(4, "", [pid 5830] <... close resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5919] close(3 [pid 5918] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5920] <... openat resumed>) = 4 [pid 5919] <... close resumed>) = 0 [ 97.847564][ T5918] loop1: detected capacity change from 0 to 1024 [ 97.857550][ T5919] loop0: detected capacity change from 0 to 1024 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5920] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5921 attached [pid 5919] close(4 [pid 5831] getdents64(4, [pid 5921] set_robust_list(0x5555934ed660, 24 [pid 5919] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5921 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5919] mkdir("./file1", 0777 [pid 5831] getdents64(4, [pid 5921] chdir("./16" [pid 5919] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5921] <... chdir resumed>) = 0 [pid 5919] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] rmdir("./13/file1" [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... rmdir resumed>) = 0 [pid 5921] <... prctl resumed>) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5920] <... ioctl resumed>) = 0 [pid 5831] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5920] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5921] <... openat resumed>) = 3 [pid 5920] <... close resumed>) = 0 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5831] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5920] close(4 [pid 5921] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5921] <... symlink resumed>) = 0 [pid 5920] <... close resumed>) = 0 [pid 5918] <... mount resumed>) = 0 [pid 5831] unlink("./13/binderfs" [pid 5920] mkdir("./file1", 0777 [pid 5831] <... unlink resumed>) = 0 [pid 5921] write(1, "executing program\n", 18 [pid 5920] <... mkdir resumed>) = 0 [pid 5919] <... mount resumed>) = 0 [pid 5918] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] getdents64(3, executing program [pid 5920] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5919] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5918] <... openat resumed>) = 3 [pid 5921] <... write resumed>) = 18 [pid 5921] memfd_create("syzkaller", 0 [pid 5918] chdir("./file1" [pid 5919] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5919] chdir("./file1" [pid 5918] <... chdir resumed>) = 0 [pid 5831] close(3 [pid 5921] <... memfd_create resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5919] <... chdir resumed>) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] rmdir("./13" [pid 5921] <... mmap resumed>) = 0x7ff1eb400000 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5918] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... rmdir resumed>) = 0 [pid 5919] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5918] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] mkdir("./14", 0777) = 0 [pid 5919] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5920] <... mount resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5920] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... ioctl resumed>) = 0 [ 97.900590][ T5920] loop4: detected capacity change from 0 to 1024 [pid 5920] <... openat resumed>) = 3 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached [pid 5920] chdir("./file1" [pid 5922] set_robust_list(0x5555934ed660, 24 [pid 5920] <... chdir resumed>) = 0 [pid 5919] <... link resumed>) = 0 [pid 5918] <... link resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5919] sync( [pid 5918] sync( [pid 5920] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5922 [pid 5922] <... set_robust_list resumed>) = 0 [pid 5922] chdir("./14" [pid 5920] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5922] <... chdir resumed>) = 0 [pid 5921] <... write resumed>) = 524288 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0 [pid 5921] munmap(0x7ff1eb400000, 138412032 [pid 5922] <... setpgid resumed>) = 0 [pid 5921] <... munmap resumed>) = 0 [pid 5920] <... link resumed>) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5920] sync( [pid 5922] <... openat resumed>) = 3 [pid 5921] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5922] write(3, "1000", 4 [pid 5919] <... sync resumed>) = 0 [pid 5922] <... write resumed>) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5922] close(3 [pid 5921] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5922] <... close resumed>) = 0 [pid 5921] ioctl(4, LOOP_CLR_FD [pid 5922] symlink("/dev/binderfs", "./binderfs" [pid 5921] <... ioctl resumed>) = 0 [pid 5922] <... symlink resumed>) = 0 [pid 5919] exit_group(0 [pid 5918] <... sync resumed>) = 0 [pid 5919] <... exit_group resumed>) = ? [pid 5918] exit_group(0 [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5918] <... exit_group resumed>) = ? [pid 5922] write(1, "executing program\n", 18 [pid 5921] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5919] +++ exited with 0 +++ executing program [pid 5922] <... write resumed>) = 18 [pid 5921] close(4 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5922] memfd_create("syzkaller", 0 [pid 5921] <... close resumed>) = 0 [pid 5918] +++ exited with 0 +++ [pid 5921] close(3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5920] <... sync resumed>) = 0 [pid 5922] <... memfd_create resumed>) = 3 [pid 5920] exit_group(0 [pid 5828] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] <... exit_group resumed>) = ? [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5922] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5920] +++ exited with 0 +++ [pid 5828] <... openat resumed>) = 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5828] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", [pid 5829] newfstatat(3, "", [pid 5921] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5921] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5921] sync( [pid 5832] getdents64(3, [pid 5922] <... write resumed>) = 524288 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5922] munmap(0x7ff1eb400000, 138412032 [pid 5832] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 5922] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5922] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./14/file1", [pid 5829] newfstatat(AT_FDCWD, "./16/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(AT_FDCWD, "./13/file1", [pid 5832] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5922] ioctl(4, LOOP_SET_FD, 3 [pid 5921] <... sync resumed>) = 0 [pid 5921] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... openat resumed>) = 4 [pid 5829] <... openat resumed>) = 4 [pid 5828] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(4, "", [pid 5829] newfstatat(4, "", [pid 5828] <... openat resumed>) = 4 [pid 5921] <... exit_group resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(4, "", [pid 5832] getdents64(4, [pid 5829] getdents64(4, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5828] getdents64(4, [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(4, [pid 5832] close(4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./14/file1" [pid 5829] close(4 [pid 5828] getdents64(4, [pid 5921] +++ exited with 0 +++ [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] rmdir("./16/file1" [pid 5828] close(4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5829] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] rmdir("./13/file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] unlink("./14/binderfs" [pid 5828] <... rmdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5832] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] unlink("./16/binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... unlink resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5922] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5922] close(3 [pid 5832] rmdir("./14" [pid 5830] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] unlink("./13/binderfs" [pid 5830] newfstatat(3, "", [pid 5829] close(3 [pid 5828] <... unlink resumed>) = 0 [pid 5922] <... close resumed>) = 0 [pid 5922] close(4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5830] getdents64(3, [pid 5829] rmdir("./16" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5922] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5922] mkdir("./file1", 0777 [pid 5828] close(3 [pid 5830] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5922] <... mkdir resumed>) = 0 [pid 5832] mkdir("./15", 0777 [pid 5830] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5828] rmdir("./13" [pid 5922] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] unlink("./16/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5828] mkdir("./14", 0777 [pid 5830] rmdir("./16" [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] mkdir("./17", 0777 [pid 5829] mkdir("./17", 0777 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5832] close(3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5923 attached [pid 5830] close(3 [pid 5829] close(3 [ 98.095087][ T5922] loop3: detected capacity change from 0 to 1024 [pid 5828] close(3 [pid 5830] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached ./strace-static-x86_64: Process 5925 attached [pid 5923] set_robust_list(0x5555934ed660, 24 [pid 5829] <... close resumed>) = 0 [pid 5924] set_robust_list(0x5555934ed660, 24 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5923 [pid 5925] set_robust_list(0x5555934ed660, 24 [pid 5923] chdir("./15" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5925 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5924 [pid 5923] <... chdir resumed>) = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5925] <... set_robust_list resumed>) = 0 [pid 5923] <... prctl resumed>) = 0 [pid 5924] <... set_robust_list resumed>) = 0 [pid 5923] setpgid(0, 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5922] <... mount resumed>) = 0 [pid 5925] chdir("./17" [pid 5924] chdir("./14" [pid 5923] <... setpgid resumed>) = 0 [pid 5922] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5924] <... chdir resumed>) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5922] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5926 attached [pid 5925] <... chdir resumed>) = 0 [pid 5923] <... openat resumed>) = 3 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5923] write(3, "1000", 4 [pid 5925] <... prctl resumed>) = 0 [pid 5923] <... write resumed>) = 4 [pid 5926] set_robust_list(0x5555934ed660, 24) = 0 [pid 5923] close(3 [pid 5926] chdir("./17" [pid 5923] <... close resumed>) = 0 [pid 5925] setpgid(0, 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5926 [pid 5925] <... setpgid resumed>) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs" [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5923] <... symlink resumed>) = 0 [pid 5926] <... chdir resumed>) = 0 [pid 5925] <... openat resumed>) = 3 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5923] write(1, "executing program\n", 18 [pid 5926] <... prctl resumed>) = 0 [pid 5925] write(3, "1000", 4 [pid 5923] <... write resumed>) = 18 [pid 5926] setpgid(0, 0 [pid 5925] <... write resumed>) = 4 [pid 5923] memfd_create("syzkaller", 0 [pid 5926] <... setpgid resumed>) = 0 [pid 5925] close(3 [pid 5923] <... memfd_create resumed>) = 3 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5925] <... close resumed>) = 0 [pid 5924] <... prctl resumed>) = 0 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5922] chdir("./file1" [pid 5926] <... openat resumed>) = 3 [pid 5925] symlink("/dev/binderfs", "./binderfs" [pid 5923] <... mmap resumed>) = 0x7ff1eb400000 [pid 5925] <... symlink resumed>) = 0 [pid 5924] setpgid(0, 0 [pid 5922] <... chdir resumed>) = 0 executing program executing program [pid 5924] <... setpgid resumed>) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5926] write(3, "1000", 4 [pid 5925] write(1, "executing program\n", 18 [pid 5926] <... write resumed>) = 4 [pid 5925] <... write resumed>) = 18 [pid 5925] memfd_create("syzkaller", 0 [pid 5922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5926] close(3) = 0 [pid 5925] <... memfd_create resumed>) = 3 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5922] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5926] symlink("/dev/binderfs", "./binderfs" [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] <... symlink resumed>) = 0 [pid 5925] <... mmap resumed>) = 0x7ff1eb400000 [pid 5926] write(1, "executing program\n", 18 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5924] <... openat resumed>) = 3 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5926] <... write resumed>) = 18 [pid 5924] write(3, "1000", 4 [pid 5926] memfd_create("syzkaller", 0 [pid 5924] <... write resumed>) = 4 [pid 5926] <... memfd_create resumed>) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5924] close(3) = 0 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5924] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5922] <... link resumed>) = 0 [pid 5924] write(1, "executing program\n", 18 [pid 5925] <... write resumed>) = 524288 [pid 5926] <... write resumed>) = 524288 [pid 5924] <... write resumed>) = 18 [pid 5923] <... write resumed>) = 524288 [pid 5922] sync( [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5923] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5925] munmap(0x7ff1eb400000, 138412032 [pid 5926] munmap(0x7ff1eb400000, 138412032 [pid 5925] <... munmap resumed>) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5926] <... munmap resumed>) = 0 [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5923] <... openat resumed>) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5925] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5923] ioctl(4, LOOP_CLR_FD [pid 5926] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5925] <... openat resumed>) = 4 [pid 5923] <... ioctl resumed>) = 0 [pid 5926] <... openat resumed>) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3 [pid 5926] ioctl(4, LOOP_SET_FD, 3 [pid 5924] <... write resumed>) = 524288 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5923] close(4 [pid 5925] <... ioctl resumed>) = 0 [pid 5926] <... ioctl resumed>) = 0 [pid 5924] munmap(0x7ff1eb400000, 138412032 [pid 5925] close(3) = 0 [pid 5925] close(4) = 0 [pid 5925] mkdir("./file1", 0777) = 0 [pid 5926] close(3 [pid 5924] <... munmap resumed>) = 0 [pid 5926] <... close resumed>) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5922] <... sync resumed>) = 0 [pid 5926] close(4 [pid 5924] <... openat resumed>) = 4 [pid 5926] <... close resumed>) = 0 [pid 5925] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5924] ioctl(4, LOOP_SET_FD, 3 [pid 5926] mkdir("./file1", 0777) = 0 [ 98.253474][ T5925] loop2: detected capacity change from 0 to 1024 [ 98.264155][ T5926] loop1: detected capacity change from 0 to 1024 [pid 5922] exit_group(0) = ? [pid 5923] <... close resumed>) = 0 [pid 5926] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5922] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5923] close(3 [pid 5831] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", [pid 5923] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5924] <... ioctl resumed>) = 0 [pid 5831] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5923] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5923] sync( [pid 5831] <... umount2 resumed>) = 0 [pid 5926] <... mount resumed>) = 0 [pid 5925] <... mount resumed>) = 0 [pid 5924] close(3 [pid 5831] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5925] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5926] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5925] chdir("./file1" [pid 5924] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./14/file1", [pid 5926] <... openat resumed>) = 3 [pid 5925] <... chdir resumed>) = 0 [pid 5924] close(4 [pid 5926] chdir("./file1" [pid 5925] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5924] <... close resumed>) = 0 [pid 5926] <... chdir resumed>) = 0 [pid 5925] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5924] mkdir("./file1", 0777 [pid 5926] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5925] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5924] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5926] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5924] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 98.331647][ T5924] loop0: detected capacity change from 0 to 1024 [pid 5831] newfstatat(4, "", [pid 5925] <... link resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5925] sync( [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5926] <... link resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./14/file1") = 0 [pid 5831] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5926] sync( [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./14/binderfs") = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./14") = 0 [pid 5924] <... mount resumed>) = 0 [pid 5831] mkdir("./15", 0777 [pid 5924] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./file1" [pid 5923] <... sync resumed>) = 0 [pid 5924] <... chdir resumed>) = 0 [pid 5923] exit_group(0) = ? [pid 5831] <... mkdir resumed>) = 0 [pid 5923] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5925] <... sync resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5832] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5924] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./15/binderfs" [pid 5925] exit_group(0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] close(3 [pid 5925] <... exit_group resumed>) = ? [pid 5926] <... sync resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5926] exit_group(0 [pid 5832] getdents64(3, ./strace-static-x86_64: Process 5927 attached 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5927] set_robust_list(0x5555934ed660, 24 [pid 5832] close(3 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] <... exit_group resumed>) = ? [pid 5832] <... close resumed>) = 0 [pid 5927] chdir("./15" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5927 [pid 5927] <... chdir resumed>) = 0 [pid 5926] +++ exited with 0 +++ [pid 5832] rmdir("./15" [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... rmdir resumed>) = 0 [pid 5927] <... prctl resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5927] setpgid(0, 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5927] <... setpgid resumed>) = 0 [pid 5925] +++ exited with 0 +++ [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5924] <... link resumed>) = 0 [pid 5832] mkdir("./16", 0777 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... restart_syscall resumed>) = 0 [pid 5927] <... openat resumed>) = 3 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5927] write(3, "1000", 4) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5927] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3 [pid 5830] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5927] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5927] symlink("/dev/binderfs", "./binderfs" [pid 5924] sync( [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(3, "", [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5927] <... symlink resumed>) = 0 [pid 5830] getdents64(3, ./strace-static-x86_64: Process 5928 attached 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5927] write(1, "executing program\n", 18 [pid 5830] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] set_robust_list(0x5555934ed660, 24 [pid 5927] <... write resumed>) = 18 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5927] memfd_create("syzkaller", 0 [pid 5928] chdir("./16" [pid 5927] <... memfd_create resumed>) = 3 [pid 5928] <... chdir resumed>) = 0 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5927] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5928 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5928] <... prctl resumed>) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5928] write(1, "executing program\n", 18) = 18 [pid 5928] memfd_create("syzkaller", 0) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5924] <... sync resumed>) = 0 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5924] exit_group(0) = ? [pid 5829] <... umount2 resumed>) = 0 [pid 5924] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5927] <... write resumed>) = 524288 [pid 5829] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5829] newfstatat(4, "", [pid 5828] newfstatat(3, "", [pid 5830] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5927] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(4, [pid 5828] getdents64(3, [pid 5927] <... munmap resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./17/file1", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] getdents64(4, [pid 5828] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(4 [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 5927] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 4 [pid 5829] rmdir("./17/file1" [pid 5830] newfstatat(4, "", [pid 5829] <... rmdir resumed>) = 0 [pid 5927] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5829] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] <... write resumed>) = 524288 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 5829] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] unlink("./17/binderfs" [pid 5830] rmdir("./17/file1" [pid 5829] <... unlink resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5830] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 5829] rmdir("./17" [pid 5928] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./17/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] mkdir("./18", 0777 [pid 5928] <... munmap resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] close(3) = 0 [pid 5928] <... openat resumed>) = 4 [pid 5830] rmdir("./17" [pid 5928] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./14/file1", [pid 5830] mkdir("./18", 0777) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5929 attached [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5929] set_robust_list(0x5555934ed660, 24 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5929 [pid 5929] <... set_robust_list resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5929] chdir("./18" [pid 5927] <... ioctl resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5929] <... chdir resumed>) = 0 [pid 5927] close(3 [pid 5830] close(3 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5927] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5929] <... prctl resumed>) = 0 [pid 5927] close(4 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached [pid 5929] setpgid(0, 0 [pid 5927] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] <... setpgid resumed>) = 0 [pid 5927] mkdir("./file1", 0777 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5927] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5930] set_robust_list(0x5555934ed660, 24 [pid 5929] <... openat resumed>) = 3 [pid 5930] <... set_robust_list resumed>) = 0 [pid 5929] write(3, "1000", 4 [pid 5927] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5930 [pid 5828] <... openat resumed>) = 4 [pid 5930] chdir("./18" [pid 5929] <... write resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 5930] <... chdir resumed>) = 0 [pid 5929] close(3) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] getdents64(4, [pid 5930] <... prctl resumed>) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs" [pid 5930] setpgid(0, 0 [pid 5929] <... symlink resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5930] <... setpgid resumed>) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5929] write(1, "executing program\n", 18 [pid 5828] getdents64(4, executing program 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5929] <... write resumed>) = 18 [pid 5828] close(4 [pid 5930] <... openat resumed>) = 3 [pid 5929] memfd_create("syzkaller", 0 [pid 5928] <... ioctl resumed>) = 0 [pid 5930] write(3, "1000", 4 [pid 5929] <... memfd_create resumed>) = 3 [pid 5928] close(3 [pid 5828] <... close resumed>) = 0 [pid 5930] <... write resumed>) = 4 [pid 5928] <... close resumed>) = 0 [pid 5930] close(3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5928] close(4 [pid 5828] rmdir("./14/file1" [pid 5930] <... close resumed>) = 0 [pid 5929] <... mmap resumed>) = 0x7ff1eb400000 [pid 5928] <... close resumed>) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs" [pid 5928] mkdir("./file1", 0777 [pid 5828] <... rmdir resumed>) = 0 [pid 5930] <... symlink resumed>) = 0 [pid 5928] <... mkdir resumed>) = 0 [pid 5927] <... mount resumed>) = 0 [pid 5828] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5927] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 executing program [pid 5930] write(1, "executing program\n", 18) = 18 [pid 5927] chdir("./file1" [pid 5930] memfd_create("syzkaller", 0 [pid 5927] <... chdir resumed>) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5930] <... memfd_create resumed>) = 3 [pid 5927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5927] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5930] <... mmap resumed>) = 0x7ff1eb400000 [ 98.558390][ T5927] loop3: detected capacity change from 0 to 1024 [ 98.583161][ T5928] loop4: detected capacity change from 0 to 1024 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./14/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./14" [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./15", 0777) = 0 [pid 5927] <... link resumed>) = 0 [pid 5927] sync( [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5930] <... write resumed>) = 524288 [pid 5828] <... openat resumed>) = 3 [pid 5929] <... write resumed>) = 524288 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5929] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5928] <... mount resumed>) = 0 [pid 5828] close(3 [pid 5929] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5928] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] <... close resumed>) = 0 [pid 5929] <... openat resumed>) = 4 [pid 5928] <... openat resumed>) = 3 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5929] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5929] ioctl(4, LOOP_CLR_FD) = 0 [pid 5930] munmap(0x7ff1eb400000, 138412032 [pid 5929] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5931 attached ) = -1 EBUSY (Device or resource busy) [pid 5928] chdir("./file1" [pid 5930] <... munmap resumed>) = 0 [pid 5929] close(4 [pid 5928] <... chdir resumed>) = 0 [pid 5931] set_robust_list(0x5555934ed660, 24 [pid 5928] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5931] <... set_robust_list resumed>) = 0 [pid 5929] <... close resumed>) = 0 [pid 5931] chdir("./15" [pid 5930] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5929] close(3 [pid 5928] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5931] <... chdir resumed>) = 0 [pid 5930] <... openat resumed>) = 4 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5928] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5931 [pid 5931] <... prctl resumed>) = 0 [pid 5930] ioctl(4, LOOP_SET_FD, 3 [pid 5931] setpgid(0, 0 [pid 5930] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5930] ioctl(4, LOOP_CLR_FD [pid 5931] <... setpgid resumed>) = 0 [pid 5930] <... ioctl resumed>) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5930] close(4) = 0 [pid 5930] close(3 [pid 5931] write(3, "1000", 4 [pid 5929] <... close resumed>) = 0 [pid 5931] <... write resumed>) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs" [pid 5929] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5929] sync( [pid 5931] <... symlink resumed>) = 0 executing program [pid 5931] write(1, "executing program\n", 18) = 18 [pid 5931] memfd_create("syzkaller", 0 [pid 5930] <... close resumed>) = 0 [pid 5931] <... memfd_create resumed>) = 3 [pid 5928] <... link resumed>) = 0 [pid 5927] <... sync resumed>) = 0 [pid 5927] exit_group(0 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5930] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5928] sync( [pid 5927] <... exit_group resumed>) = ? [pid 5931] <... mmap resumed>) = 0x7ff1eb400000 [pid 5930] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5927] +++ exited with 0 +++ [pid 5930] sync( [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5931] <... write resumed>) = 524288 [pid 5831] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5928] <... sync resumed>) = 0 [pid 5929] <... sync resumed>) = 0 [pid 5928] exit_group(0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] exit_group(0 [pid 5928] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", [pid 5930] <... sync resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5930] exit_group(0 [pid 5831] getdents64(3, [pid 5930] <... exit_group resumed>) = ? [pid 5929] <... exit_group resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5930] +++ exited with 0 +++ [pid 5931] munmap(0x7ff1eb400000, 138412032 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5929] +++ exited with 0 +++ [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5829] newfstatat(3, "", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5829] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5931] <... munmap resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5829] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] unlink("./18/binderfs" [pid 5829] unlink("./18/binderfs" [pid 5931] <... openat resumed>) = 4 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5931] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] getdents64(3, [pid 5832] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(3, "", [pid 5830] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] rmdir("./18" [pid 5829] getdents64(3, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3 [pid 5830] mkdir("./19", 0777 [pid 5829] <... close resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] rmdir("./18") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] mkdir("./19", 0777 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... mkdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached [pid 5931] <... ioctl resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5933 attached [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5932 [pid 5932] set_robust_list(0x5555934ed660, 24) = 0 [pid 5932] chdir("./19" [pid 5933] set_robust_list(0x5555934ed660, 24 [pid 5932] <... chdir resumed>) = 0 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5933 [pid 5933] chdir("./19" [pid 5932] <... prctl resumed>) = 0 [pid 5932] setpgid(0, 0 [pid 5933] <... chdir resumed>) = 0 [pid 5932] <... setpgid resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... umount2 resumed>) = 0 [pid 5831] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5932] <... openat resumed>) = 3 [pid 5931] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5931] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./15/file1", [pid 5933] <... prctl resumed>) = 0 [pid 5931] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5933] setpgid(0, 0 [pid 5932] write(3, "1000", 4 [pid 5832] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] <... setpgid resumed>) = 0 [pid 5932] <... write resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5932] close(3 [pid 5832] newfstatat(AT_FDCWD, "./16/file1", [pid 5831] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5931] <... close resumed>) = 0 [pid 5933] <... openat resumed>) = 3 [pid 5932] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5933] write(3, "1000", 4 [pid 5932] symlink("/dev/binderfs", "./binderfs" [pid 5931] mkdir("./file1", 0777 [pid 5832] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5933] <... write resumed>) = 4 [pid 5932] <... symlink resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5931] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(4, "", [pid 5832] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 5933] close(3 [pid 5932] write(1, "executing program\n", 18 [pid 5831] getdents64(4, [pid 5933] <... close resumed>) = 0 [pid 5932] <... write resumed>) = 18 [pid 5832] newfstatat(4, "", [pid 5933] symlink("/dev/binderfs", "./binderfs" [pid 5932] memfd_create("syzkaller", 0 [pid 5931] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [ 98.809549][ T5931] loop0: detected capacity change from 0 to 1024 [pid 5933] <... symlink resumed>) = 0 [pid 5932] <... memfd_create resumed>) = 3 [pid 5832] getdents64(4, [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./15/file1") = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5832] getdents64(4, [pid 5932] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] unlink("./15/binderfs" [pid 5933] write(1, "executing program\n", 18) = 18 [pid 5933] memfd_create("syzkaller", 0 [pid 5832] close(4 [pid 5933] <... memfd_create resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] rmdir("./16/file1") = 0 [pid 5831] getdents64(3, [pid 5933] <... mmap resumed>) = 0x7ff1eb400000 [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5931] <... mount resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5931] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5931] <... openat resumed>) = 3 [pid 5831] rmdir("./15" [pid 5832] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5931] chdir("./file1" [pid 5831] <... rmdir resumed>) = 0 [pid 5931] <... chdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] mkdir("./16", 0777 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] unlink("./16/binderfs" [pid 5931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5931] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] close(3) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5933] <... write resumed>) = 524288 [pid 5832] rmdir("./16" [pid 5831] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(3 [pid 5832] mkdir("./17", 0777 [pid 5932] <... write resumed>) = 524288 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5931] <... link resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5931] sync( [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5934 attached ) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5932] munmap(0x7ff1eb400000, 138412032 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached [pid 5934] set_robust_list(0x5555934ed660, 24 [pid 5932] <... munmap resumed>) = 0 [pid 5933] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5935 [pid 5935] set_robust_list(0x5555934ed660, 24 [pid 5932] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5935] <... set_robust_list resumed>) = 0 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5932] <... openat resumed>) = 4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5934 [pid 5935] chdir("./17" [pid 5934] chdir("./16" [pid 5935] <... chdir resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5932] ioctl(4, LOOP_SET_FD, 3 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5934] <... chdir resumed>) = 0 [pid 5933] <... openat resumed>) = 4 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] <... prctl resumed>) = 0 [pid 5933] ioctl(4, LOOP_SET_FD, 3 [pid 5934] setpgid(0, 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3 [pid 5934] <... setpgid resumed>) = 0 [pid 5935] <... close resumed>) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 5935] write(1, "executing program\n", 18 [pid 5931] <... sync resumed>) = 0 [pid 5935] <... write resumed>) = 18 [pid 5934] <... openat resumed>) = 3 [pid 5931] exit_group(0) = ? [pid 5935] memfd_create("syzkaller", 0 [pid 5932] <... ioctl resumed>) = 0 [pid 5935] <... memfd_create resumed>) = 3 [pid 5932] close(3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5932] <... close resumed>) = 0 [pid 5935] <... mmap resumed>) = 0x7ff1eb400000 [pid 5932] close(4 [pid 5934] write(3, "1000", 4 [pid 5932] <... close resumed>) = 0 [pid 5934] <... write resumed>) = 4 [pid 5932] mkdir("./file1", 0777 [pid 5934] close(3 [pid 5932] <... mkdir resumed>) = 0 [pid 5933] <... ioctl resumed>) = 0 [pid 5931] +++ exited with 0 +++ [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5934] <... close resumed>) = 0 [pid 5932] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5934] symlink("/dev/binderfs", "./binderfs" [pid 5933] close(3) = 0 [pid 5933] close(4 [pid 5934] <... symlink resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5933] <... close resumed>) = 0 [pid 5933] mkdir("./file1", 0777) = 0 [ 98.931095][ T5932] loop2: detected capacity change from 0 to 1024 [ 98.946862][ T5933] loop1: detected capacity change from 0 to 1024 [pid 5828] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5933] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5932] <... mount resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] write(1, "executing program\n", 18 executing program [pid 5932] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5935] <... write resumed>) = 524288 [pid 5934] <... write resumed>) = 18 [pid 5932] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5934] memfd_create("syzkaller", 0 [pid 5828] newfstatat(3, "", [pid 5932] chdir("./file1" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5932] <... chdir resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5934] <... memfd_create resumed>) = 3 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... mmap resumed>) = 0x7ff1eb400000 [pid 5934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5932] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5933] <... mount resumed>) = 0 [pid 5932] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5932] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5933] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./file1") = 0 [pid 5935] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [pid 5932] <... link resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5932] sync( [pid 5934] <... write resumed>) = 524288 [pid 5828] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5935] <... ioctl resumed>) = 0 [pid 5933] <... link resumed>) = 0 [pid 5935] close(3 [pid 5933] sync( [pid 5935] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5935] close(4 [pid 5934] munmap(0x7ff1eb400000, 138412032 [pid 5828] newfstatat(AT_FDCWD, "./15/file1", [pid 5935] <... close resumed>) = 0 [pid 5934] <... munmap resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5935] mkdir("./file1", 0777 [pid 5828] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", [pid 5935] <... mkdir resumed>) = 0 [pid 5933] <... sync resumed>) = 0 [pid 5932] <... sync resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5935] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5933] exit_group(0 [pid 5932] exit_group(0 [pid 5934] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5932] <... exit_group resumed>) = ? [pid 5828] getdents64(4, [pid 5934] <... openat resumed>) = 4 [pid 5932] +++ exited with 0 +++ [pid 5934] ioctl(4, LOOP_SET_FD, 3 [pid 5933] <... exit_group resumed>) = ? [ 99.037110][ T5935] loop4: detected capacity change from 0 to 1024 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5933] +++ exited with 0 +++ [pid 5828] getdents64(4, [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5935] <... mount resumed>) = 0 [pid 5830] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5935] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5935] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5935] chdir("./file1" [pid 5830] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5935] <... chdir resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5829] newfstatat(3, "", [pid 5935] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5935] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] getdents64(3, [pid 5829] getdents64(3, [pid 5935] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(4) = 0 [pid 5935] <... link resumed>) = 0 [pid 5935] sync( [pid 5828] rmdir("./15/file1" [pid 5934] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./19/file1", [pid 5828] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] unlink("./15/binderfs" [pid 5934] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... unlink resumed>) = 0 [pid 5934] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(3, [pid 5934] close(4 [pid 5829] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5934] <... close resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./15") = 0 [pid 5934] mkdir("./file1", 0777 [ 99.079823][ T5934] loop3: detected capacity change from 0 to 1024 [pid 5828] mkdir("./16", 0777 [pid 5934] <... mkdir resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5828] <... mkdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] getdents64(4, [pid 5828] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5829] getdents64(4, [pid 5828] <... ioctl resumed>) = 0 [pid 5934] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5829] close(4 [pid 5828] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached , child_tidptr=0x5555934ed650) = 5936 [pid 5936] set_robust_list(0x5555934ed660, 24) = 0 [pid 5936] chdir("./16" [pid 5829] rmdir("./19/file1" [pid 5830] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5936] <... chdir resumed>) = 0 [pid 5829] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5936] <... prctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./19/file1", [pid 5936] setpgid(0, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5936] <... setpgid resumed>) = 0 [pid 5830] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5936] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] unlink("./19/binderfs") = 0 [pid 5829] getdents64(3, [pid 5830] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(4, "", [pid 5829] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 5829] rmdir("./19" [pid 5936] write(3, "1000", 4 [pid 5934] <... mount resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... rmdir resumed>) = 0 [pid 5936] <... write resumed>) = 4 [pid 5934] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(4, [pid 5936] close(3 [pid 5934] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5936] <... close resumed>) = 0 [pid 5830] rmdir("./19/file1" [pid 5934] chdir("./file1" [pid 5830] <... rmdir resumed>) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs" [pid 5934] <... chdir resumed>) = 0 [pid 5936] <... symlink resumed>) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] mkdir("./20", 0777executing program [pid 5934] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5936] write(1, "executing program\n", 18 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... mkdir resumed>) = 0 [pid 5936] <... write resumed>) = 18 [pid 5830] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5936] memfd_create("syzkaller", 0 [pid 5935] <... sync resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5936] <... memfd_create resumed>) = 3 [pid 5935] exit_group(0 [pid 5934] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] <... exit_group resumed>) = ? [pid 5830] unlink("./19/binderfs" [pid 5829] <... openat resumed>) = 3 [pid 5936] <... mmap resumed>) = 0x7ff1eb400000 [pid 5935] +++ exited with 0 +++ [pid 5830] <... unlink resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] getdents64(3, [pid 5829] <... ioctl resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] close(3 [pid 5829] <... close resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555934ed650) = 5937 ./strace-static-x86_64: Process 5937 attached [pid 5830] rmdir("./19") = 0 [pid 5832] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] set_robust_list(0x5555934ed660, 24 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5934] <... link resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5830] mkdir("./20", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5937] chdir("./20" [pid 5936] <... write resumed>) = 524288 [pid 5934] sync( [pid 5832] getdents64(3, [pid 5830] <... mkdir resumed>) = 0 [pid 5937] <... chdir resumed>) = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5937] <... prctl resumed>) = 0 [pid 5937] setpgid(0, 0 [pid 5830] <... openat resumed>) = 3 [pid 5832] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5937] <... setpgid resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] close(3) = 0 [pid 5937] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x5555934ed660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5938 [pid 5936] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5937] write(3, "1000", 4 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5938] <... set_robust_list resumed>) = 0 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5936] ioctl(4, LOOP_CLR_FD) = 0 [pid 5934] <... sync resumed>) = 0 [pid 5938] chdir("./20" [pid 5937] <... write resumed>) = 4 [pid 5934] exit_group(0 [pid 5938] <... chdir resumed>) = 0 [pid 5937] close(3 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5937] <... close resumed>) = 0 [pid 5938] <... prctl resumed>) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs" [pid 5938] setpgid(0, 0 [pid 5934] <... exit_group resumed>) = ? [pid 5938] <... setpgid resumed>) = 0 [pid 5937] <... symlink resumed>) = 0 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5934] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5937] write(1, "executing program\n", 18 [pid 5936] close(4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program ) = 4 [pid 5936] <... close resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5938] <... openat resumed>) = 3 [pid 5937] <... write resumed>) = 18 [pid 5936] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5938] write(3, "1000", 4 [pid 5937] memfd_create("syzkaller", 0 [pid 5936] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5938] <... write resumed>) = 4 [pid 5937] <... memfd_create resumed>) = 3 [pid 5938] close(3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5938] <... close resumed>) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs" [pid 5832] getdents64(4, [pid 5938] <... symlink resumed>) = 0 executing program [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5938] write(1, "executing program\n", 18 [pid 5937] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5938] <... write resumed>) = 18 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5938] memfd_create("syzkaller", 0 [pid 5832] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5938] <... memfd_create resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] rmdir("./17/file1" [pid 5938] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... openat resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5832] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5936] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5936] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5936] sync( [pid 5832] unlink("./17/binderfs") = 0 [pid 5831] getdents64(3, [pid 5832] getdents64(3, [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./17" [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./18", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached [pid 5939] set_robust_list(0x5555934ed660, 24 [pid 5938] <... write resumed>) = 524288 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5939] chdir("./18" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5939 [pid 5939] <... chdir resumed>) = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5939] write(1, "executing program\n", 18) = 18 [pid 5939] memfd_create("syzkaller", 0) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5937] <... write resumed>) = 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 5938] munmap(0x7ff1eb400000, 138412032 [pid 5937] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5936] <... sync resumed>) = 0 [pid 5937] <... munmap resumed>) = 0 [pid 5936] exit_group(0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5938] <... munmap resumed>) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5936] <... exit_group resumed>) = ? [pid 5831] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5937] <... openat resumed>) = 4 [pid 5831] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5938] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5937] ioctl(4, LOOP_SET_FD, 3 [pid 5936] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5939] <... write resumed>) = 524288 [pid 5938] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5938] ioctl(4, LOOP_SET_FD, 3 [pid 5831] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] munmap(0x7ff1eb400000, 138412032 [pid 5937] <... ioctl resumed>) = 0 [pid 5831] getdents64(4, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5831] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./16/binderfs" [pid 5831] <... close resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] rmdir("./16/file1" [pid 5828] getdents64(3, [pid 5939] <... munmap resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5937] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] close(3 [pid 5939] <... openat resumed>) = 4 [pid 5937] <... close resumed>) = 0 [pid 5831] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5939] ioctl(4, LOOP_SET_FD, 3 [pid 5937] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./16" [pid 5937] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5828] <... rmdir resumed>) = 0 [ 99.377057][ T5937] loop1: detected capacity change from 0 to 1024 [pid 5937] mkdir("./file1", 0777 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] mkdir("./17", 0777 [pid 5937] <... mkdir resumed>) = 0 [pid 5831] unlink("./16/binderfs" [pid 5828] <... mkdir resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5937] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3 [pid 5831] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached [pid 5939] <... ioctl resumed>) = 0 [pid 5831] rmdir("./16" [pid 5939] close(3 [pid 5937] <... mount resumed>) = 0 [pid 5939] <... close resumed>) = 0 [pid 5938] <... ioctl resumed>) = 0 [pid 5937] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 5937] <... openat resumed>) = 3 [pid 5939] close(4 [pid 5937] chdir("./file1" [pid 5831] mkdir("./17", 0777 [pid 5939] <... close resumed>) = 0 [pid 5937] <... chdir resumed>) = 0 [pid 5938] close(3 [pid 5937] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5940 [pid 5939] mkdir("./file1", 0777 [pid 5940] set_robust_list(0x5555934ed660, 24 [pid 5938] <... close resumed>) = 0 [pid 5940] <... set_robust_list resumed>) = 0 [pid 5938] close(4) = 0 [pid 5938] mkdir("./file1", 0777 [pid 5940] chdir("./17" [pid 5938] <... mkdir resumed>) = 0 [pid 5940] <... chdir resumed>) = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5940] <... prctl resumed>) = 0 [pid 5938] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5939] <... mkdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5940] setpgid(0, 0 [pid 5939] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5937] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5940] <... setpgid resumed>) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5937] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... ioctl resumed>) = 0 [pid 5940] <... openat resumed>) = 3 [pid 5940] write(3, "1000", 4 [pid 5831] close(3 [pid 5940] <... write resumed>) = 4 [pid 5940] close(3) = 0 [ 99.419915][ T5939] loop4: detected capacity change from 0 to 1024 [ 99.429908][ T5938] loop2: detected capacity change from 0 to 1024 executing program [pid 5831] <... close resumed>) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs" [pid 5938] <... mount resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5940] <... symlink resumed>) = 0 [pid 5938] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5940] write(1, "executing program\n", 18 [pid 5938] <... openat resumed>) = 3 [pid 5940] <... write resumed>) = 18 [pid 5938] chdir("./file1"./strace-static-x86_64: Process 5941 attached [pid 5940] memfd_create("syzkaller", 0) = 3 [pid 5938] <... chdir resumed>) = 0 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5938] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5941 [pid 5940] <... mmap resumed>) = 0x7ff1eb400000 [pid 5938] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5938] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5941] set_robust_list(0x5555934ed660, 24) = 0 [pid 5941] chdir("./17" [pid 5937] <... link resumed>) = 0 [pid 5941] <... chdir resumed>) = 0 [pid 5937] sync( [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5940] <... write resumed>) = 524288 [pid 5941] <... openat resumed>) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5939] <... mount resumed>) = 0 [pid 5941] write(1, "executing program\n", 18 [pid 5939] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5941] <... write resumed>) = 18 [pid 5939] <... openat resumed>) = 3 [pid 5939] chdir("./file1" [pid 5941] memfd_create("syzkaller", 0 [pid 5939] <... chdir resumed>) = 0 [pid 5938] <... link resumed>) = 0 [pid 5938] sync( [pid 5940] munmap(0x7ff1eb400000, 138412032 [pid 5941] <... memfd_create resumed>) = 3 [pid 5940] <... munmap resumed>) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5940] ioctl(4, LOOP_SET_FD, 3 [pid 5941] <... mmap resumed>) = 0x7ff1eb400000 [pid 5939] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5937] <... sync resumed>) = 0 [pid 5938] <... sync resumed>) = 0 [pid 5938] exit_group(0 [pid 5941] <... write resumed>) = 524288 [pid 5940] <... ioctl resumed>) = 0 [pid 5938] <... exit_group resumed>) = ? [pid 5937] exit_group(0 [pid 5940] close(3 [pid 5938] +++ exited with 0 +++ [pid 5937] <... exit_group resumed>) = ? [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5940] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5940] close(4 [pid 5830] getdents64(3, [pid 5940] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5940] mkdir("./file1", 0777 [pid 5939] <... link resumed>) = 0 [pid 5937] +++ exited with 0 +++ [pid 5941] munmap(0x7ff1eb400000, 138412032 [ 99.533684][ T5940] loop0: detected capacity change from 0 to 1024 [pid 5830] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5941] <... munmap resumed>) = 0 [pid 5940] <... mkdir resumed>) = 0 [pid 5939] sync( [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5941] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5940] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5941] ioctl(4, LOOP_SET_FD, 3 [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(3, "", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5941] <... ioctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./20/file1", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] getdents64(3, [pid 5941] close(3 [pid 5830] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5941] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5941] close(4 [pid 5830] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5941] <... close resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5941] mkdir("./file1", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5941] <... mkdir resumed>) = 0 [pid 5830] getdents64(4, [pid 5941] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5940] <... mount resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./20/file1") = 0 [pid 5830] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5940] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5940] chdir("./file1") = 0 [pid 5830] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5941] <... mount resumed>) = 0 [pid 5940] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] unlink("./20/binderfs") = 0 [pid 5830] getdents64(3, [pid 5941] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5940] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5941] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5829] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./20" [pid 5829] newfstatat(AT_FDCWD, "./20/file1", [pid 5941] chdir("./file1" [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5941] <... chdir resumed>) = 0 [ 99.615197][ T5941] loop3: detected capacity change from 0 to 1024 [pid 5941] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] mkdir("./21", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5941] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5941] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] newfstatat(4, "", [pid 5940] <... link resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5940] sync( [pid 5829] getdents64(4, [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5939] <... sync resumed>) = 0 [pid 5939] exit_group(0) = ? ./strace-static-x86_64: Process 5942 attached [pid 5939] +++ exited with 0 +++ [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5942 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5942] set_robust_list(0x5555934ed660, 24) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] getdents64(4, [pid 5832] <... restart_syscall resumed>) = 0 [pid 5942] chdir("./21" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5942] <... chdir resumed>) = 0 [pid 5829] close(4 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./20/file1" [pid 5942] setpgid(0, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] <... setpgid resumed>) = 0 [pid 5941] <... link resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5832] newfstatat(3, "", [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5941] sync( [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5940] <... sync resumed>) = 0 [pid 5829] unlink("./20/binderfs" [pid 5832] getdents64(3, [pid 5940] exit_group(0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5940] <... exit_group resumed>) = ? [pid 5832] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... unlink resumed>) = 0 [pid 5942] <... openat resumed>) = 3 [pid 5940] +++ exited with 0 +++ [pid 5829] getdents64(3, [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5942] write(3, "1000", 4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5942] <... write resumed>) = 4 [pid 5942] close(3 [pid 5829] close(3 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5942] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs" [pid 5829] rmdir("./20" [pid 5828] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5942] <... symlink resumed>) = 0 [pid 5941] <... sync resumed>) = 0 executing program [pid 5832] <... umount2 resumed>) = 0 [pid 5829] mkdir("./21", 0777 [pid 5828] newfstatat(3, "", [pid 5942] write(1, "executing program\n", 18 [pid 5941] exit_group(0 [pid 5832] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./18/file1", [pid 5942] <... write resumed>) = 18 [pid 5941] <... exit_group resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5832] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./18/file1") = 0 [pid 5828] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] <... memfd_create resumed>) = 3 [pid 5832] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5942] <... mmap resumed>) = 0x7ff1eb400000 [pid 5941] +++ exited with 0 +++ [pid 5832] unlink("./18/binderfs" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5832] <... unlink resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 5942] munmap(0x7ff1eb400000, 138412032 [pid 5832] getdents64(3, [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5831] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3 [pid 5942] <... munmap resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... openat resumed>) = 3 [pid 5828] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./17/file1", ./strace-static-x86_64: Process 5943 attached [pid 5942] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] rmdir("./18" [pid 5831] newfstatat(3, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5943 [pid 5831] getdents64(3, [pid 5943] set_robust_list(0x5555934ed660, 24 [pid 5942] <... openat resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] ioctl(4, LOOP_SET_FD, 3 [pid 5832] mkdir("./19", 0777 [pid 5831] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5828] close(4 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5828] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5828] rmdir("./17/file1" [pid 5943] chdir("./21" [pid 5832] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 5943] <... chdir resumed>) = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... close resumed>) = 0 [pid 5828] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5943] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5944 attached [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./17/binderfs" [pid 5943] setpgid(0, 0 [pid 5828] <... unlink resumed>) = 0 [pid 5944] set_robust_list(0x5555934ed660, 24) = 0 [pid 5944] chdir("./19") = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5943] <... setpgid resumed>) = 0 [pid 5942] <... ioctl resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5944 [pid 5942] close(3 [pid 5944] <... openat resumed>) = 3 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5942] <... close resumed>) = 0 [pid 5943] <... openat resumed>) = 3 [pid 5942] close(4 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] rmdir("./17" [pid 5943] write(3, "1000", 4 [pid 5942] <... close resumed>) = 0 [pid 5831] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... rmdir resumed>) = 0 [pid 5943] <... write resumed>) = 4 [pid 5942] mkdir("./file1", 0777 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5943] close(3 [pid 5944] write(3, "1000", 4 [pid 5943] <... close resumed>) = 0 [pid 5942] <... mkdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./17/file1", [pid 5828] mkdir("./18", 0777 [pid 5942] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5944] <... write resumed>) = 4 [pid 5944] close(3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5943] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs" [ 99.814728][ T5942] loop2: detected capacity change from 0 to 1024 [pid 5828] close(3executing program [pid 5944] <... symlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5943] <... symlink resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5944] write(1, "executing program\n", 18 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... openat resumed>) = 4 [pid 5944] <... write resumed>) = 18 [pid 5943] write(1, "executing program\n", 18 [pid 5831] newfstatat(4, "", ./strace-static-x86_64: Process 5945 attached executing program [pid 5945] set_robust_list(0x5555934ed660, 24 [pid 5944] memfd_create("syzkaller", 0 [pid 5943] <... write resumed>) = 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5945 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] <... memfd_create resumed>) = 3 [pid 5943] memfd_create("syzkaller", 0 [pid 5831] getdents64(4, [pid 5945] chdir("./18" [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5943] <... memfd_create resumed>) = 3 [pid 5942] <... mount resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5945] <... chdir resumed>) = 0 [pid 5944] <... mmap resumed>) = 0x7ff1eb400000 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5942] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] getdents64(4, [pid 5943] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5942] <... openat resumed>) = 3 [pid 5831] close(4 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5945] <... prctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./17/file1" [pid 5945] setpgid(0, 0) = 0 [pid 5942] chdir("./file1" [pid 5831] <... rmdir resumed>) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5942] <... chdir resumed>) = 0 [pid 5831] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5942] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5945] <... openat resumed>) = 3 [pid 5942] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5944] <... write resumed>) = 524288 [pid 5945] write(3, "1000", 4 [pid 5943] <... write resumed>) = 524288 [pid 5942] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5944] munmap(0x7ff1eb400000, 138412032 [pid 5945] <... write resumed>) = 4 [pid 5944] <... munmap resumed>) = 0 [pid 5831] unlink("./17/binderfs" [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5831] <... unlink resumed>) = 0 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs" [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5945] <... symlink resumed>) = 0 [pid 5943] munmap(0x7ff1eb400000, 138412032 [pid 5942] <... link resumed>) = 0 [pid 5831] getdents64(3, [pid 5942] sync( [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5945] write(1, "executing program\n", 18executing program ) = 18 [pid 5943] <... munmap resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5945] memfd_create("syzkaller", 0 [pid 5943] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] rmdir("./17" [pid 5945] <... memfd_create resumed>) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5945] <... mmap resumed>) = 0x7ff1eb400000 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5943] <... openat resumed>) = 4 [pid 5831] mkdir("./18", 0777 [pid 5944] <... ioctl resumed>) = 0 [pid 5943] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... mkdir resumed>) = 0 [pid 5944] close(3) = 0 [pid 5944] close(4) = 0 [pid 5944] mkdir("./file1", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5942] <... sync resumed>) = 0 [pid 5942] exit_group(0 [pid 5831] <... openat resumed>) = 3 [pid 5942] <... exit_group resumed>) = ? [pid 5944] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5942] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5946 attached , child_tidptr=0x5555934ed650) = 5946 [pid 5830] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5945] <... write resumed>) = 524288 [pid 5830] newfstatat(3, "", [pid 5946] set_robust_list(0x5555934ed660, 24) = 0 [pid 5946] chdir("./18" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5946] <... chdir resumed>) = 0 [pid 5830] getdents64(3, [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5946] <... prctl resumed>) = 0 [pid 5946] setpgid(0, 0 [pid 5830] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5946] <... setpgid resumed>) = 0 [pid 5943] <... ioctl resumed>) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5945] munmap(0x7ff1eb400000, 138412032 [pid 5943] <... close resumed>) = 0 [ 99.942781][ T5944] loop4: detected capacity change from 0 to 1024 [ 99.981089][ T5943] loop1: detected capacity change from 0 to 1024 [pid 5946] <... openat resumed>) = 3 [pid 5943] mkdir("./file1", 0777 [pid 5946] write(3, "1000", 4 [pid 5945] <... munmap resumed>) = 0 [pid 5946] <... write resumed>) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5943] <... mkdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 executing program [pid 5945] <... openat resumed>) = 4 [pid 5944] <... mount resumed>) = 0 [pid 5943] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5946] write(1, "executing program\n", 18 [pid 5830] newfstatat(AT_FDCWD, "./21/file1", [pid 5946] <... write resumed>) = 18 [pid 5946] memfd_create("syzkaller", 0 [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5944] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5944] <... openat resumed>) = 3 [pid 5944] chdir("./file1") = 0 [pid 5946] <... memfd_create resumed>) = 3 [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5944] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5946] <... mmap resumed>) = 0x7ff1eb400000 [pid 5944] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5943] <... mount resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5943] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5945] <... ioctl resumed>) = 0 [pid 5943] chdir("./file1" [pid 5830] getdents64(4, [pid 5943] <... chdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5943] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5945] close(3 [pid 5830] getdents64(4, [pid 5945] <... close resumed>) = 0 [pid 5943] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5945] close(4) = 0 [pid 5943] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] close(4 [pid 5946] <... write resumed>) = 524288 [pid 5945] mkdir("./file1", 0777 [pid 5944] <... link resumed>) = 0 [pid 5943] <... link resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./21/file1" [pid 5944] sync( [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5945] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 100.040967][ T5945] loop0: detected capacity change from 0 to 1024 [pid 5830] unlink("./21/binderfs" [pid 5945] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5943] sync( [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 5946] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5946] <... munmap resumed>) = 0 [pid 5830] close(3 [pid 5946] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... close resumed>) = 0 [pid 5946] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] rmdir("./21" [pid 5946] ioctl(4, LOOP_CLR_FD) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./22", 0777 [pid 5946] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5946] close(4) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5946] close(3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5946] <... close resumed>) = 0 [pid 5945] <... mount resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5946] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5945] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... ioctl resumed>) = 0 [pid 5946] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5945] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5946] sync( [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5945] chdir("./file1"./strace-static-x86_64: Process 5947 attached ) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5947 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5947] set_robust_list(0x5555934ed660, 24 [pid 5945] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5947] <... set_robust_list resumed>) = 0 [pid 5945] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5947] chdir("./22") = 0 [pid 5944] <... sync resumed>) = 0 [pid 5943] <... sync resumed>) = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5944] exit_group(0 [pid 5943] exit_group(0 [pid 5947] <... prctl resumed>) = 0 [pid 5944] <... exit_group resumed>) = ? [pid 5943] <... exit_group resumed>) = ? [pid 5944] +++ exited with 0 +++ [pid 5943] +++ exited with 0 +++ [pid 5947] setpgid(0, 0 [pid 5946] <... sync resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5947] <... setpgid resumed>) = 0 [pid 5946] exit_group(0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5946] <... exit_group resumed>) = ? [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5947] <... openat resumed>) = 3 [pid 5946] +++ exited with 0 +++ [pid 5945] <... link resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5945] sync( [pid 5947] write(3, "1000", 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] <... write resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5947] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5947] <... close resumed>) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs" [pid 5832] newfstatat(3, "", [pid 5947] <... symlink resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5947] write(1, "executing program\n", 18 [pid 5831] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 5947] <... write resumed>) = 18 [pid 5831] <... openat resumed>) = 3 [pid 5947] memfd_create("syzkaller", 0 [pid 5831] newfstatat(3, "", [pid 5947] <... memfd_create resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] <... umount2 resumed>) = 0 [pid 5947] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./21/file1", [pid 5831] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./18/binderfs" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", [pid 5831] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(4, [pid 5831] close(3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(4, [pid 5831] rmdir("./18" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./21/file1" [pid 5945] <... sync resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5945] exit_group(0 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5945] <... exit_group resumed>) = ? [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5945] +++ exited with 0 +++ [pid 5831] mkdir("./19", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5947] <... write resumed>) = 524288 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] unlink("./21/binderfs" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5947] munmap(0x7ff1eb400000, 138412032 [pid 5832] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... unlink resumed>) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./19/file1", [pid 5947] <... munmap resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] getdents64(3, [pid 5828] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(3 [pid 5828] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5947] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] rmdir("./21" [pid 5828] newfstatat(3, "", [pid 5947] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5947] ioctl(4, LOOP_SET_FD, 3 [pid 5832] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... openat resumed>) = 4 [pid 5829] mkdir("./22", 0777 [pid 5828] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(4, "", [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] getdents64(4, [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5948 ./strace-static-x86_64: Process 5949 attached ./strace-static-x86_64: Process 5948 attached [pid 5947] <... ioctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5948] set_robust_list(0x5555934ed660, 24 [pid 5832] getdents64(4, [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5949 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5947] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5947] <... close resumed>) = 0 [pid 5948] chdir("./22" [pid 5947] close(4 [pid 5832] <... close resumed>) = 0 [pid 5948] <... chdir resumed>) = 0 [pid 5947] <... close resumed>) = 0 [pid 5832] rmdir("./19/file1" [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5947] mkdir("./file1", 0777 [pid 5949] set_robust_list(0x5555934ed660, 24 [pid 5948] <... prctl resumed>) = 0 [pid 5947] <... mkdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5948] setpgid(0, 0 [pid 5947] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./18/file1", [pid 5948] <... setpgid resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 100.274688][ T5947] loop2: detected capacity change from 0 to 1024 [pid 5949] chdir("./19" [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] unlink("./19/binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5949] <... chdir resumed>) = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5948] <... openat resumed>) = 3 [pid 5832] <... unlink resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5949] <... prctl resumed>) = 0 [pid 5948] write(3, "1000", 4 [pid 5828] <... openat resumed>) = 4 [pid 5948] <... write resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 5832] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(4, [pid 5832] close(3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... close resumed>) = 0 [pid 5828] getdents64(4, [pid 5832] rmdir("./19" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./18/file1" [pid 5832] mkdir("./20", 0777 [pid 5828] <... rmdir resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5828] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5948] close(3 [pid 5828] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5949] setpgid(0, 0 [pid 5948] <... close resumed>) = 0 [pid 5949] <... setpgid resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./18/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] close(3 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... close resumed>) = 0 [pid 5949] <... openat resumed>) = 3 [pid 5948] write(1, "executing program\n", 18 [pid 5832] <... openat resumed>) = 3 [pid 5828] rmdir("./18"executing program [pid 5949] write(3, "1000", 4 [pid 5948] <... write resumed>) = 18 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5828] <... rmdir resumed>) = 0 [pid 5949] <... write resumed>) = 4 [pid 5948] memfd_create("syzkaller", 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5949] close(3 [pid 5948] <... memfd_create resumed>) = 3 [pid 5949] <... close resumed>) = 0 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5949] symlink("/dev/binderfs", "./binderfs" [pid 5948] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached [pid 5828] mkdir("./19", 0777 [pid 5949] <... symlink resumed>) = 0 [pid 5950] set_robust_list(0x5555934ed660, 24 [pid 5949] write(1, "executing program\n", 18executing program [pid 5950] <... set_robust_list resumed>) = 0 [pid 5949] <... write resumed>) = 18 [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5950] chdir("./20" [pid 5949] memfd_create("syzkaller", 0 [pid 5947] <... mount resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5950 [pid 5949] <... memfd_create resumed>) = 3 [pid 5947] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] <... mkdir resumed>) = 0 [pid 5950] <... chdir resumed>) = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5950] <... prctl resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5950] setpgid(0, 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5951 attached [pid 5950] <... setpgid resumed>) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5951] set_robust_list(0x5555934ed660, 24 [pid 5947] <... openat resumed>) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5947] chdir("./file1" [pid 5950] <... openat resumed>) = 3 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5949] <... mmap resumed>) = 0x7ff1eb400000 [pid 5948] <... write resumed>) = 524288 [pid 5947] <... chdir resumed>) = 0 [pid 5951] chdir("./19" [pid 5950] write(3, "1000", 4 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5948] munmap(0x7ff1eb400000, 138412032 [pid 5947] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5951 [pid 5947] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5947] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5948] <... munmap resumed>) = 0 [pid 5950] <... write resumed>) = 4 [pid 5950] close(3 [pid 5951] <... chdir resumed>) = 0 [pid 5950] <... close resumed>) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs" [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5950] <... symlink resumed>) = 0 [pid 5951] <... prctl resumed>) = 0 [pid 5951] setpgid(0, 0 [pid 5950] write(1, "executing program\n", 18executing program [pid 5951] <... setpgid resumed>) = 0 [pid 5950] <... write resumed>) = 18 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5950] memfd_create("syzkaller", 0 [pid 5951] <... openat resumed>) = 3 [pid 5950] <... memfd_create resumed>) = 3 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5951] write(3, "1000", 4 [pid 5950] <... mmap resumed>) = 0x7ff1eb400000 [pid 5951] <... write resumed>) = 4 [pid 5948] <... openat resumed>) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3executing program [pid 5951] close(3 [pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5948] <... ioctl resumed>) = 0 [pid 5951] <... close resumed>) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5951] write(1, "executing program\n", 18) = 18 [pid 5948] close(3 [pid 5947] <... link resumed>) = 0 [pid 5951] memfd_create("syzkaller", 0 [pid 5948] <... close resumed>) = 0 [pid 5947] sync( [pid 5951] <... memfd_create resumed>) = 3 [pid 5948] close(4 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5948] <... close resumed>) = 0 [pid 5948] mkdir("./file1", 0777 [pid 5949] <... write resumed>) = 524288 [pid 5948] <... mkdir resumed>) = 0 [pid 5949] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5948] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5950] <... write resumed>) = 524288 [pid 5947] <... sync resumed>) = 0 [pid 5947] exit_group(0) = ? [pid 5947] +++ exited with 0 +++ [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5949] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5950] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5949] <... openat resumed>) = 4 [pid 5830] <... restart_syscall resumed>) = 0 [ 100.421439][ T5948] loop1: detected capacity change from 0 to 1024 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5950] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5950] ioctl(4, LOOP_SET_FD, 3 [pid 5830] getdents64(3, [pid 5950] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5950] ioctl(4, LOOP_CLR_FD) = 0 [pid 5830] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5951] <... write resumed>) = 524288 [pid 5950] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5950] close(4) = 0 [pid 5950] close(3 [pid 5951] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5948] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5949] <... ioctl resumed>) = 0 [pid 5951] ioctl(4, LOOP_SET_FD, 3 [pid 5950] <... close resumed>) = 0 [pid 5949] close(3 [pid 5948] <... openat resumed>) = 3 [pid 5949] <... close resumed>) = 0 [pid 5948] chdir("./file1" [pid 5949] close(4) = 0 [pid 5948] <... chdir resumed>) = 0 [pid 5830] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] mkdir("./file1", 0777 [pid 5948] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5949] <... mkdir resumed>) = 0 [pid 5948] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5950] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5950] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5830] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5950] sync( [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5948] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5949] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] rmdir("./22/file1") = 0 [pid 5830] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5951] <... ioctl resumed>) = 0 [pid 5948] <... link resumed>) = 0 [pid 5830] unlink("./22/binderfs" [pid 5948] sync( [pid 5830] <... unlink resumed>) = 0 [pid 5951] close(3 [pid 5830] getdents64(3, [pid 5951] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5951] close(4 [pid 5830] <... close resumed>) = 0 [pid 5951] <... close resumed>) = 0 [pid 5949] <... mount resumed>) = 0 [pid 5951] mkdir("./file1", 0777 [pid 5830] rmdir("./22" [pid 5950] <... sync resumed>) = 0 [pid 5949] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5950] exit_group(0) = ? [pid 5949] <... openat resumed>) = 3 [ 100.479205][ T5949] loop3: detected capacity change from 0 to 1024 [ 100.513459][ T5951] loop0: detected capacity change from 0 to 1024 [pid 5950] +++ exited with 0 +++ [pid 5949] chdir("./file1" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5949] <... chdir resumed>) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5951] <... mkdir resumed>) = 0 [pid 5949] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(3, "", [pid 5951] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5949] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] mkdir("./23", 0777 [pid 5832] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] unlink("./20/binderfs" [pid 5830] <... ioctl resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5830] close(3) = 0 [pid 5832] getdents64(3, [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5949] <... link resumed>) = 0 [pid 5832] close(3./strace-static-x86_64: Process 5952 attached [pid 5949] sync( [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./20") = 0 [pid 5952] set_robust_list(0x5555934ed660, 24 [pid 5832] mkdir("./21", 0777 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5952 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5952] chdir("./23") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... openat resumed>) = 3 [pid 5952] <... prctl resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5952] setpgid(0, 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5952] <... setpgid resumed>) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] close(3 [pid 5952] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5952] write(3, "1000", 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5952] <... write resumed>) = 4 ./strace-static-x86_64: Process 5953 attached [pid 5952] close(3) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5952] write(1, "executing program\n", 18) = 18 [pid 5952] memfd_create("syzkaller", 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5953 [pid 5953] set_robust_list(0x5555934ed660, 24 [pid 5952] <... memfd_create resumed>) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5953] chdir("./21") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5951] <... mount resumed>) = 0 [pid 5951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5948] <... sync resumed>) = 0 [pid 5953] <... openat resumed>) = 3 [pid 5951] <... openat resumed>) = 3 [pid 5948] exit_group(0 [pid 5952] <... write resumed>) = 524288 [pid 5951] chdir("./file1") = 0 [pid 5952] munmap(0x7ff1eb400000, 138412032 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5953] write(3, "1000", 4 [pid 5952] <... munmap resumed>) = 0 [pid 5951] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5953] <... write resumed>) = 4 [pid 5948] <... exit_group resumed>) = ? [pid 5951] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5953] close(3 [pid 5948] +++ exited with 0 +++ [pid 5953] <... close resumed>) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5953] symlink("/dev/binderfs", "./binderfs" [pid 5952] <... openat resumed>) = 4 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5953] <... symlink resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5952] ioctl(4, LOOP_SET_FD, 3 [pid 5951] <... link resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5953] write(1, "executing program\n", 18executing program ) = 18 [pid 5951] sync( [pid 5949] <... sync resumed>) = 0 [pid 5953] memfd_create("syzkaller", 0 [pid 5949] exit_group(0 [pid 5829] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 5949] <... exit_group resumed>) = ? [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5949] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5953] <... memfd_create resumed>) = 3 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5952] <... ioctl resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5953] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5952] close(3) = 0 [pid 5952] close(4) = 0 [pid 5952] mkdir("./file1", 0777) = 0 [pid 5953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5952] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] <... umount2 resumed>) = 0 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5829] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] <... write resumed>) = 524288 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./22/file1", [pid 5831] rmdir("./19/file1" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [ 100.693509][ T5952] loop2: detected capacity change from 0 to 1024 [pid 5829] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] munmap(0x7ff1eb400000, 138412032 [pid 5952] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5952] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5952] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 4 [pid 5952] chdir("./file1" [pid 5829] newfstatat(4, "", [pid 5952] <... chdir resumed>) = 0 [pid 5831] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(4, [pid 5952] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5953] <... munmap resumed>) = 0 [pid 5951] <... sync resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5952] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5951] exit_group(0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] getdents64(4, [pid 5951] <... exit_group resumed>) = ? [pid 5831] unlink("./19/binderfs" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5951] +++ exited with 0 +++ [pid 5831] <... unlink resumed>) = 0 [pid 5829] close(4 [pid 5831] getdents64(3, [pid 5829] <... close resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] rmdir("./22/file1" [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5831] <... close resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5953] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./19" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", [pid 5829] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] getdents64(3, [pid 5952] <... link resumed>) = 0 [pid 5829] unlink("./22/binderfs" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5952] sync( [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5828] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] mkdir("./20", 0777) = 0 [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./22" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5829] <... rmdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3 [pid 5829] mkdir("./23", 0777) = 0 [pid 5828] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5954 attached [pid 5952] <... sync resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] getdents64(4, ./strace-static-x86_64: Process 5955 attached [pid 5954] set_robust_list(0x5555934ed660, 24 [pid 5953] <... ioctl resumed>) = 0 [pid 5952] exit_group(0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5954] <... set_robust_list resumed>) = 0 [pid 5953] close(3 [pid 5952] <... exit_group resumed>) = ? [pid 5828] close(4 [pid 5955] set_robust_list(0x5555934ed660, 24 [pid 5954] chdir("./23" [pid 5953] <... close resumed>) = 0 [pid 5952] +++ exited with 0 +++ [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5954 [pid 5828] <... close resumed>) = 0 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5954] <... chdir resumed>) = 0 [pid 5953] close(4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5955 [pid 5828] rmdir("./19/file1" [pid 5955] chdir("./20" [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5953] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] <... rmdir resumed>) = 0 [pid 5954] <... prctl resumed>) = 0 [pid 5953] mkdir("./file1", 0777 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5828] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5954] setpgid(0, 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5955] <... chdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5954] <... setpgid resumed>) = 0 [pid 5955] <... prctl resumed>) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5953] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 100.768312][ T5953] loop4: detected capacity change from 0 to 1024 [pid 5955] setpgid(0, 0 [pid 5954] <... openat resumed>) = 3 [pid 5953] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] unlink("./19/binderfs" [pid 5955] <... setpgid resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5954] write(3, "1000", 4) = 4 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5955] <... openat resumed>) = 3 [pid 5954] close(3 [pid 5828] getdents64(3, [pid 5954] <... close resumed>) = 0 [pid 5830] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5954] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5955] write(3, "1000", 4 [pid 5954] <... symlink resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5953] <... mount resumed>) = 0 [pid 5828] close(3 [pid 5955] <... write resumed>) = 4 [pid 5954] write(1, "executing program\n", 18 [pid 5953] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5955] close(3 [pid 5954] <... write resumed>) = 18 [pid 5954] memfd_create("syzkaller", 0 [pid 5955] <... close resumed>) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs" [pid 5828] rmdir("./19" [pid 5955] <... symlink resumed>) = 0 [pid 5954] <... memfd_create resumed>) = 3 [pid 5953] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5828] mkdir("./20", 0777 [pid 5953] chdir("./file1" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] <... chdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5953] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5953] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 5955] write(1, "executing program\n", 18 [pid 5954] <... mmap resumed>) = 0x7ff1eb400000 [pid 5953] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5955] <... write resumed>) = 18 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached [pid 5955] memfd_create("syzkaller", 0 [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5955] <... memfd_create resumed>) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5956 [pid 5954] <... write resumed>) = 524288 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5956] set_robust_list(0x5555934ed660, 24 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5953] <... link resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5956] <... set_robust_list resumed>) = 0 [pid 5955] <... write resumed>) = 524288 [pid 5953] sync( [pid 5830] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5956] chdir("./20" [pid 5830] <... openat resumed>) = 4 [pid 5956] <... chdir resumed>) = 0 [pid 5954] munmap(0x7ff1eb400000, 138412032 [pid 5830] newfstatat(4, "", [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5954] <... munmap resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5956] <... prctl resumed>) = 0 [pid 5830] getdents64(4, [pid 5956] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5956] <... setpgid resumed>) = 0 [pid 5830] getdents64(4, [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5956] <... openat resumed>) = 3 [pid 5830] close(4 [pid 5956] write(3, "1000", 4 [pid 5954] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5954] <... openat resumed>) = 4 [pid 5830] rmdir("./23/file1" [pid 5954] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5953] <... sync resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5956] <... write resumed>) = 4 [pid 5830] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5956] close(3 [pid 5953] exit_group(0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5956] <... close resumed>) = 0 [pid 5955] munmap(0x7ff1eb400000, 138412032 [pid 5953] <... exit_group resumed>) = ? [pid 5830] unlink("./23/binderfs" [pid 5956] symlink("/dev/binderfs", "./binderfs" [pid 5955] <... munmap resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5956] <... symlink resumed>) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5953] +++ exited with 0 +++ [pid 5830] getdents64(3, [pid 5956] write(1, "executing program\n", 18 [pid 5955] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5956] <... write resumed>) = 18 [pid 5955] ioctl(4, LOOP_SET_FD, 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] close(3 [pid 5956] memfd_create("syzkaller", 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... close resumed>) = 0 [pid 5956] <... memfd_create resumed>) = 3 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] rmdir("./23" [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5956] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] mkdir("./24", 0777 [pid 5956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5832] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] <... openat resumed>) = 3 [pid 5830] <... ioctl resumed>) = 0 [pid 5954] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5832] newfstatat(3, "", [pid 5830] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 100.932214][ T5954] loop1: detected capacity change from 0 to 1024 [ 100.948609][ T5955] loop3: detected capacity change from 0 to 1024 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5954] close(3 [pid 5832] getdents64(3, [pid 5954] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5957 attached [pid 5954] close(4 [pid 5832] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5954] <... close resumed>) = 0 [pid 5954] mkdir("./file1", 0777) = 0 [pid 5957] set_robust_list(0x5555934ed660, 24) = 0 [pid 5954] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5957] chdir("./24" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5957 [pid 5955] <... ioctl resumed>) = 0 [pid 5957] <... chdir resumed>) = 0 [pid 5955] close(3 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5955] <... close resumed>) = 0 [pid 5957] <... prctl resumed>) = 0 [pid 5955] close(4 [pid 5957] setpgid(0, 0 [pid 5955] <... close resumed>) = 0 [pid 5957] <... setpgid resumed>) = 0 [pid 5955] mkdir("./file1", 0777) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5955] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5957] write(1, "executing program\n", 18) = 18 [pid 5957] memfd_create("syzkaller", 0 [pid 5956] <... write resumed>) = 524288 [pid 5957] <... memfd_create resumed>) = 3 [pid 5956] munmap(0x7ff1eb400000, 138412032 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5956] <... munmap resumed>) = 0 [pid 5957] <... mmap resumed>) = 0x7ff1eb400000 [pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] <... umount2 resumed>) = 0 [pid 5956] ioctl(4, LOOP_SET_FD, 3 [pid 5954] <... mount resumed>) = 0 [pid 5832] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5955] <... mount resumed>) = 0 [pid 5832] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5957] <... write resumed>) = 524288 [pid 5955] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5954] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5955] <... openat resumed>) = 3 [pid 5954] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5954] chdir("./file1") = 0 [pid 5955] chdir("./file1" [pid 5954] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] newfstatat(4, "", [pid 5955] <... chdir resumed>) = 0 [pid 5954] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5954] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] getdents64(4, [pid 5955] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./21/file1") = 0 [pid 5832] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5957] munmap(0x7ff1eb400000, 138412032 [pid 5956] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5956] close(3 [pid 5832] unlink("./21/binderfs" [pid 5956] <... close resumed>) = 0 [pid 5956] close(4 [pid 5832] <... unlink resumed>) = 0 [pid 5957] <... munmap resumed>) = 0 [pid 5956] <... close resumed>) = 0 [pid 5955] <... link resumed>) = 0 [pid 5832] getdents64(3, [pid 5954] <... link resumed>) = 0 [pid 5956] mkdir("./file1", 0777 [pid 5955] sync( [pid 5956] <... mkdir resumed>) = 0 [pid 5954] sync( [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [ 101.020891][ T5956] loop0: detected capacity change from 0 to 1024 [pid 5957] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3 [pid 5832] close(3 [pid 5956] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./21") = 0 [pid 5832] mkdir("./22", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5958 attached [pid 5958] set_robust_list(0x5555934ed660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5958 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5957] <... ioctl resumed>) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./file1", 0777) = 0 [pid 5957] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5958] chdir("./22") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 101.084593][ T5957] loop2: detected capacity change from 0 to 1024 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5956] <... mount resumed>) = 0 [pid 5956] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5958] <... openat resumed>) = 3 [pid 5956] chdir("./file1" [pid 5958] write(3, "1000", 4 [pid 5956] <... chdir resumed>) = 0 [pid 5958] <... write resumed>) = 4 [pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5958] close(3) = 0 [pid 5956] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5957] <... mount resumed>) = 0 [pid 5956] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5958] symlink("/dev/binderfs", "./binderfs" [pid 5957] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 executing program [pid 5958] <... symlink resumed>) = 0 [pid 5957] chdir("./file1" [pid 5958] write(1, "executing program\n", 18) = 18 [pid 5957] <... chdir resumed>) = 0 [pid 5958] memfd_create("syzkaller", 0 [pid 5957] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5958] <... memfd_create resumed>) = 3 [pid 5957] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5956] <... link resumed>) = 0 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5957] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5956] sync( [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5957] <... link resumed>) = 0 [pid 5957] sync( [pid 5958] <... write resumed>) = 524288 [pid 5955] <... sync resumed>) = 0 [pid 5954] <... sync resumed>) = 0 [pid 5955] exit_group(0 [pid 5954] exit_group(0) = ? [pid 5955] <... exit_group resumed>) = ? [pid 5954] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5955] +++ exited with 0 +++ [pid 5829] <... restart_syscall resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5958] munmap(0x7ff1eb400000, 138412032 [pid 5829] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] <... munmap resumed>) = 0 [pid 5831] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5956] <... sync resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5829] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5829] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5956] exit_group(0 [pid 5831] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5956] <... exit_group resumed>) = ? [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5958] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5957] <... sync resumed>) = 0 [pid 5956] +++ exited with 0 +++ [pid 5829] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5958] <... openat resumed>) = 4 [pid 5957] exit_group(0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5958] ioctl(4, LOOP_SET_FD, 3 [pid 5957] <... exit_group resumed>) = ? [pid 5828] <... restart_syscall resumed>) = 0 [pid 5957] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5958] <... ioctl resumed>) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] close(3 [pid 5831] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] <... close resumed>) = 0 [pid 5829] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./23/file1", [pid 5828] newfstatat(AT_FDCWD, "./20/file1", [pid 5958] close(4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5958] <... close resumed>) = 0 [pid 5958] mkdir("./file1", 0777 [pid 5829] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5958] <... mkdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./20/file1", [pid 5829] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5958] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 4 [pid 5831] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(4, "", [pid 5828] newfstatat(4, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./20/file1") = 0 [pid 5831] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] getdents64(4, [pid 5831] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] newfstatat(4, "", [pid 5829] close(4 [pid 5958] <... mount resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./23/file1" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5958] chdir("./file1") = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5958] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] getdents64(4, [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5958] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... umount2 resumed>) = 0 [pid 5829] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5958] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 101.257214][ T5958] loop4: detected capacity change from 0 to 1024 [pid 5829] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./23/binderfs" [pid 5828] unlink("./20/binderfs" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] getdents64(3, [pid 5831] getdents64(4, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5828] close(3 [pid 5831] close(4 [pid 5829] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] rmdir("./23" [pid 5828] rmdir("./20" [pid 5831] rmdir("./20/file1" [pid 5830] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./24/file1", [pid 5829] mkdir("./24", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... mkdir resumed>) = 0 [pid 5828] mkdir("./21", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... mkdir resumed>) = 0 [pid 5831] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 5831] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5830] newfstatat(4, "", [pid 5958] <... link resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] getdents64(4, [pid 5958] sync( [pid 5831] unlink("./20/binderfs" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5830] getdents64(4, [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] close(4) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5830] rmdir("./24/file1" [pid 5831] getdents64(3, [pid 5830] <... rmdir resumed>) = 0 [pid 5829] close(3 [pid 5828] close(3 [pid 5830] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5959 attached [pid 5831] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 ./strace-static-x86_64: Process 5960 attached [pid 5831] rmdir("./20" [pid 5830] unlink("./24/binderfs" [pid 5960] set_robust_list(0x5555934ed660, 24 [pid 5959] set_robust_list(0x5555934ed660, 24 [pid 5831] <... rmdir resumed>) = 0 [pid 5960] <... set_robust_list resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5959 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5960 [pid 5830] <... unlink resumed>) = 0 [pid 5960] chdir("./21" [pid 5831] mkdir("./21", 0777 [pid 5960] <... chdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5960] <... prctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5960] setpgid(0, 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5960] <... setpgid resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] close(3 [pid 5960] <... openat resumed>) = 3 [pid 5959] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, [pid 5960] write(3, "1000", 4) = 4 [pid 5960] close(3) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs" [pid 5959] chdir("./24" [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5960] <... symlink resumed>) = 0 [pid 5959] <... chdir resumed>) = 0 [pid 5830] close(3 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... close resumed>) = 0 [pid 5959] <... prctl resumed>) = 0 [pid 5830] rmdir("./24" [pid 5959] setpgid(0, 0executing program [pid 5960] write(1, "executing program\n", 18 [pid 5959] <... setpgid resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5958] <... sync resumed>) = 0 [pid 5830] mkdir("./25", 0777 [pid 5960] <... write resumed>) = 18 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5960] memfd_create("syzkaller", 0 [pid 5958] exit_group(0 [pid 5830] <... mkdir resumed>) = 0 [pid 5960] <... memfd_create resumed>) = 3 [pid 5958] <... exit_group resumed>) = ? [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5960] <... mmap resumed>) = 0x7ff1eb400000 [pid 5958] +++ exited with 0 +++ ./strace-static-x86_64: Process 5961 attached [pid 5959] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5959] write(3, "1000", 4 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... ioctl resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5959] <... write resumed>) = 4 [pid 5830] close(3 [pid 5959] close(3) = 0 [pid 5832] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5961] set_robust_list(0x5555934ed660, 24 [pid 5832] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5961 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5962 [pid 5832] <... openat resumed>) = 3 executing program ./strace-static-x86_64: Process 5962 attached [pid 5961] chdir("./21" [pid 5959] <... symlink resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5959] write(1, "executing program\n", 18 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5959] <... write resumed>) = 18 [pid 5962] set_robust_list(0x5555934ed660, 24 [pid 5961] <... chdir resumed>) = 0 [pid 5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5959] memfd_create("syzkaller", 0 [pid 5832] getdents64(3, [pid 5962] <... set_robust_list resumed>) = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5959] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5962] chdir("./25" [pid 5961] <... prctl resumed>) = 0 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5961] setpgid(0, 0 [pid 5959] <... mmap resumed>) = 0x7ff1eb400000 [pid 5961] <... setpgid resumed>) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5962] <... chdir resumed>) = 0 [pid 5961] <... openat resumed>) = 3 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5961] write(3, "1000", 4 [pid 5962] <... prctl resumed>) = 0 [pid 5961] <... write resumed>) = 4 [pid 5962] setpgid(0, 0 [pid 5961] close(3 [pid 5962] <... setpgid resumed>) = 0 [pid 5961] <... close resumed>) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5961] symlink("/dev/binderfs", "./binderfs" [pid 5962] <... openat resumed>) = 3 [pid 5961] <... symlink resumed>) = 0 [pid 5959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5962] write(3, "1000", 4 [pid 5961] write(1, "executing program\n", 18 [pid 5960] <... write resumed>) = 524288 executing program [pid 5961] <... write resumed>) = 18 [pid 5962] <... write resumed>) = 4 [pid 5961] memfd_create("syzkaller", 0 [pid 5962] close(3 [pid 5961] <... memfd_create resumed>) = 3 [pid 5962] <... close resumed>) = 0 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5962] symlink("/dev/binderfs", "./binderfs" [pid 5961] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... umount2 resumed>) = 0 [pid 5962] <... symlink resumed>) = 0 [pid 5959] <... write resumed>) = 524288 executing program [pid 5962] write(1, "executing program\n", 18 [pid 5960] munmap(0x7ff1eb400000, 138412032 [pid 5832] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] <... write resumed>) = 18 [pid 5960] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5962] memfd_create("syzkaller", 0 [pid 5832] newfstatat(AT_FDCWD, "./22/file1", [pid 5962] <... memfd_create resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] <... mmap resumed>) = 0x7ff1eb400000 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5960] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5960] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... openat resumed>) = 4 [pid 5960] <... ioctl resumed>) = 0 [pid 5959] munmap(0x7ff1eb400000, 138412032 [pid 5832] newfstatat(4, "", [pid 5961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5961] <... write resumed>) = 524288 [pid 5959] <... munmap resumed>) = 0 [pid 5832] getdents64(4, [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./22/file1") = 0 [pid 5962] <... write resumed>) = 524288 [pid 5959] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5959] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5959] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5959] ioctl(4, LOOP_CLR_FD) = 0 [pid 5832] unlink("./22/binderfs") = 0 [pid 5961] munmap(0x7ff1eb400000, 138412032 [pid 5832] getdents64(3, [pid 5961] <... munmap resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./22" [pid 5959] ioctl(4, LOOP_SET_FD, 3 [pid 5960] close(3 [pid 5959] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... rmdir resumed>) = 0 [pid 5959] close(4 [pid 5960] <... close resumed>) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5960] close(4 [pid 5961] <... openat resumed>) = 4 [pid 5960] <... close resumed>) = 0 [pid 5959] <... close resumed>) = 0 [pid 5832] mkdir("./23", 0777 [pid 5959] close(3 [pid 5960] mkdir("./file1", 0777 [pid 5961] ioctl(4, LOOP_SET_FD, 3 [pid 5960] <... mkdir resumed>) = 0 [ 101.452349][ T5960] loop0: detected capacity change from 0 to 1024 [pid 5962] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... mkdir resumed>) = 0 [pid 5962] <... munmap resumed>) = 0 [pid 5960] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5959] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5962] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5959] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5962] <... openat resumed>) = 4 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5959] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5832] close(3) = 0 [pid 5962] ioctl(4, LOOP_SET_FD, 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5959] sync(./strace-static-x86_64: Process 5963 attached [pid 5963] set_robust_list(0x5555934ed660, 24) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5963 [pid 5963] chdir("./23") = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5963] write(3, "1000", 4) = 4 [pid 5963] close(3executing program ) = 0 [pid 5963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5963] write(1, "executing program\n", 18 [pid 5961] <... ioctl resumed>) = 0 [pid 5963] <... write resumed>) = 18 [pid 5961] close(3 [pid 5963] memfd_create("syzkaller", 0 [pid 5961] <... close resumed>) = 0 [pid 5961] close(4) = 0 [pid 5963] <... memfd_create resumed>) = 3 [pid 5961] mkdir("./file1", 0777 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5961] <... mkdir resumed>) = 0 [pid 5963] <... mmap resumed>) = 0x7ff1eb400000 [pid 5962] <... ioctl resumed>) = 0 [pid 5961] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5962] close(3) = 0 [pid 5962] close(4) = 0 [pid 5962] mkdir("./file1", 0777) = 0 [pid 5962] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5960] <... mount resumed>) = 0 [pid 5960] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./file1") = 0 [ 101.506100][ T5961] loop3: detected capacity change from 0 to 1024 [ 101.525229][ T5962] loop2: detected capacity change from 0 to 1024 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5960] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5963] <... write resumed>) = 524288 [pid 5962] <... mount resumed>) = 0 [pid 5961] <... mount resumed>) = 0 [pid 5960] <... link resumed>) = 0 [pid 5962] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5963] munmap(0x7ff1eb400000, 138412032 [pid 5962] <... openat resumed>) = 3 [pid 5961] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5960] sync( [pid 5963] <... munmap resumed>) = 0 [pid 5962] chdir("./file1" [pid 5961] <... openat resumed>) = 3 [pid 5962] <... chdir resumed>) = 0 [pid 5961] chdir("./file1" [pid 5962] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5961] <... chdir resumed>) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5962] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5961] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5963] <... openat resumed>) = 4 [pid 5962] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5961] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5963] ioctl(4, LOOP_SET_FD, 3 [pid 5961] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5963] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5963] ioctl(4, LOOP_CLR_FD) = 0 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5963] close(4) = 0 [pid 5963] close(3 [pid 5959] <... sync resumed>) = 0 [pid 5959] exit_group(0 [pid 5960] <... sync resumed>) = 0 [pid 5960] exit_group(0 [pid 5959] <... exit_group resumed>) = ? [pid 5962] <... link resumed>) = 0 [pid 5960] <... exit_group resumed>) = ? [pid 5962] sync( [pid 5960] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5961] <... link resumed>) = 0 [pid 5959] +++ exited with 0 +++ [pid 5961] sync( [pid 5963] <... close resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5963] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5963] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5963] sync( [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(3, "", [pid 5828] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 5828] newfstatat(3, "", [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 5829] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] unlink("./24/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./24") = 0 [pid 5829] mkdir("./25", 0777 [pid 5828] <... umount2 resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] getdents64(4, [pid 5829] close(3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] close(4) = 0 [pid 5963] <... sync resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5963] exit_group(0) = ? [pid 5963] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] rmdir("./21/file1" [pid 5962] <... sync resumed>) = 0 [pid 5961] <... sync resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5964 attached [pid 5962] exit_group(0 [pid 5964] set_robust_list(0x5555934ed660, 24 [pid 5961] exit_group(0 [pid 5962] <... exit_group resumed>) = ? [pid 5961] <... exit_group resumed>) = ? [pid 5964] <... set_robust_list resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5964] chdir("./25" [pid 5832] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5964] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5964] <... prctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 5964] setpgid(0, 0 [pid 5832] newfstatat(3, "", [pid 5964] <... setpgid resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5961] +++ exited with 0 +++ [pid 5964] <... openat resumed>) = 3 [pid 5962] +++ exited with 0 +++ [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5964 [pid 5828] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5964] write(3, "1000", 4 [pid 5832] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5964] <... write resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5828] unlink("./21/binderfs" [pid 5964] close(3 [pid 5832] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5964] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5964] symlink("/dev/binderfs", "./binderfs" [pid 5832] unlink("./23/binderfs" [pid 5964] <... symlink resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5964] write(1, "executing program\n", 18executing program [pid 5832] getdents64(3, [pid 5830] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5964] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5964] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5828] close(3 [pid 5830] newfstatat(3, "", [pid 5964] <... memfd_create resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5830] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] rmdir("./21" [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... rmdir resumed>) = 0 [pid 5964] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] mkdir("./22", 0777) = 0 [pid 5832] close(3 [pid 5831] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] rmdir("./23" [pid 5828] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached [pid 5832] mkdir("./24", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./25/file1", [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5965 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5965] set_robust_list(0x5555934ed660, 24 [pid 5964] <... write resumed>) = 524288 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... openat resumed>) = 4 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5832] close(3 [pid 5830] newfstatat(4, "", [pid 5965] chdir("./22" [pid 5832] <... close resumed>) = 0 [pid 5965] <... chdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5965] <... prctl resumed>) = 0 [pid 5830] getdents64(4, [pid 5965] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5966 attached [pid 5965] <... setpgid resumed>) = 0 [pid 5830] getdents64(4, [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5966 [pid 5965] <... write resumed>) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5965] write(1, "executing program\n", 18) = 18 [pid 5965] memfd_create("syzkaller", 0 [pid 5964] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5965] <... memfd_create resumed>) = 3 [pid 5964] <... munmap resumed>) = 0 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5966] set_robust_list(0x5555934ed660, 24 [pid 5830] close(4 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5964] ioctl(4, LOOP_SET_FD, 3 [pid 5966] chdir("./24" [pid 5830] rmdir("./25/file1" [pid 5966] <... chdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5966] <... prctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5966] setpgid(0, 0 [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5966] <... setpgid resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] unlink("./25/binderfs" [pid 5831] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5966] <... openat resumed>) = 3 [pid 5966] write(3, "1000", 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 5966] <... write resumed>) = 4 [pid 5831] newfstatat(AT_FDCWD, "./21/file1", [pid 5966] close(3 [pid 5830] getdents64(3, [pid 5966] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3executing program [pid 5966] <... symlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5966] write(1, "executing program\n", 18 [pid 5831] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] rmdir("./25" [pid 5966] <... write resumed>) = 18 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5966] memfd_create("syzkaller", 0 [pid 5830] mkdir("./26", 0777 [pid 5966] <... memfd_create resumed>) = 3 [pid 5964] <... ioctl resumed>) = 0 [pid 5964] close(3) = 0 [pid 5964] close(4 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5965] <... write resumed>) = 524288 [pid 5964] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5964] mkdir("./file1", 0777 [pid 5831] getdents64(4, [pid 5966] <... mmap resumed>) = 0x7ff1eb400000 [pid 5964] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5965] munmap(0x7ff1eb400000, 138412032 [pid 5964] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5965] <... munmap resumed>) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] close(4 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] rmdir("./21/file1" [pid 5965] <... openat resumed>) = 4 [pid 5830] ioctl(3, LOOP_CLR_FD [ 101.812135][ T5964] loop1: detected capacity change from 0 to 1024 [pid 5965] ioctl(4, LOOP_SET_FD, 3 [pid 5964] <... mount resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5964] <... openat resumed>) = 3 [pid 5964] chdir("./file1" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5964] <... chdir resumed>) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5964] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./21/binderfs") = 0 [pid 5831] getdents64(3, [pid 5966] <... write resumed>) = 524288 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./21" [pid 5965] <... ioctl resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5967 [pid 5831] mkdir("./22", 0777 [pid 5965] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 5965] <... close resumed>) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./file1", 0777) = 0 [pid 5964] <... link resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5964] sync( [pid 5831] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5967 attached [pid 5966] munmap(0x7ff1eb400000, 138412032 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5967] set_robust_list(0x5555934ed660, 24 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5966] <... munmap resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5967] chdir("./26" [ 101.855813][ T5965] loop0: detected capacity change from 0 to 1024 [pid 5966] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5965] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5967] <... chdir resumed>) = 0 [pid 5966] <... openat resumed>) = 4 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5966] ioctl(4, LOOP_SET_FD, 3 [pid 5965] <... mount resumed>) = 0 [pid 5965] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file1") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5965] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5967] <... prctl resumed>) = 0 [pid 5967] setpgid(0, 0) = 0 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5966] <... ioctl resumed>) = 0 [pid 5967] <... openat resumed>) = 3 [pid 5966] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5967] write(3, "1000", 4 [pid 5966] <... close resumed>) = 0 [pid 5967] <... write resumed>) = 4 [pid 5966] close(4 [pid 5967] close(3./strace-static-x86_64: Process 5968 attached ) = 0 [pid 5966] <... close resumed>) = 0 [pid 5965] <... link resumed>) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs" [pid 5966] mkdir("./file1", 0777 [pid 5965] sync( [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5968 executing program [pid 5967] <... symlink resumed>) = 0 [pid 5966] <... mkdir resumed>) = 0 [pid 5964] <... sync resumed>) = 0 [pid 5967] write(1, "executing program\n", 18 [pid 5966] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5967] <... write resumed>) = 18 [pid 5964] exit_group(0) = ? [pid 5967] memfd_create("syzkaller", 0 [pid 5964] +++ exited with 0 +++ [pid 5968] set_robust_list(0x5555934ed660, 24 [pid 5967] <... memfd_create resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5968] <... set_robust_list resumed>) = 0 [pid 5967] <... mmap resumed>) = 0x7ff1eb400000 [pid 5968] chdir("./22" [pid 5966] <... mount resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5965] <... sync resumed>) = 0 [pid 5965] exit_group(0 [pid 5829] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5965] <... exit_group resumed>) = ? [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5968] <... chdir resumed>) = 0 [pid 5967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5966] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5965] +++ exited with 0 +++ [pid 5829] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... openat resumed>) = 3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] newfstatat(3, "", [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5968] <... prctl resumed>) = 0 [pid 5966] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5968] setpgid(0, 0 [ 101.908504][ T5966] loop4: detected capacity change from 0 to 1024 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5968] <... setpgid resumed>) = 0 [pid 5966] chdir("./file1" [pid 5828] <... restart_syscall resumed>) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5967] <... write resumed>) = 524288 [pid 5966] <... chdir resumed>) = 0 [pid 5829] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5966] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5968] <... openat resumed>) = 3 [pid 5967] munmap(0x7ff1eb400000, 138412032 [pid 5966] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5968] write(3, "1000", 4 [pid 5966] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5968] <... write resumed>) = 4 [pid 5828] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5968] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5968] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5968] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 5968] <... symlink resumed>) = 0 [pid 5967] <... munmap resumed>) = 0 [pid 5829] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./22/file1"executing program [pid 5968] write(1, "executing program\n", 18 [pid 5967] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... rmdir resumed>) = 0 [pid 5968] <... write resumed>) = 18 [pid 5968] memfd_create("syzkaller", 0 [pid 5967] <... openat resumed>) = 4 [pid 5829] newfstatat(AT_FDCWD, "./25/file1", [pid 5967] ioctl(4, LOOP_SET_FD, 3 [pid 5966] <... link resumed>) = 0 [pid 5966] sync( [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./22/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./22") = 0 [pid 5829] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5968] <... memfd_create resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5968] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] mkdir("./23", 0777 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", [pid 5828] <... mkdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... openat resumed>) = 3 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 5829] <... close resumed>) = 0 [pid 5966] <... sync resumed>) = 0 [pid 5829] rmdir("./25/file1" [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... rmdir resumed>) = 0 [pid 5966] exit_group(0 [pid 5829] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5966] <... exit_group resumed>) = ? [pid 5969] set_robust_list(0x5555934ed660, 24 [pid 5967] <... ioctl resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5969 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5969] chdir("./23") = 0 [pid 5966] +++ exited with 0 +++ [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5969] <... prctl resumed>) = 0 [pid 5829] unlink("./25/binderfs" [pid 5969] setpgid(0, 0 [pid 5829] <... unlink resumed>) = 0 [pid 5969] <... setpgid resumed>) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5967] close(3 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] getdents64(3, [pid 5969] <... openat resumed>) = 3 [pid 5967] <... close resumed>) = 0 [pid 5967] close(4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5967] <... close resumed>) = 0 [pid 5832] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3 [pid 5969] write(3, "1000", 4 [pid 5967] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] <... write resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 5969] close(3 [pid 5967] <... mkdir resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5969] <... close resumed>) = 0 [pid 5967] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] newfstatat(3, "", [pid 5829] rmdir("./25" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5969] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... rmdir resumed>) = 0 [pid 5969] <... symlink resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5969] write(1, "executing program\n", 18executing program [pid 5832] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5969] <... write resumed>) = 18 [pid 5969] memfd_create("syzkaller", 0) = 3 [ 102.013391][ T5967] loop2: detected capacity change from 0 to 1024 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5968] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] mkdir("./26", 0777 [pid 5969] <... mmap resumed>) = 0x7ff1eb400000 [pid 5969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5968] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... mkdir resumed>) = 0 [pid 5968] <... munmap resumed>) = 0 [pid 5832] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5968] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] newfstatat(AT_FDCWD, "./24/file1", [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5968] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5968] ioctl(4, LOOP_SET_FD, 3 [pid 5832] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./24/file1"./strace-static-x86_64: Process 5970 attached ) = 0 [pid 5970] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5970 [pid 5970] <... set_robust_list resumed>) = 0 [pid 5970] chdir("./26" [pid 5967] <... mount resumed>) = 0 [pid 5832] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./24/binderfs" [pid 5970] <... chdir resumed>) = 0 [pid 5969] <... write resumed>) = 524288 [pid 5967] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... unlink resumed>) = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5967] <... openat resumed>) = 3 [pid 5970] setpgid(0, 0 [pid 5967] chdir("./file1" [pid 5970] <... setpgid resumed>) = 0 [pid 5969] munmap(0x7ff1eb400000, 138412032 [pid 5968] <... ioctl resumed>) = 0 [pid 5967] <... chdir resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] close(3 [pid 5967] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 5969] <... munmap resumed>) = 0 [pid 5968] close(3 [pid 5967] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] rmdir("./24" [pid 5967] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5970] <... openat resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./25", 0777 [pid 5970] write(3, "1000", 4 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5968] <... close resumed>) = 0 [pid 5970] <... write resumed>) = 4 [pid 5969] <... openat resumed>) = 4 [pid 5968] close(4 [pid 5832] <... mkdir resumed>) = 0 [ 102.095275][ T5968] loop3: detected capacity change from 0 to 1024 [pid 5970] close(3 [pid 5969] ioctl(4, LOOP_SET_FD, 3 [pid 5968] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5970] <... close resumed>) = 0 [pid 5968] mkdir("./file1", 0777./strace-static-x86_64: Process 5971 attached [pid 5970] symlink("/dev/binderfs", "./binderfs" [pid 5968] <... mkdir resumed>) = 0 [pid 5971] set_robust_list(0x5555934ed660, 24) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5971 [pid 5971] chdir("./25") = 0 [pid 5970] <... symlink resumed>) = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5970] write(1, "executing program\n", 18 [pid 5971] <... prctl resumed>) = 0 executing program [pid 5971] setpgid(0, 0) = 0 [pid 5970] <... write resumed>) = 18 [pid 5967] <... link resumed>) = 0 [pid 5970] memfd_create("syzkaller", 0 [pid 5968] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5970] <... memfd_create resumed>) = 3 [pid 5967] sync( [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5971] write(1, "executing program\n", 18) = 18 [pid 5971] memfd_create("syzkaller", 0) = 3 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5970] <... mmap resumed>) = 0x7ff1eb400000 [pid 5971] <... mmap resumed>) = 0x7ff1eb400000 [pid 5969] <... ioctl resumed>) = 0 [pid 5971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5969] close(3) = 0 [ 102.138226][ T5969] loop0: detected capacity change from 0 to 1024 [pid 5969] close(4) = 0 [pid 5971] <... write resumed>) = 524288 [pid 5971] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5969] mkdir("./file1", 0777 [pid 5968] <... mount resumed>) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5968] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5971] ioctl(4, LOOP_SET_FD, 3 [pid 5968] <... openat resumed>) = 3 [pid 5971] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5970] <... write resumed>) = 524288 [pid 5969] <... mkdir resumed>) = 0 [pid 5968] chdir("./file1" [pid 5969] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5968] <... chdir resumed>) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5971] ioctl(4, LOOP_CLR_FD [pid 5970] munmap(0x7ff1eb400000, 138412032 [pid 5968] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5971] <... ioctl resumed>) = 0 [pid 5970] <... munmap resumed>) = 0 [pid 5968] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5971] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5971] close(4) = 0 [pid 5971] close(3) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5968] <... link resumed>) = 0 [pid 5968] sync( [pid 5970] <... openat resumed>) = 4 [pid 5969] <... mount resumed>) = 0 [pid 5970] ioctl(4, LOOP_SET_FD, 3 [pid 5969] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5969] chdir("./file1") = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5969] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5971] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5971] sync( [pid 5967] <... sync resumed>) = 0 [pid 5971] <... sync resumed>) = 0 [pid 5967] exit_group(0) = ? [pid 5971] exit_group(0) = ? [pid 5971] +++ exited with 0 +++ [pid 5967] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5970] <... ioctl resumed>) = 0 [pid 5968] <... sync resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5970] close(3) = 0 [pid 5968] exit_group(0 [pid 5832] newfstatat(3, "", [pid 5830] newfstatat(3, "", [pid 5970] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5830] getdents64(3, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5970] <... close resumed>) = 0 [pid 5968] <... exit_group resumed>) = ? [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5970] mkdir("./file1", 0777 [pid 5830] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] <... mkdir resumed>) = 0 [pid 5832] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5969] <... link resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] sync( [pid 5832] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./25/binderfs") = 0 [ 102.246800][ T5970] loop1: detected capacity change from 0 to 1024 [pid 5832] getdents64(3, [pid 5970] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... umount2 resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5968] +++ exited with 0 +++ [pid 5832] close(3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./25" [pid 5830] newfstatat(AT_FDCWD, "./26/file1", [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] mkdir("./26", 0777 [pid 5830] <... openat resumed>) = 4 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(4, [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] newfstatat(3, "", [pid 5830] close(4 [pid 5832] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] rmdir("./26/file1" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] <... mount resumed>) = 0 [pid 5970] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5969] <... sync resumed>) = 0 [pid 5830] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] <... openat resumed>) = 3 [pid 5969] exit_group(0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5972 attached [pid 5970] chdir("./file1" [pid 5969] <... exit_group resumed>) = ? [pid 5830] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5970] <... chdir resumed>) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5970] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./26/binderfs" [pid 5972] set_robust_list(0x5555934ed660, 24 [pid 5830] <... unlink resumed>) = 0 [pid 5972] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, [pid 5972] chdir("./26" [pid 5969] +++ exited with 0 +++ [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5972 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] rmdir("./26" [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5972] <... chdir resumed>) = 0 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5972] <... prctl resumed>) = 0 [pid 5972] setpgid(0, 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5972] <... setpgid resumed>) = 0 [pid 5831] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./22/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] mkdir("./27", 0777 [pid 5828] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5972] <... openat resumed>) = 3 [pid 5831] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5972] write(3, "1000", 4 [pid 5970] <... link resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5972] <... write resumed>) = 4 [pid 5970] sync( [pid 5831] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] newfstatat(3, "", [pid 5972] close(3 [pid 5831] <... openat resumed>) = 4 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5972] <... close resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5830] <... openat resumed>) = 3 [pid 5972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] getdents64(3, [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 executing program [pid 5972] write(1, "executing program\n", 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, [pid 5972] <... write resumed>) = 18 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] close(3 [pid 5972] memfd_create("syzkaller", 0 [pid 5831] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5972] <... memfd_create resumed>) = 3 [pid 5831] rmdir("./22/file1" [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5973 attached [pid 5973] set_robust_list(0x5555934ed660, 24 [pid 5972] <... mmap resumed>) = 0x7ff1eb400000 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... rmdir resumed>) = 0 [pid 5973] chdir("./27" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5973 [pid 5828] <... umount2 resumed>) = 0 [pid 5973] <... chdir resumed>) = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5973] setpgid(0, 0 [pid 5831] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5828] newfstatat(AT_FDCWD, "./23/file1", [pid 5970] <... sync resumed>) = 0 [pid 5973] <... setpgid resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5972] <... write resumed>) = 524288 [pid 5970] exit_group(0 [pid 5831] unlink("./22/binderfs" [pid 5828] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5970] <... exit_group resumed>) = ? [pid 5970] +++ exited with 0 +++ [pid 5831] <... unlink resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5973] <... openat resumed>) = 3 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... openat resumed>) = 4 [pid 5973] write(3, "1000", 4) = 4 [pid 5973] close(3 [pid 5828] newfstatat(4, "", [pid 5831] getdents64(3, [pid 5973] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(3 [pid 5828] getdents64(4, [pid 5973] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] rmdir("./22" [pid 5828] getdents64(4, executing program [pid 5973] <... symlink resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5973] write(1, "executing program\n", 18) = 18 [pid 5972] munmap(0x7ff1eb400000, 138412032 [pid 5831] mkdir("./23", 0777 [pid 5828] close(4 [pid 5973] memfd_create("syzkaller", 0 [pid 5972] <... munmap resumed>) = 0 [pid 5973] <... memfd_create resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] rmdir("./23/file1" [pid 5973] <... mmap resumed>) = 0x7ff1eb400000 [pid 5973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5972] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5972] <... openat resumed>) = 4 [pid 5831] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5972] ioctl(4, LOOP_SET_FD, 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./23/binderfs", [pid 5973] <... write resumed>) = 524288 [pid 5831] <... ioctl resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] unlink("./23/binderfs" [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] <... unlink resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] getdents64(3, [pid 5973] munmap(0x7ff1eb400000, 138412032./strace-static-x86_64: Process 5974 attached [pid 5972] <... ioctl resumed>) = 0 [pid 5829] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5974 [pid 5828] rmdir("./23" [pid 5973] <... munmap resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./24", 0777 [pid 5974] set_robust_list(0x5555934ed660, 24 [pid 5973] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5972] close(3 [pid 5974] <... set_robust_list resumed>) = 0 [pid 5973] <... openat resumed>) = 4 [pid 5972] <... close resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5974] chdir("./23" [pid 5973] ioctl(4, LOOP_SET_FD, 3 [pid 5972] close(4 [pid 5974] <... chdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5972] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5974] <... prctl resumed>) = 0 [pid 5972] mkdir("./file1", 0777 [pid 5828] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5974] setpgid(0, 0 [pid 5972] <... mkdir resumed>) = 0 [pid 5828] close(3 [pid 5974] <... setpgid resumed>) = 0 [pid 5972] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5829] newfstatat(AT_FDCWD, "./26/file1", [pid 5974] write(1, "executing program\n", 18 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5974] <... write resumed>) = 18 [pid 5829] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5974] memfd_create("syzkaller", 0) = 3 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5973] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5973] close(3 [pid 5829] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... close resumed>) = 0 [ 102.465576][ T5972] loop4: detected capacity change from 0 to 1024 [ 102.497633][ T5973] loop2: detected capacity change from 0 to 1024 [pid 5973] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5973] close(4) = 0 [pid 5973] mkdir("./file1", 0777) = 0 [pid 5973] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5972] <... mount resumed>) = 0 [pid 5972] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5975 attached ) = 3 [pid 5829] newfstatat(4, "", [pid 5975] set_robust_list(0x5555934ed660, 24) = 0 [pid 5972] chdir("./file1" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5975 [pid 5972] <... chdir resumed>) = 0 [pid 5975] chdir("./24" [pid 5972] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] getdents64(4, [pid 5975] <... chdir resumed>) = 0 [pid 5974] <... write resumed>) = 524288 [pid 5973] <... mount resumed>) = 0 [pid 5972] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5972] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5975] <... prctl resumed>) = 0 [pid 5973] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5975] setpgid(0, 0 [pid 5973] <... openat resumed>) = 3 [pid 5829] close(4 [pid 5973] chdir("./file1") = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5975] <... setpgid resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./26/file1") = 0 [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5974] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5829] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5975] <... openat resumed>) = 3 [pid 5975] write(3, "1000", 4 [pid 5974] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5975] <... write resumed>) = 4 [pid 5829] unlink("./26/binderfs" [pid 5975] close(3 [pid 5974] <... openat resumed>) = 4 [pid 5972] <... link resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5975] <... close resumed>) = 0 [pid 5974] ioctl(4, LOOP_SET_FD, 3 [pid 5972] sync( [pid 5975] symlink("/dev/binderfs", "./binderfs" [pid 5829] getdents64(3, executing program [pid 5975] <... symlink resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5975] write(1, "executing program\n", 18 [pid 5829] close(3 [pid 5975] <... write resumed>) = 18 [pid 5829] <... close resumed>) = 0 [pid 5975] memfd_create("syzkaller", 0 [pid 5829] rmdir("./26" [pid 5975] <... memfd_create resumed>) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5973] <... link resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5973] sync( [pid 5829] mkdir("./27", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5974] <... ioctl resumed>) = 0 [pid 5974] close(3) = 0 [pid 5974] close(4) = 0 [pid 5974] mkdir("./file1", 0777) = 0 [pid 5974] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5973] <... sync resumed>) = 0 [pid 5972] <... sync resumed>) = 0 [pid 5972] exit_group(0) = ? [pid 5829] <... openat resumed>) = 3 [pid 5973] exit_group(0) = ? [pid 5975] <... write resumed>) = 524288 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5972] +++ exited with 0 +++ [pid 5829] close(3 [pid 5973] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 102.607209][ T5974] loop3: detected capacity change from 0 to 1024 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5974] <... mount resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5975] munmap(0x7ff1eb400000, 138412032 [pid 5974] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5975] <... munmap resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5974] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5976 attached [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5974] chdir("./file1" [pid 5830] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5976] set_robust_list(0x5555934ed660, 24 [pid 5975] <... openat resumed>) = 4 [pid 5974] <... chdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5976 [pid 5976] <... set_robust_list resumed>) = 0 [pid 5975] ioctl(4, LOOP_SET_FD, 3 [pid 5974] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5974] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5976] chdir("./27") = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5832] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] <... link resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./26/file1", [pid 5830] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./27/file1", [pid 5976] <... openat resumed>) = 3 [pid 5975] <... ioctl resumed>) = 0 [pid 5974] sync( [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5975] close(3 [pid 5832] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5975] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5975] close(4) = 0 [pid 5832] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5976] write(3, "1000", 4 [pid 5975] mkdir("./file1", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5975] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", [pid 5976] <... write resumed>) = 4 [pid 5975] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5976] close(3 [pid 5830] getdents64(4, [pid 5976] <... close resumed>) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] newfstatat(4, "", [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5832] getdents64(4, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./27/file1" [pid 5976] write(1, "executing program\n", 18 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./27/binderfs") = 0 executing program [pid 5976] <... write resumed>) = 18 [pid 5830] getdents64(3, [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5976] memfd_create("syzkaller", 0 [pid 5975] <... mount resumed>) = 0 [pid 5832] close(4 [pid 5830] <... close resumed>) = 0 [pid 5975] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./26/file1" [pid 5830] rmdir("./27" [pid 5974] <... sync resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [ 102.698717][ T5975] loop0: detected capacity change from 0 to 1024 [pid 5975] <... openat resumed>) = 3 [pid 5976] <... memfd_create resumed>) = 3 [pid 5975] chdir("./file1" [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5975] <... chdir resumed>) = 0 [pid 5974] exit_group(0) = ? [pid 5976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5974] +++ exited with 0 +++ [pid 5832] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] mkdir("./28", 0777 [pid 5975] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] <... mkdir resumed>) = 0 [pid 5975] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5832] unlink("./26/binderfs" [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached [pid 5977] set_robust_list(0x5555934ed660, 24) = 0 [pid 5977] chdir("./28" [pid 5831] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5977] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5977 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5977] <... prctl resumed>) = 0 [pid 5832] close(3 [pid 5831] getdents64(3, [pid 5977] setpgid(0, 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5977] <... setpgid resumed>) = 0 [pid 5832] rmdir("./26" [pid 5831] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5975] <... link resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5975] sync( [pid 5832] mkdir("./27", 0777 [pid 5977] write(3, "1000", 4 [pid 5832] <... mkdir resumed>) = 0 [pid 5976] <... write resumed>) = 524288 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = 0 [pid 5977] <... write resumed>) = 4 [pid 5977] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5977] <... close resumed>) = 0 [pid 5976] munmap(0x7ff1eb400000, 138412032 [pid 5977] symlink("/dev/binderfs", "./binderfs" [pid 5975] <... sync resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5977] <... symlink resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5976] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5975] exit_group(0 [pid 5832] close(3 [pid 5831] newfstatat(AT_FDCWD, "./23/file1", executing program [pid 5977] write(1, "executing program\n", 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5977] <... write resumed>) = 18 [pid 5831] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5977] memfd_create("syzkaller", 0 [pid 5976] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5975] <... exit_group resumed>) = ? [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5977] <... memfd_create resumed>) = 3 [pid 5831] <... openat resumed>) = 4 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5976] <... openat resumed>) = 4 [pid 5975] +++ exited with 0 +++ [pid 5976] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./23/file1") = 0 [pid 5831] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./23/binderfs" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5978 attached [pid 5977] <... write resumed>) = 524288 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5978] set_robust_list(0x5555934ed660, 24 [pid 5976] <... ioctl resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5978 [pid 5831] <... close resumed>) = 0 [pid 5978] <... set_robust_list resumed>) = 0 [pid 5976] close(3 [pid 5831] rmdir("./23" [pid 5976] <... close resumed>) = 0 [pid 5976] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5978] chdir("./27" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5978] <... chdir resumed>) = 0 [pid 5976] mkdir("./file1", 0777 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... openat resumed>) = 3 [pid 5978] <... prctl resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5976] <... mkdir resumed>) = 0 [pid 5978] setpgid(0, 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5978] <... setpgid resumed>) = 0 [pid 5976] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] mkdir("./24", 0777 [pid 5828] getdents64(3, [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5978] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5977] munmap(0x7ff1eb400000, 138412032 [pid 5978] close(3) = 0 [pid 5976] <... mount resumed>) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5977] <... munmap resumed>) = 0 [pid 5978] write(1, "executing program\n", 18 [pid 5976] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5978] <... write resumed>) = 18 [pid 5978] memfd_create("syzkaller", 0 [pid 5976] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5978] <... memfd_create resumed>) = 3 [pid 5976] chdir("./file1" [pid 5831] <... ioctl resumed>) = 0 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5976] <... chdir resumed>) = 0 [pid 5831] close(3 [pid 5978] <... mmap resumed>) = 0x7ff1eb400000 [pid 5977] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5976] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... close resumed>) = 0 [pid 5977] <... openat resumed>) = 4 [pid 5976] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 102.853341][ T5976] loop1: detected capacity change from 0 to 1024 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5977] ioctl(4, LOOP_SET_FD, 3 [pid 5976] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... umount2 resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5979 ./strace-static-x86_64: Process 5979 attached [pid 5828] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5979] set_robust_list(0x5555934ed660, 24 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./24/file1", [pid 5977] <... ioctl resumed>) = 0 [pid 5979] <... set_robust_list resumed>) = 0 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5976] <... link resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5976] sync( [pid 5828] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5979] chdir("./24") = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5977] close(3 [pid 5979] <... prctl resumed>) = 0 [pid 5977] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5977] close(4) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5979] setpgid(0, 0 [pid 5828] newfstatat(4, "", [pid 5977] mkdir("./file1", 0777 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5977] <... mkdir resumed>) = 0 [pid 5828] getdents64(4, [pid 5979] <... setpgid resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] getdents64(4, [pid 5977] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [ 102.904610][ T5977] loop2: detected capacity change from 0 to 1024 [pid 5828] close(4 [pid 5979] <... openat resumed>) = 3 [pid 5978] <... write resumed>) = 524288 [pid 5828] <... close resumed>) = 0 [pid 5979] write(3, "1000", 4 [pid 5828] rmdir("./24/file1" [pid 5979] <... write resumed>) = 4 [pid 5978] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... rmdir resumed>) = 0 [pid 5979] close(3 [pid 5828] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5979] <... close resumed>) = 0 [pid 5978] <... munmap resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5979] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5979] <... symlink resumed>) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] unlink("./24/binderfs") = 0 executing program [pid 5977] <... mount resumed>) = 0 [pid 5828] getdents64(3, [pid 5976] <... sync resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5979] write(1, "executing program\n", 18) = 18 [pid 5977] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5976] exit_group(0 [pid 5828] <... close resumed>) = 0 [pid 5978] <... openat resumed>) = 4 [pid 5976] <... exit_group resumed>) = ? [pid 5979] memfd_create("syzkaller", 0 [pid 5978] ioctl(4, LOOP_SET_FD, 3 [pid 5977] <... openat resumed>) = 3 [pid 5828] rmdir("./24" [pid 5979] <... memfd_create resumed>) = 3 [pid 5978] <... ioctl resumed>) = 0 [pid 5977] chdir("./file1" [pid 5976] +++ exited with 0 +++ [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5977] <... chdir resumed>) = 0 [pid 5979] <... mmap resumed>) = 0x7ff1eb400000 [pid 5977] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5977] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5977] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... rmdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5978] close(3 [pid 5829] getdents64(3, [pid 5828] mkdir("./25", 0777 [pid 5978] <... close resumed>) = 0 [pid 5978] close(4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... mkdir resumed>) = 0 [pid 5978] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5978] mkdir("./file1", 0777 [pid 5829] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5978] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5978] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5980 attached [pid 5829] newfstatat(AT_FDCWD, "./27/file1", [pid 5980] set_robust_list(0x5555934ed660, 24 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5829] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5980 [pid 5980] chdir("./25" [pid 5977] <... link resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5977] sync( [pid 5829] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5980] <... chdir resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./27/file1") = 0 [pid 5829] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 102.989188][ T5978] loop4: detected capacity change from 0 to 1024 [pid 5980] <... prctl resumed>) = 0 [pid 5829] unlink("./27/binderfs" [pid 5980] setpgid(0, 0 [pid 5979] <... write resumed>) = 524288 [pid 5829] <... unlink resumed>) = 0 [pid 5980] <... setpgid resumed>) = 0 [pid 5979] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5979] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5980] <... openat resumed>) = 3 [pid 5979] ioctl(4, LOOP_SET_FD, 3 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./27" [pid 5980] write(3, "1000", 4) = 4 [pid 5829] <... rmdir resumed>) = 0 [pid 5980] close(3 [pid 5829] mkdir("./28", 0777 [pid 5980] <... close resumed>) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... mkdir resumed>) = 0 executing program [pid 5980] <... symlink resumed>) = 0 [pid 5980] write(1, "executing program\n", 18) = 18 [pid 5980] memfd_create("syzkaller", 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 5980] <... memfd_create resumed>) = 3 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5978] <... mount resumed>) = 0 [pid 5980] <... mmap resumed>) = 0x7ff1eb400000 [pid 5978] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] chdir("./file1") = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5978] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5981 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5981] chdir("./28" [pid 5980] <... write resumed>) = 524288 [pid 5979] <... ioctl resumed>) = 0 [pid 5981] <... chdir resumed>) = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0 [pid 5980] munmap(0x7ff1eb400000, 138412032 [pid 5981] <... setpgid resumed>) = 0 [pid 5980] <... munmap resumed>) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5978] <... link resumed>) = 0 [pid 5980] <... openat resumed>) = 4 [pid 5978] sync( [pid 5981] <... openat resumed>) = 3 [pid 5980] ioctl(4, LOOP_SET_FD, 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5977] <... sync resumed>) = 0 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5979] close(3 [pid 5977] exit_group(0) = ? [pid 5979] <... close resumed>) = 0 [pid 5979] close(4 [pid 5978] <... sync resumed>) = 0 [pid 5977] +++ exited with 0 +++ [pid 5978] exit_group(0) = ? [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5979] <... close resumed>) = 0 [pid 5978] +++ exited with 0 +++ [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5981] <... write resumed>) = 524288 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5979] mkdir("./file1", 0777 [pid 5832] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5980] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5980] close(3 [pid 5830] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(3, "", [pid 5980] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 5830] newfstatat(3, "", [pid 5980] close(4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5980] <... close resumed>) = 0 [pid 5979] <... mkdir resumed>) = 0 [pid 5832] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5980] mkdir("./file1", 0777 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5980] <... mkdir resumed>) = 0 [pid 5830] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5981] munmap(0x7ff1eb400000, 138412032 [pid 5980] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5981] <... munmap resumed>) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3 [ 103.112252][ T5979] loop3: detected capacity change from 0 to 1024 [ 103.137736][ T5980] loop0: detected capacity change from 0 to 1024 [pid 5979] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5980] <... mount resumed>) = 0 [pid 5980] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5980] chdir("./file1") = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... umount2 resumed>) = 0 [pid 5980] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5980] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5979] <... mount resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./28/file1", [pid 5979] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5979] <... openat resumed>) = 3 [pid 5979] chdir("./file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5979] <... chdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5979] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5979] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5980] <... link resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./28/file1") = 0 [pid 5830] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5980] sync( [pid 5830] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5981] <... ioctl resumed>) = 0 [pid 5979] <... link resumed>) = 0 [pid 5981] close(3 [pid 5830] unlink("./28/binderfs" [pid 5981] <... close resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5981] close(4 [pid 5830] getdents64(3, [pid 5981] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5981] mkdir("./file1", 0777 [pid 5830] close(3 [pid 5981] <... mkdir resumed>) = 0 [pid 5979] sync( [pid 5832] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./27/file1", [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./28" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5981] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 103.195037][ T5981] loop1: detected capacity change from 0 to 1024 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 5830] mkdir("./29", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] close(4) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5832] rmdir("./27/file1") = 0 [pid 5832] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./27/binderfs") = 0 ./strace-static-x86_64: Process 5982 attached [pid 5981] <... mount resumed>) = 0 [pid 5832] getdents64(3, [pid 5981] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5981] <... openat resumed>) = 3 [pid 5981] chdir("./file1" [pid 5982] set_robust_list(0x5555934ed660, 24 [pid 5981] <... chdir resumed>) = 0 [pid 5832] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5982 [pid 5981] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 5982] <... set_robust_list resumed>) = 0 [pid 5981] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5980] <... sync resumed>) = 0 [pid 5979] <... sync resumed>) = 0 [pid 5832] rmdir("./27" [pid 5982] chdir("./29" [pid 5981] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5982] <... chdir resumed>) = 0 [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5982] setpgid(0, 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5980] exit_group(0 [pid 5982] <... setpgid resumed>) = 0 [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] <... exit_group resumed>) = ? [pid 5979] exit_group(0 [pid 5832] mkdir("./28", 0777 [pid 5982] write(3, "1000", 4 [pid 5980] +++ exited with 0 +++ [pid 5979] <... exit_group resumed>) = ? [pid 5832] <... mkdir resumed>) = 0 [pid 5982] <... write resumed>) = 4 [pid 5981] <... link resumed>) = 0 [pid 5979] +++ exited with 0 +++ [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5982] close(3 [pid 5981] sync( [pid 5832] <... openat resumed>) = 3 [pid 5982] <... close resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5982] symlink("/dev/binderfs", "./binderfs" [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5982] <... symlink resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 executing program [pid 5982] write(1, "executing program\n", 18 [pid 5832] close(3 [pid 5982] <... write resumed>) = 18 [pid 5832] <... close resumed>) = 0 [pid 5831] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5982] memfd_create("syzkaller", 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5982] <... memfd_create resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5983 attached [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5983 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5983] set_robust_list(0x5555934ed660, 24 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5983] chdir("./28") = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0 [pid 5831] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./24/file1", [pid 5828] newfstatat(AT_FDCWD, "./25/file1", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] <... setpgid resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5981] <... sync resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5828] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5981] exit_group(0 [pid 5831] newfstatat(4, "", [pid 5828] <... openat resumed>) = 4 [pid 5983] <... openat resumed>) = 3 [pid 5981] <... exit_group resumed>) = ? [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5982] <... write resumed>) = 524288 [pid 5981] +++ exited with 0 +++ [pid 5831] getdents64(4, [pid 5828] newfstatat(4, "", [pid 5983] write(3, "1000", 4 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5982] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5982] <... munmap resumed>) = 0 [pid 5831] getdents64(4, [pid 5828] getdents64(4, [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5983] <... write resumed>) = 4 [pid 5982] <... openat resumed>) = 4 [pid 5831] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5983] close(3 [pid 5982] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(4, [pid 5983] <... close resumed>) = 0 [pid 5831] rmdir("./24/file1" [pid 5829] <... openat resumed>) = 3 [pid 5983] symlink("/dev/binderfs", "./binderfs" [pid 5982] <... ioctl resumed>) = 0 executing program [pid 5831] <... rmdir resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5983] <... symlink resumed>) = 0 [pid 5982] close(3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5983] write(1, "executing program\n", 18) = 18 [pid 5982] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] close(4 [pid 5983] memfd_create("syzkaller", 0 [pid 5982] close(4 [pid 5829] getdents64(3, [pid 5828] <... close resumed>) = 0 [pid 5983] <... memfd_create resumed>) = 3 [pid 5982] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5982] mkdir("./file1", 0777 [pid 5829] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] rmdir("./25/file1" [pid 5983] <... mmap resumed>) = 0x7ff1eb400000 [pid 5982] <... mkdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5982] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5828] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./24/binderfs" [pid 5828] unlink("./25/binderfs" [pid 5982] <... mount resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5828] getdents64(3, [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5982] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] close(3 [pid 5828] close(3 [pid 5983] <... write resumed>) = 524288 [pid 5982] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5982] chdir("./file1" [pid 5828] <... close resumed>) = 0 [pid 5831] rmdir("./24" [pid 5982] <... chdir resumed>) = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5828] rmdir("./25" [pid 5982] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... rmdir resumed>) = 0 [ 103.381311][ T5982] loop2: detected capacity change from 0 to 1024 [pid 5828] mkdir("./26", 0777) = 0 [pid 5982] <... link resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5983] munmap(0x7ff1eb400000, 138412032 [pid 5831] mkdir("./25", 0777 [pid 5829] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5982] sync( [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5983] <... munmap resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] newfstatat(AT_FDCWD, "./28/file1", [pid 5828] <... openat resumed>) = 3 [pid 5983] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5983] <... openat resumed>) = 4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5829] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5828] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... close resumed>) = 0 ./strace-static-x86_64: Process 5984 attached [pid 5983] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5984 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5984] set_robust_list(0x5555934ed660, 24 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./28/file1") = 0 [pid 5982] <... sync resumed>) = 0 [pid 5829] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5982] exit_group(0 [pid 5829] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5982] <... exit_group resumed>) = ? [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5985 attached [pid 5982] +++ exited with 0 +++ [pid 5829] unlink("./28/binderfs" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 5985] set_robust_list(0x5555934ed660, 24) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5985 [pid 5985] chdir("./26" [pid 5984] <... set_robust_list resumed>) = 0 [pid 5829] close(3 [pid 5983] <... ioctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./28" [pid 5984] chdir("./25" [pid 5983] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 5985] <... chdir resumed>) = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] mkdir("./29", 0777 [pid 5985] <... prctl resumed>) = 0 [pid 5985] setpgid(0, 0 [pid 5984] <... chdir resumed>) = 0 [pid 5983] <... close resumed>) = 0 [pid 5985] <... setpgid resumed>) = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5983] close(4 [pid 5830] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5984] <... prctl resumed>) = 0 [pid 5983] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... mkdir resumed>) = 0 [pid 5984] setpgid(0, 0 [pid 5983] mkdir("./file1", 0777 [pid 5830] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5985] <... openat resumed>) = 3 [pid 5984] <... setpgid resumed>) = 0 [pid 5983] <... mkdir resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5983] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] getdents64(3, [pid 5829] <... openat resumed>) = 3 [pid 5985] write(3, "1000", 4 [pid 5984] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [ 103.462893][ T5983] loop4: detected capacity change from 0 to 1024 executing program [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5984] write(3, "1000", 4 [pid 5830] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5984] <... write resumed>) = 4 [pid 5985] <... write resumed>) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5985] write(1, "executing program\n", 18 [pid 5829] close(3 [pid 5985] <... write resumed>) = 18 [pid 5829] <... close resumed>) = 0 [pid 5985] memfd_create("syzkaller", 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5985] <... memfd_create resumed>) = 3 [pid 5984] close(3./strace-static-x86_64: Process 5986 attached [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5984] <... close resumed>) = 0 [pid 5985] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5986 [pid 5984] symlink("/dev/binderfs", "./binderfs" [pid 5986] set_robust_list(0x5555934ed660, 24 [pid 5830] <... umount2 resumed>) = 0 [pid 5986] <... set_robust_list resumed>) = 0 [pid 5984] <... symlink resumed>) = 0 executing program [pid 5984] write(1, "executing program\n", 18 [pid 5830] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] chdir("./29" [pid 5985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5984] <... write resumed>) = 18 [pid 5983] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... chdir resumed>) = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5984] memfd_create("syzkaller", 0 [pid 5983] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./29/file1", [pid 5986] <... prctl resumed>) = 0 [pid 5984] <... memfd_create resumed>) = 3 [pid 5983] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5986] setpgid(0, 0 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5983] chdir("./file1" [pid 5830] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] <... setpgid resumed>) = 0 [pid 5984] <... mmap resumed>) = 0x7ff1eb400000 [pid 5983] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5983] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5983] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... openat resumed>) = 4 [pid 5983] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] newfstatat(4, "", [pid 5986] <... openat resumed>) = 3 [pid 5985] <... write resumed>) = 524288 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./29/file1" [pid 5986] write(3, "1000", 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5986] <... write resumed>) = 4 [pid 5986] close(3 [pid 5830] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./29/binderfs") = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs" [pid 5983] <... link resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./29" [pid 5986] <... symlink resumed>) = 0 [pid 5983] sync( [pid 5986] write(1, "executing program\n", 18 [pid 5830] <... rmdir resumed>) = 0 executing program [pid 5986] <... write resumed>) = 18 [pid 5985] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5830] mkdir("./30", 0777 [pid 5986] memfd_create("syzkaller", 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5986] <... memfd_create resumed>) = 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5985] ioctl(4, LOOP_SET_FD, 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5983] <... sync resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5984] <... write resumed>) = 524288 [pid 5983] exit_group(0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5983] <... exit_group resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5987 attached ) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5987] set_robust_list(0x5555934ed660, 24 [pid 5832] <... openat resumed>) = 3 [pid 5986] <... write resumed>) = 524288 [pid 5832] newfstatat(3, "", [pid 5987] <... set_robust_list resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5987] chdir("./30" [pid 5832] getdents64(3, [pid 5987] <... chdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5987 [pid 5987] <... prctl resumed>) = 0 [pid 5987] setpgid(0, 0 [pid 5984] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 5987] <... setpgid resumed>) = 0 [pid 5985] <... ioctl resumed>) = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5985] close(3 [pid 5987] <... openat resumed>) = 3 [pid 5985] <... close resumed>) = 0 [pid 5985] close(4 [pid 5987] write(3, "1000", 4 [pid 5985] <... close resumed>) = 0 [pid 5987] <... write resumed>) = 4 [pid 5985] mkdir("./file1", 0777 [pid 5987] close(3 [pid 5985] <... mkdir resumed>) = 0 [pid 5832] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5987] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5987] symlink("/dev/binderfs", "./binderfs" [pid 5832] newfstatat(AT_FDCWD, "./28/file1", [pid 5987] <... symlink resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5985] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5987] write(1, "executing program\n", 18 [pid 5986] munmap(0x7ff1eb400000, 138412032 [pid 5984] <... munmap resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5987] <... write resumed>) = 18 [pid 5832] <... openat resumed>) = 4 [pid 5987] memfd_create("syzkaller", 0 [pid 5986] <... munmap resumed>) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] newfstatat(4, "", [pid 5987] <... memfd_create resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 103.606671][ T5985] loop0: detected capacity change from 0 to 1024 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5986] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5984] <... openat resumed>) = 4 [pid 5832] getdents64(4, [pid 5987] <... mmap resumed>) = 0x7ff1eb400000 [pid 5986] <... openat resumed>) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./28/file1" [pid 5986] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5985] <... mount resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5986] ioctl(4, LOOP_CLR_FD) = 0 [pid 5985] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./file1") = 0 [pid 5832] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5986] close(4) = 0 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5986] close(3 [pid 5985] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5985] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./28/binderfs" [pid 5986] <... close resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5987] <... write resumed>) = 524288 [pid 5832] close(3 [pid 5986] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5985] <... link resumed>) = 0 [pid 5984] <... ioctl resumed>) = 0 [pid 5986] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5985] sync( [pid 5984] close(3 [pid 5832] <... close resumed>) = 0 [pid 5986] sync( [pid 5984] <... close resumed>) = 0 [pid 5832] rmdir("./28" [pid 5984] close(4 [pid 5832] <... rmdir resumed>) = 0 [pid 5987] munmap(0x7ff1eb400000, 138412032 [pid 5984] <... close resumed>) = 0 [pid 5832] mkdir("./29", 0777 [pid 5987] <... munmap resumed>) = 0 [pid 5984] mkdir("./file1", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 5984] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5984] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5987] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... openat resumed>) = 3 [ 103.675932][ T5984] loop3: detected capacity change from 0 to 1024 [pid 5987] <... openat resumed>) = 4 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 5987] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [pid 5987] <... ioctl resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5987] close(3) = 0 [pid 5987] close(4) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5988 [pid 5987] mkdir("./file1", 0777./strace-static-x86_64: Process 5988 attached ) = 0 [pid 5988] set_robust_list(0x5555934ed660, 24) = 0 [pid 5988] chdir("./29" [pid 5987] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5988] <... chdir resumed>) = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [ 103.736534][ T5987] loop2: detected capacity change from 0 to 1024 [pid 5988] close(3) = 0 executing program [pid 5988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5988] write(1, "executing program\n", 18) = 18 [pid 5988] memfd_create("syzkaller", 0 [pid 5987] <... mount resumed>) = 0 [pid 5984] <... mount resumed>) = 0 [pid 5988] <... memfd_create resumed>) = 3 [pid 5987] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5987] <... openat resumed>) = 3 [pid 5985] <... sync resumed>) = 0 [pid 5984] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5987] chdir("./file1" [pid 5985] exit_group(0 [pid 5987] <... chdir resumed>) = 0 [pid 5985] <... exit_group resumed>) = ? [pid 5988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5987] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5986] <... sync resumed>) = 0 [pid 5984] <... openat resumed>) = 3 [pid 5984] chdir("./file1" [pid 5987] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5986] exit_group(0 [pid 5984] <... chdir resumed>) = 0 [pid 5986] <... exit_group resumed>) = ? [pid 5984] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5985] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ [pid 5984] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5984] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(3, "", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", [pid 5829] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] getdents64(3, [pid 5987] <... link resumed>) = 0 [pid 5829] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5987] sync( [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./29/binderfs" [pid 5988] <... write resumed>) = 524288 [pid 5984] <... link resumed>) = 0 [pid 5988] munmap(0x7ff1eb400000, 138412032 [pid 5984] sync( [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5988] <... munmap resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] rmdir("./29") = 0 [pid 5988] <... openat resumed>) = 4 [pid 5988] ioctl(4, LOOP_SET_FD, 3 [pid 5829] mkdir("./30", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5989 attached [pid 5987] <... sync resumed>) = 0 [pid 5984] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5987] exit_group(0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5989 [pid 5987] <... exit_group resumed>) = ? [pid 5828] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5989] set_robust_list(0x5555934ed660, 24 [pid 5987] +++ exited with 0 +++ [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5989] <... set_robust_list resumed>) = 0 [pid 5988] <... ioctl resumed>) = 0 [pid 5984] exit_group(0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] newfstatat(AT_FDCWD, "./26/file1", [pid 5989] chdir("./30" [pid 5984] <... exit_group resumed>) = ? [pid 5989] <... chdir resumed>) = 0 [pid 5988] close(3 [pid 5984] +++ exited with 0 +++ [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5988] <... close resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5989] <... prctl resumed>) = 0 [pid 5988] close(4 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5989] setpgid(0, 0 [pid 5988] <... close resumed>) = 0 [pid 5989] <... setpgid resumed>) = 0 [pid 5988] mkdir("./file1", 0777 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5988] <... mkdir resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 5989] <... openat resumed>) = 3 [pid 5988] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 5989] write(3, "1000", 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5989] <... write resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(4, [pid 5989] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5989] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(4) = 0 executing program [pid 5989] <... symlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./26/file1" [pid 5989] write(1, "executing program\n", 18 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... rmdir resumed>) = 0 [pid 5989] <... write resumed>) = 18 [pid 5830] <... openat resumed>) = 3 [pid 5831] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 5828] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5828] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5989] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 103.874448][ T5988] loop4: detected capacity change from 0 to 1024 [pid 5989] <... memfd_create resumed>) = 3 [pid 5988] <... mount resumed>) = 0 [pid 5830] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] unlink("./26/binderfs" [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5988] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5989] <... mmap resumed>) = 0x7ff1eb400000 [pid 5988] <... openat resumed>) = 3 [pid 5988] chdir("./file1" [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./26") = 0 [pid 5988] <... chdir resumed>) = 0 [pid 5828] mkdir("./27", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 5988] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... close resumed>) = 0 [pid 5989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5988] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 5990 attached [pid 5988] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5990 [pid 5990] set_robust_list(0x5555934ed660, 24) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5990] chdir("./27" [pid 5831] newfstatat(AT_FDCWD, "./25/file1", [pid 5990] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5990] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5990] <... prctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5990] setpgid(0, 0 [pid 5831] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5990] <... setpgid resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5990] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5990] write(3, "1000", 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5990] <... write resumed>) = 4 [pid 5831] close(4 [pid 5990] close(3) = 0 [pid 5989] <... write resumed>) = 524288 [pid 5831] <... close resumed>) = 0 [pid 5990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] rmdir("./25/file1") = 0 executing program [pid 5990] write(1, "executing program\n", 18) = 18 [pid 5990] memfd_create("syzkaller", 0 [pid 5831] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5990] <... memfd_create resumed>) = 3 [pid 5831] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5989] munmap(0x7ff1eb400000, 138412032 [pid 5988] <... link resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] unlink("./25/binderfs" [pid 5990] <... mmap resumed>) = 0x7ff1eb400000 [pid 5989] <... munmap resumed>) = 0 [pid 5988] sync( [pid 5831] <... unlink resumed>) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5830] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./30/file1", [pid 5831] rmdir("./25" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] mkdir("./26", 0777 [pid 5830] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5988] <... sync resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5988] exit_group(0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] getdents64(4, [pid 5988] <... exit_group resumed>) = ? [pid 5990] <... write resumed>) = 524288 [pid 5831] close(3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5989] <... ioctl resumed>) = 0 [pid 5988] +++ exited with 0 +++ [pid 5831] <... close resumed>) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5989] close(3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] close(4 [pid 5989] <... close resumed>) = 0 [pid 5989] close(4 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./30/file1" [pid 5989] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5989] mkdir("./file1", 0777 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5990] munmap(0x7ff1eb400000, 138412032 [pid 5989] <... mkdir resumed>) = 0 [pid 5990] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5989] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 104.011347][ T5989] loop1: detected capacity change from 0 to 1024 [pid 5830] newfstatat(AT_FDCWD, "./30/binderfs", [pid 5832] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] newfstatat(3, "", [pid 5830] unlink("./30/binderfs"./strace-static-x86_64: Process 5991 attached [pid 5990] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 5990] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5991 [pid 5830] getdents64(3, [pid 5832] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5991] set_robust_list(0x5555934ed660, 24 [pid 5830] <... close resumed>) = 0 [pid 5991] <... set_robust_list resumed>) = 0 [pid 5830] rmdir("./30" [pid 5991] chdir("./26" [pid 5830] <... rmdir resumed>) = 0 [pid 5991] <... chdir resumed>) = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] mkdir("./31", 0777) = 0 [pid 5991] write(3, "1000", 4 [pid 5832] <... umount2 resumed>) = 0 executing program [pid 5991] <... write resumed>) = 4 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... openat resumed>) = 3 [pid 5991] write(1, "executing program\n", 18) = 18 [pid 5991] memfd_create("syzkaller", 0) = 3 [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5991] <... mmap resumed>) = 0x7ff1eb400000 [pid 5989] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5989] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5990] <... ioctl resumed>) = 0 [pid 5989] <... openat resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./29/file1", [pid 5830] <... close resumed>) = 0 [pid 5990] close(3 [pid 5989] chdir("./file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5990] <... close resumed>) = 0 [pid 5832] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5990] close(4 [pid 5832] newfstatat(4, "", [pid 5990] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5990] mkdir("./file1", 0777 [pid 5832] getdents64(4, [pid 5991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5990] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5990] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] rmdir("./29/file1" [pid 5989] <... chdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [ 104.076970][ T5990] loop0: detected capacity change from 0 to 1024 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5989] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5991] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./29/binderfs", [pid 5989] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./29/binderfs") = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./29") = 0 [pid 5832] mkdir("./30", 0777./strace-static-x86_64: Process 5992 attached ) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5992 [pid 5992] set_robust_list(0x5555934ed660, 24 [pid 5991] munmap(0x7ff1eb400000, 138412032 [pid 5992] <... set_robust_list resumed>) = 0 [pid 5991] <... munmap resumed>) = 0 [pid 5989] <... link resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5992] chdir("./31" [pid 5990] <... mount resumed>) = 0 [pid 5989] sync( [pid 5992] <... chdir resumed>) = 0 [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5990] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 5992] <... prctl resumed>) = 0 [pid 5992] setpgid(0, 0 [pid 5991] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5990] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5992] <... setpgid resumed>) = 0 [pid 5991] <... openat resumed>) = 4 [pid 5832] <... ioctl resumed>) = 0 [pid 5990] chdir("./file1" [pid 5832] close(3 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] ioctl(4, LOOP_SET_FD, 3 [pid 5990] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5992] write(3, "1000", 4) = 4 [pid 5991] <... ioctl resumed>) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5992] close(3) = 0 [pid 5992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5990] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5992] write(1, "executing program\n", 18executing program ) = 18 [pid 5990] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5992] memfd_create("syzkaller", 0) = 3 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5989] <... sync resumed>) = 0 [pid 5992] <... mmap resumed>) = 0x7ff1eb400000 [pid 5989] exit_group(0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5993 [pid 5989] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5993 attached [pid 5989] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5993] set_robust_list(0x5555934ed660, 24 [pid 5992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5993] <... set_robust_list resumed>) = 0 [pid 5829] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5993] chdir("./30" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5993] <... chdir resumed>) = 0 [pid 5990] <... link resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5990] sync( [pid 5829] newfstatat(3, "", [pid 5993] <... prctl resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5993] setpgid(0, 0 [pid 5829] getdents64(3, [pid 5993] <... setpgid resumed>) = 0 [ 104.161090][ T5991] loop3: detected capacity change from 0 to 1024 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5992] <... write resumed>) = 524288 [pid 5991] close(3 [pid 5992] munmap(0x7ff1eb400000, 138412032 [pid 5993] <... openat resumed>) = 3 [pid 5992] <... munmap resumed>) = 0 [pid 5991] <... close resumed>) = 0 [pid 5829] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5992] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5991] close(4 [pid 5992] ioctl(4, LOOP_SET_FD, 3 [pid 5993] write(3, "1000", 4 [pid 5992] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5991] <... close resumed>) = 0 [pid 5992] ioctl(4, LOOP_CLR_FD [pid 5990] <... sync resumed>) = 0 [pid 5993] <... write resumed>) = 4 [pid 5992] <... ioctl resumed>) = 0 [pid 5991] mkdir("./file1", 0777 [pid 5990] exit_group(0 [pid 5993] close(3 [pid 5991] <... mkdir resumed>) = 0 [pid 5990] <... exit_group resumed>) = ? [pid 5992] ioctl(4, LOOP_SET_FD, 3 [pid 5993] <... close resumed>) = 0 [pid 5992] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5991] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5992] close(4executing program [pid 5993] symlink("/dev/binderfs", "./binderfs" [pid 5992] <... close resumed>) = 0 [pid 5993] <... symlink resumed>) = 0 [pid 5992] close(3 [pid 5993] write(1, "executing program\n", 18) = 18 [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5992] <... close resumed>) = 0 [pid 5993] <... mmap resumed>) = 0x7ff1eb400000 [pid 5993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5990] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5992] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5992] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5992] sync( [pid 5829] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(3, "", [pid 5829] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(3, [pid 5829] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] newfstatat(4, "", [pid 5828] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5991] <... mount resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5991] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5991] chdir("./file1") = 0 [pid 5991] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5829] rmdir("./30/file1" [pid 5991] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5829] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5992] <... sync resumed>) = 0 [pid 5829] unlink("./30/binderfs") = 0 [pid 5829] getdents64(3, [pid 5993] <... write resumed>) = 524288 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5993] munmap(0x7ff1eb400000, 138412032 [pid 5992] exit_group(0 [pid 5829] close(3 [pid 5993] <... munmap resumed>) = 0 [pid 5992] <... exit_group resumed>) = ? [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./30" [pid 5828] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mkdir("./31", 0777 [pid 5828] newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5992] +++ exited with 0 +++ [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5992, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5993] <... openat resumed>) = 4 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 5991] <... link resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5991] sync( [pid 5828] getdents64(4, [pid 5993] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./27/file1" [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3 [pid 5828] unlink("./27/binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 5830] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5993] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] close(3) = 0 [pid 5828] rmdir("./27"./strace-static-x86_64: Process 5994 attached [pid 5830] newfstatat(3, "", [pid 5828] <... rmdir resumed>) = 0 [pid 5991] <... sync resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] mkdir("./28", 0777 [pid 5993] close(3 [pid 5991] exit_group(0 [pid 5830] getdents64(3, [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 5994 [pid 5828] <... mkdir resumed>) = 0 [pid 5993] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5993] close(4 [pid 5830] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5993] <... close resumed>) = 0 [pid 5994] set_robust_list(0x5555934ed660, 24 [pid 5993] mkdir("./file1", 0777 [pid 5991] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5994] <... set_robust_list resumed>) = 0 [pid 5993] <... mkdir resumed>) = 0 [pid 5991] +++ exited with 0 +++ [pid 5830] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5993] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5994] chdir("./31") = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] unlink("./31/binderfs" [pid 5994] <... prctl resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5994] setpgid(0, 0 [pid 5830] getdents64(3, [pid 5828] <... ioctl resumed>) = 0 [pid 5831] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 5828] close(3 [pid 5994] <... setpgid resumed>) = 0 [pid 5993] <... mount resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5993] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... openat resumed>) = 3 [pid 5830] rmdir("./31" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached [pid 5993] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5830] <... rmdir resumed>) = 0 [pid 5993] chdir("./file1") = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] getdents64(3, [ 104.338136][ T5993] loop4: detected capacity change from 0 to 1024 [pid 5830] mkdir("./32", 0777 [pid 5995] set_robust_list(0x5555934ed660, 24 [pid 5994] <... openat resumed>) = 3 [pid 5993] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5995 [pid 5995] <... set_robust_list resumed>) = 0 [pid 5993] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5995] chdir("./28" [pid 5994] write(3, "1000", 4 [pid 5995] <... chdir resumed>) = 0 [pid 5994] <... write resumed>) = 4 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5994] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5995] <... prctl resumed>) = 0 [pid 5994] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5995] setpgid(0, 0 [pid 5994] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5995] <... setpgid resumed>) = 0 [pid 5830] close(3 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... close resumed>) = 0 [pid 5995] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5996 attached [pid 5994] <... symlink resumed>) = 0 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3 [pid 5994] write(1, "executing program\n", 18 [pid 5995] <... close resumed>) = 0 [pid 5994] <... write resumed>) = 18 [pid 5993] <... link resumed>) = 0 [pid 5996] set_robust_list(0x5555934ed660, 24 [pid 5995] symlink("/dev/binderfs", "./binderfs" [pid 5994] memfd_create("syzkaller", 0 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5993] sync(executing program [pid 5996] chdir("./32" [pid 5995] <... symlink resumed>) = 0 [pid 5994] <... memfd_create resumed>) = 3 [pid 5831] <... umount2 resumed>) = 0 [pid 5995] write(1, "executing program\n", 18 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5995] <... write resumed>) = 18 [pid 5994] <... mmap resumed>) = 0x7ff1eb400000 [pid 5996] <... chdir resumed>) = 0 [pid 5995] memfd_create("syzkaller", 0 [pid 5994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 5996 [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5995] <... memfd_create resumed>) = 3 [pid 5831] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] <... prctl resumed>) = 0 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5995] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] newfstatat(AT_FDCWD, "./26/file1", [pid 5996] setpgid(0, 0 [pid 5995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] <... setpgid resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5993] <... sync resumed>) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5993] exit_group(0 [pid 5831] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5996] <... openat resumed>) = 3 [pid 5993] <... exit_group resumed>) = ? [pid 5831] <... openat resumed>) = 4 [pid 5996] write(3, "1000", 4 [pid 5993] +++ exited with 0 +++ [pid 5831] newfstatat(4, "", [pid 5996] <... write resumed>) = 4 [pid 5996] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5996] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] getdents64(4, [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5996] symlink("/dev/binderfs", "./binderfs" [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5996] <... symlink resumed>) = 0 [pid 5831] rmdir("./26/file1"executing program [pid 5996] write(1, "executing program\n", 18 [pid 5831] <... rmdir resumed>) = 0 [pid 5996] <... write resumed>) = 18 [pid 5831] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] memfd_create("syzkaller", 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5996] <... memfd_create resumed>) = 3 [pid 5995] <... write resumed>) = 524288 [pid 5831] newfstatat(AT_FDCWD, "./26/binderfs", [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5832] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./26/binderfs" [pid 5832] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... unlink resumed>) = 0 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5994] <... write resumed>) = 524288 [pid 5832] <... openat resumed>) = 3 [pid 5831] getdents64(3, [pid 5994] munmap(0x7ff1eb400000, 138412032 [pid 5832] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5994] <... munmap resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(3 [pid 5832] getdents64(3, [pid 5831] <... close resumed>) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] rmdir("./26" [pid 5994] <... openat resumed>) = 4 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5994] ioctl(4, LOOP_SET_FD, 3 [pid 5831] mkdir("./27", 0777) = 0 [pid 5995] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5996] <... write resumed>) = 524288 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 5995] <... openat resumed>) = 4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5995] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... ioctl resumed>) = 0 [pid 5995] <... ioctl resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5996] munmap(0x7ff1eb400000, 138412032./strace-static-x86_64: Process 5997 attached [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 5997 [pid 5994] <... ioctl resumed>) = 0 [pid 5996] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5994] close(3) = 0 [pid 5994] close(4 [pid 5997] set_robust_list(0x5555934ed660, 24 [pid 5996] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5994] <... close resumed>) = 0 [ 104.488783][ T5994] loop1: detected capacity change from 0 to 1024 [ 104.510954][ T5995] loop0: detected capacity change from 0 to 1024 [pid 5994] mkdir("./file1", 0777 [pid 5997] <... set_robust_list resumed>) = 0 [pid 5996] <... openat resumed>) = 4 [pid 5994] <... mkdir resumed>) = 0 [pid 5832] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5997] chdir("./27" [pid 5996] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(AT_FDCWD, "./30/file1", [pid 5997] <... chdir resumed>) = 0 [pid 5994] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5995] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 5995] close(4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5995] <... close resumed>) = 0 [pid 5832] close(4 [pid 5997] setpgid(0, 0 [pid 5995] mkdir("./file1", 0777 [pid 5832] <... close resumed>) = 0 [pid 5997] <... setpgid resumed>) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] rmdir("./30/file1" [pid 5997] <... openat resumed>) = 3 [pid 5997] write(3, "1000", 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5997] <... write resumed>) = 4 [pid 5832] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] close(3 [pid 5996] <... ioctl resumed>) = 0 [pid 5995] <... mkdir resumed>) = 0 [pid 5994] <... mount resumed>) = 0 [pid 5997] <... close resumed>) = 0 [pid 5994] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] symlink("/dev/binderfs", "./binderfs" [pid 5996] close(3 [pid 5995] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5994] <... openat resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./30/binderfs", [pid 5997] <... symlink resumed>) = 0 [pid 5996] <... close resumed>) = 0 [ 104.534279][ T5996] loop2: detected capacity change from 0 to 1024 [pid 5994] chdir("./file1"executing program [pid 5997] write(1, "executing program\n", 18 [pid 5996] close(4 [pid 5994] <... chdir resumed>) = 0 [pid 5997] <... write resumed>) = 18 [pid 5996] <... close resumed>) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5997] memfd_create("syzkaller", 0 [pid 5996] mkdir("./file1", 0777 [pid 5995] <... mount resumed>) = 0 [pid 5994] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5997] <... memfd_create resumed>) = 3 [pid 5996] <... mkdir resumed>) = 0 [pid 5995] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5996] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5995] <... openat resumed>) = 3 [pid 5994] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5995] chdir("./file1") = 0 [pid 5832] unlink("./30/binderfs" [pid 5997] <... mmap resumed>) = 0x7ff1eb400000 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5995] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... unlink resumed>) = 0 [pid 5996] <... mount resumed>) = 0 [pid 5996] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5995] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5996] <... openat resumed>) = 3 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5996] chdir("./file1") = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./30") = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] mkdir("./31", 0777 [pid 5996] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... mkdir resumed>) = 0 [pid 5996] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5994] <... link resumed>) = 0 [pid 5994] sync( [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5995] <... link resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5995] sync( [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5998 attached [pid 5998] set_robust_list(0x5555934ed660, 24) = 0 [pid 5998] chdir("./31" [pid 5997] <... write resumed>) = 524288 [pid 5998] <... chdir resumed>) = 0 [pid 5997] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 5998 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5997] <... munmap resumed>) = 0 [pid 5998] <... prctl resumed>) = 0 [pid 5998] setpgid(0, 0) = 0 [pid 5996] <... link resumed>) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5998] <... openat resumed>) = 3 [pid 5997] <... openat resumed>) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3 [pid 5998] write(3, "1000", 4 [pid 5996] sync( [pid 5998] <... write resumed>) = 4 [pid 5998] close(3 [pid 5997] <... ioctl resumed>) = 0 [pid 5995] <... sync resumed>) = 0 [pid 5997] close(3 [pid 5995] exit_group(0 [pid 5997] <... close resumed>) = 0 [pid 5995] <... exit_group resumed>) = ? [pid 5997] close(4 [pid 5995] +++ exited with 0 +++ [pid 5997] <... close resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5997] mkdir("./file1", 0777) = 0 [pid 5998] <... close resumed>) = 0 [pid 5997] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5994] <... sync resumed>) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs" [pid 5994] exit_group(0 [pid 5998] <... symlink resumed>) = 0 [pid 5994] <... exit_group resumed>) = ? [pid 5997] <... mount resumed>) = 0 [pid 5994] +++ exited with 0 +++ [pid 5828] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] write(1, "executing program\n", 18 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5998] <... write resumed>) = 18 [pid 5828] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5998] memfd_create("syzkaller", 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] <... openat resumed>) = 3 [pid 5996] <... sync resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5998] <... memfd_create resumed>) = 3 [pid 5996] exit_group(0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [ 104.660216][ T5997] loop3: detected capacity change from 0 to 1024 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5997] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 5998] <... mmap resumed>) = 0x7ff1eb400000 [pid 5996] <... exit_group resumed>) = ? [pid 5829] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5996] +++ exited with 0 +++ [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... openat resumed>) = 3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] newfstatat(3, "", [pid 5828] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5997] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 5998] <... write resumed>) = 524288 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... umount2 resumed>) = 0 [pid 5829] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5997] chdir("./file1" [pid 5828] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] munmap(0x7ff1eb400000, 138412032 [pid 5997] <... chdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./28/file1", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] newfstatat(AT_FDCWD, "./31/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5997] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] <... munmap resumed>) = 0 [pid 5997] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5828] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5998] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 5998] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5998] ioctl(4, LOOP_SET_FD, 3 [pid 5829] newfstatat(4, "", [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./28/file1") = 0 [pid 5997] <... link resumed>) = 0 [pid 5997] sync( [pid 5828] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5828] unlink("./28/binderfs" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5998] <... ioctl resumed>) = 0 [pid 5829] close(4 [pid 5828] <... unlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5998] close(3 [pid 5829] rmdir("./31/file1" [pid 5828] rmdir("./28" [pid 5998] <... close resumed>) = 0 [pid 5998] close(4 [pid 5830] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5998] <... close resumed>) = 0 [pid 5829] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] mkdir("./file1", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] mkdir("./29", 0777 [pid 5998] <... mkdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./32/file1", [pid 5829] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5998] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] unlink("./31/binderfs" [pid 5830] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... openat resumed>) = 4 [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5997] <... sync resumed>) = 0 [pid 5829] getdents64(3, [pid 5830] newfstatat(4, "", [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5997] exit_group(0) = ? [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5830] getdents64(4, [pid 5829] close(3 [pid 5828] close(3) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5997] +++ exited with 0 +++ [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... close resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] close(4 [pid 5831] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 ./strace-static-x86_64: Process 5999 attached [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./32/file1" [ 104.762880][ T5998] loop4: detected capacity change from 0 to 1024 [pid 5829] rmdir("./31" [pid 5831] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 5999 [pid 5999] set_robust_list(0x5555934ed660, 24 [pid 5831] newfstatat(3, "", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mkdir("./32", 0777 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(AT_FDCWD, "./32/binderfs", [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./32/binderfs" [pid 5829] <... mkdir resumed>) = 0 [pid 5999] <... set_robust_list resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... unlink resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5999] chdir("./29" [pid 5831] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5829] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 5999] <... chdir resumed>) = 0 [pid 5830] rmdir("./32" [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5999] <... prctl resumed>) = 0 [pid 5829] close(3 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] mkdir("./33", 0777 [pid 5829] <... close resumed>) = 0 executing program [pid 5999] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6000 attached ) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5999] write(1, "executing program\n", 18 [pid 5830] close(3 [pid 5999] <... write resumed>) = 18 [pid 5830] <... close resumed>) = 0 [pid 5999] memfd_create("syzkaller", 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6000 [pid 6000] set_robust_list(0x5555934ed660, 24 [pid 5998] <... mount resumed>) = 0 [pid 5998] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6000] <... set_robust_list resumed>) = 0 [pid 5999] <... memfd_create resumed>) = 3 [pid 6000] chdir("./32" [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5998] <... openat resumed>) = 3 [pid 6000] <... chdir resumed>) = 0 [pid 5998] chdir("./file1"./strace-static-x86_64: Process 6001 attached [pid 6000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5999] <... mmap resumed>) = 0x7ff1eb400000 [pid 5998] <... chdir resumed>) = 0 [pid 6000] <... prctl resumed>) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6000] setpgid(0, 0) = 0 [pid 5998] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6001] set_robust_list(0x5555934ed660, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6001 [pid 6001] chdir("./33" [pid 6000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5998] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6001] <... chdir resumed>) = 0 [pid 6000] <... openat resumed>) = 3 [pid 5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3 [pid 5831] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6001] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./27/file1", [pid 6001] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6001] <... symlink resumed>) = 0 [pid 5831] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6001] write(1, "executing program\n", 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6001] <... write resumed>) = 18 [pid 5831] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6001] memfd_create("syzkaller", 0 [pid 5831] <... openat resumed>) = 4 [pid 6001] <... memfd_create resumed>) = 3 [pid 6000] write(3, "1000", 4 [pid 5831] newfstatat(4, "", [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6001] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] getdents64(4, [pid 6000] <... write resumed>) = 4 [pid 6000] close(3 [pid 5998] <... link resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6000] <... close resumed>) = 0 [pid 5998] sync( [pid 5831] getdents64(4, [pid 6000] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6000] write(1, "executing program\n", 18 [pid 5831] close(4) = 0 [pid 6000] <... write resumed>) = 18 [pid 6000] memfd_create("syzkaller", 0 [pid 5831] rmdir("./27/file1" [pid 6000] <... memfd_create resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5999] <... write resumed>) = 524288 [pid 5831] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6000] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] unlink("./27/binderfs" [pid 5999] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... unlink resumed>) = 0 [pid 5999] <... openat resumed>) = 4 [pid 5998] <... sync resumed>) = 0 [pid 5831] getdents64(3, [pid 5998] exit_group(0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5999] ioctl(4, LOOP_SET_FD, 3 [pid 5831] close(3 [pid 5998] <... exit_group resumed>) = ? [pid 5831] <... close resumed>) = 0 [pid 6000] <... write resumed>) = 524288 [pid 5998] +++ exited with 0 +++ [pid 5831] rmdir("./27" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5998, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 6001] <... write resumed>) = 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] mkdir("./28", 0777 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... mkdir resumed>) = 0 [pid 5832] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6001] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./31/file1", [pid 6001] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6002 attached [pid 6001] <... openat resumed>) = 4 [pid 6000] munmap(0x7ff1eb400000, 138412032 [pid 5832] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6001] ioctl(4, LOOP_SET_FD, 3 [pid 6002] set_robust_list(0x5555934ed660, 24 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6002 [pid 6000] <... munmap resumed>) = 0 [pid 6002] <... set_robust_list resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6002] chdir("./28" [pid 6000] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... openat resumed>) = 4 [pid 6002] <... chdir resumed>) = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5999] <... ioctl resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 6002] <... prctl resumed>) = 0 [pid 5999] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6002] setpgid(0, 0 [pid 5999] <... close resumed>) = 0 [pid 6002] <... setpgid resumed>) = 0 [pid 5832] getdents64(4, [pid 5999] close(4 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6002] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 6002] write(3, "1000", 4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6002] <... write resumed>) = 4 [pid 5832] close(4 [pid 6002] close(3 [pid 5832] <... close resumed>) = 0 [pid 6002] <... close resumed>) = 0 [pid 5832] rmdir("./31/file1" [pid 6002] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... rmdir resumed>) = 0 [pid 6001] <... ioctl resumed>) = 0 [pid 6002] <... symlink resumed>) = 0 [pid 5999] <... close resumed>) = 0 [pid 5832] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5999] mkdir("./file1", 0777 [pid 6001] close(3 [pid 5999] <... mkdir resumed>) = 0 [pid 6002] write(1, "executing program\n", 18 [pid 6001] <... close resumed>) = 0 [pid 6000] <... openat resumed>) = 4 executing program [pid 5999] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 104.957794][ T5999] loop0: detected capacity change from 0 to 1024 [ 104.968454][ T6001] loop2: detected capacity change from 0 to 1024 [pid 6002] <... write resumed>) = 18 [pid 6000] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(AT_FDCWD, "./31/binderfs", [pid 6002] memfd_create("syzkaller", 0 [pid 6001] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6001] <... close resumed>) = 0 [pid 5832] unlink("./31/binderfs" [pid 6002] <... memfd_create resumed>) = 3 [pid 5832] <... unlink resumed>) = 0 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6001] mkdir("./file1", 0777 [pid 6000] <... ioctl resumed>) = 0 [pid 5832] getdents64(3, [pid 6001] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6001] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] close(3 [pid 6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6000] close(3 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./31") = 0 [pid 6000] <... close resumed>) = 0 [pid 5832] mkdir("./32", 0777 [pid 6000] close(4 [pid 5832] <... mkdir resumed>) = 0 [pid 6000] <... close resumed>) = 0 [pid 6000] mkdir("./file1", 0777 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 6000] <... mkdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6003 attached [pid 6000] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6003] set_robust_list(0x5555934ed660, 24 [pid 5999] <... mount resumed>) = 0 [pid 6003] <... set_robust_list resumed>) = 0 [pid 5999] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6003] chdir("./32" [pid 5999] <... openat resumed>) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6003 [pid 6003] <... chdir resumed>) = 0 [pid 5999] chdir("./file1" [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5999] <... chdir resumed>) = 0 [pid 6003] <... prctl resumed>) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6003] setpgid(0, 0 [pid 5999] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6003] <... setpgid resumed>) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5999] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6003] <... openat resumed>) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6003] write(1, "executing program\n", 18) = 18 [ 105.009996][ T6000] loop1: detected capacity change from 0 to 1024 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6000] <... mount resumed>) = 0 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6000] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5999] <... link resumed>) = 0 [pid 6001] <... mount resumed>) = 0 [pid 5999] sync( [pid 6000] <... openat resumed>) = 3 [pid 6002] <... write resumed>) = 524288 [pid 6001] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6000] chdir("./file1" [pid 6002] munmap(0x7ff1eb400000, 138412032 [pid 6001] <... openat resumed>) = 3 [pid 6000] <... chdir resumed>) = 0 [pid 6001] chdir("./file1" [pid 6000] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6001] <... chdir resumed>) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6002] <... munmap resumed>) = 0 [pid 6000] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6002] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6001] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6001] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6000] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6002] <... openat resumed>) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3 [pid 6001] <... link resumed>) = 0 [pid 6001] sync( [pid 6003] <... write resumed>) = 524288 [pid 6003] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6002] <... ioctl resumed>) = 0 [pid 6003] ioctl(4, LOOP_SET_FD, 3 [pid 6002] close(3 [pid 6000] <... link resumed>) = 0 [pid 6003] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6002] <... close resumed>) = 0 [pid 6000] sync( [pid 6003] ioctl(4, LOOP_CLR_FD [pid 6002] close(4 [pid 5999] <... sync resumed>) = 0 [pid 6003] <... ioctl resumed>) = 0 [pid 6002] <... close resumed>) = 0 [pid 6001] <... sync resumed>) = 0 [pid 5999] exit_group(0 [pid 6002] mkdir("./file1", 0777 [pid 6001] exit_group(0 [pid 5999] <... exit_group resumed>) = ? [pid 6002] <... mkdir resumed>) = 0 [pid 6001] <... exit_group resumed>) = ? [pid 6000] <... sync resumed>) = 0 [pid 5999] +++ exited with 0 +++ [pid 6002] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6000] exit_group(0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6000] <... exit_group resumed>) = ? [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6003] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6003] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 105.085648][ T6002] loop3: detected capacity change from 0 to 1024 [pid 6003] close(4 [pid 6001] +++ exited with 0 +++ [pid 6003] <... close resumed>) = 0 [pid 6000] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6003] close(3 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6000, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6003] <... close resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 5830] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... openat resumed>) = 3 [pid 5828] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 6003] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6003] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6003] sync( [pid 6002] <... mount resumed>) = 0 [pid 6002] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./file1" [pid 5830] <... umount2 resumed>) = 0 [pid 6002] <... chdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 6002] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./29/file1", [pid 6003] <... sync resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6003] exit_group(0 [pid 5830] newfstatat(AT_FDCWD, "./33/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6003] <... exit_group resumed>) = ? [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6003] +++ exited with 0 +++ [pid 5828] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./32/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6002] <... link resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(4, "", [pid 5830] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6002] sync( [pid 5830] <... openat resumed>) = 4 [pid 5829] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5828] getdents64(4, [pid 5830] getdents64(4, [pid 5829] newfstatat(4, "", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 5830] getdents64(4, [pid 5829] getdents64(4, [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] close(4 [pid 5829] getdents64(4, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... close resumed>) = 0 [pid 5829] close(4 [pid 5832] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] rmdir("./29/file1" [pid 5829] rmdir("./32/file1" [pid 5832] <... openat resumed>) = 3 [pid 5830] rmdir("./33/file1" [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5830] <... rmdir resumed>) = 0 [pid 5829] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./32/binderfs", [pid 5828] newfstatat(AT_FDCWD, "./29/binderfs", [pid 5830] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./32/binderfs" [pid 5832] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] unlink("./33/binderfs" [pid 5828] unlink("./29/binderfs" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./32/binderfs" [pid 5830] getdents64(3, [pid 5828] getdents64(3, [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5830] close(3 [pid 5828] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] rmdir("./29" [pid 5830] rmdir("./33" [pid 5829] getdents64(3, [pid 5828] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./32" [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./33", 0777 [pid 5828] mkdir("./30", 0777 [pid 5830] mkdir("./34", 0777 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5832] rmdir("./32" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5832] mkdir("./33", 0777 [pid 6002] <... sync resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6002] exit_group(0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... ioctl resumed>) = 0 [pid 6002] <... exit_group resumed>) = ? [pid 5830] <... openat resumed>) = 3 [pid 5829] close(3 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... ioctl resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6002] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 5830] close(3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] close(3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... close resumed>) = 0 ./strace-static-x86_64: Process 6005 attached ./strace-static-x86_64: Process 6004 attached [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6004] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6004 [pid 6004] <... set_robust_list resumed>) = 0 [pid 5832] close(3 [pid 6005] set_robust_list(0x5555934ed660, 24 [pid 5832] <... close resumed>) = 0 [pid 6005] <... set_robust_list resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6006 attached [pid 6005] chdir("./34" [pid 6004] chdir("./33" [pid 5831] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 6007 attached [pid 6004] <... chdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6005 [pid 6006] set_robust_list(0x5555934ed660, 24) = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6007] set_robust_list(0x5555934ed660, 24 [pid 6006] chdir("./30" [pid 6005] <... chdir resumed>) = 0 [pid 6004] <... prctl resumed>) = 0 [pid 5831] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6006 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6007 [pid 6004] setpgid(0, 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6007] <... set_robust_list resumed>) = 0 [pid 6005] <... prctl resumed>) = 0 [pid 6007] chdir("./33" [pid 6005] setpgid(0, 0 [pid 6007] <... chdir resumed>) = 0 [pid 6005] <... setpgid resumed>) = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6006] <... chdir resumed>) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6004] <... setpgid resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6007] <... prctl resumed>) = 0 [pid 6007] setpgid(0, 0 [pid 5831] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6005] <... openat resumed>) = 3 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... openat resumed>) = 3 [pid 6007] <... setpgid resumed>) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4 [pid 5831] newfstatat(3, "", [pid 6004] <... openat resumed>) = 3 [pid 6006] <... prctl resumed>) = 0 [pid 6005] <... write resumed>) = 4 [pid 6006] setpgid(0, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6004] write(3, "1000", 4 [pid 6006] <... setpgid resumed>) = 0 [pid 6004] <... write resumed>) = 4 [pid 6005] close(3 [pid 5831] getdents64(3, [pid 6007] write(3, "1000", 4) = 4 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6007] close(3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6004] close(3 [pid 6005] <... close resumed>) = 0 [pid 5831] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6005] symlink("/dev/binderfs", "./binderfs" [pid 6004] <... close resumed>) = 0 [pid 6007] <... close resumed>) = 0 [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6006] <... openat resumed>) = 3 [pid 6005] <... symlink resumed>) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs"executing program [pid 6007] write(1, "executing program\n", 18 [pid 6005] write(1, "executing program\n", 18 [pid 6007] <... write resumed>) = 18 [pid 6007] memfd_create("syzkaller", 0executing program executing program [pid 6005] <... write resumed>) = 18 [pid 6007] <... memfd_create resumed>) = 3 [pid 6004] <... symlink resumed>) = 0 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6005] memfd_create("syzkaller", 0 [pid 6007] <... mmap resumed>) = 0x7ff1eb400000 [pid 6004] write(1, "executing program\n", 18 [pid 6006] write(3, "1000", 4 [pid 6005] <... memfd_create resumed>) = 3 [pid 6004] <... write resumed>) = 18 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6004] memfd_create("syzkaller", 0 [pid 6006] <... write resumed>) = 4 [pid 6006] close(3) = 0 [pid 6005] <... mmap resumed>) = 0x7ff1eb400000 [pid 6004] <... memfd_create resumed>) = 3 [pid 5831] <... umount2 resumed>) = 0 executing program [pid 6007] <... write resumed>) = 524288 [pid 6006] symlink("/dev/binderfs", "./binderfs" [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6006] <... symlink resumed>) = 0 [pid 6004] <... mmap resumed>) = 0x7ff1eb400000 [pid 6006] write(1, "executing program\n", 18) = 18 [pid 6004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6006] memfd_create("syzkaller", 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./28/file1", [pid 6007] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3 [pid 6006] <... memfd_create resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6004] <... write resumed>) = 524288 [pid 5831] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6006] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6005] <... write resumed>) = 524288 [pid 5831] getdents64(4, [pid 6006] <... write resumed>) = 524288 [pid 6005] munmap(0x7ff1eb400000, 138412032 [pid 6004] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 6007] <... ioctl resumed>) = 0 [pid 6006] munmap(0x7ff1eb400000, 138412032 [pid 6005] <... munmap resumed>) = 0 [pid 6004] <... munmap resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6004] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] rmdir("./28/file1" [pid 6005] <... openat resumed>) = 4 [pid 6004] <... openat resumed>) = 4 [pid 5831] <... rmdir resumed>) = 0 [pid 6007] close(3 [pid 6006] <... munmap resumed>) = 0 [pid 6005] ioctl(4, LOOP_SET_FD, 3 [pid 6004] ioctl(4, LOOP_SET_FD, 3 [pid 6007] <... close resumed>) = 0 [pid 6007] close(4) = 0 [pid 6007] mkdir("./file1", 0777) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 105.367315][ T6007] loop4: detected capacity change from 0 to 1024 [ 105.407023][ T6004] loop1: detected capacity change from 0 to 1024 [pid 6006] ioctl(4, LOOP_SET_FD, 3 [pid 6007] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6004] <... ioctl resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./28/binderfs", [pid 6004] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6004] <... close resumed>) = 0 [pid 5831] unlink("./28/binderfs" [pid 6004] close(4 [pid 5831] <... unlink resumed>) = 0 [pid 6007] <... mount resumed>) = 0 [pid 6004] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 6007] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6007] <... openat resumed>) = 3 [pid 5831] close(3 [pid 6007] chdir("./file1" [pid 6004] mkdir("./file1", 0777 [pid 5831] <... close resumed>) = 0 [pid 6007] <... chdir resumed>) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6004] <... mkdir resumed>) = 0 [pid 5831] rmdir("./28" [pid 6007] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... rmdir resumed>) = 0 [pid 6004] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] mkdir("./29", 0777 [pid 6005] <... ioctl resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6005] close(3 [pid 6006] <... ioctl resumed>) = 0 [pid 6005] <... close resumed>) = 0 [pid 6006] close(3 [pid 6007] <... link resumed>) = 0 [pid 6006] <... close resumed>) = 0 [pid 6005] close(4 [pid 5831] <... openat resumed>) = 3 [pid 6007] sync( [pid 6006] close(4) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6006] mkdir("./file1", 0777 [pid 6005] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 6006] <... mkdir resumed>) = 0 [ 105.410389][ T6006] loop0: detected capacity change from 0 to 1024 [ 105.414650][ T6005] loop2: detected capacity change from 0 to 1024 [pid 6005] mkdir("./file1", 0777 [pid 5831] close(3 [pid 6005] <... mkdir resumed>) = 0 [pid 6004] <... mount resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6004] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6004] chdir("./file1" [pid 6006] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6005] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6004] <... chdir resumed>) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6004] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"./strace-static-x86_64: Process 6008 attached [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6008 [pid 6008] set_robust_list(0x5555934ed660, 24) = 0 [pid 6008] chdir("./29" [pid 6004] <... link resumed>) = 0 [pid 6008] <... chdir resumed>) = 0 [pid 6004] sync( [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] <... mount resumed>) = 0 [pid 6008] write(3, "1000", 4) = 4 [pid 6006] <... mount resumed>) = 0 [pid 6005] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6008] close(3 [pid 6007] <... sync resumed>) = 0 [pid 6006] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6005] <... openat resumed>) = 3 [pid 6008] <... close resumed>) = 0 [pid 6007] exit_group(0 [pid 6006] <... openat resumed>) = 3 [pid 6008] symlink("/dev/binderfs", "./binderfs" [pid 6007] <... exit_group resumed>) = ? [pid 6006] chdir("./file1" [pid 6005] chdir("./file1" [pid 6008] <... symlink resumed>) = 0 [pid 6006] <... chdir resumed>) = 0 [pid 6005] <... chdir resumed>) = 0 [pid 6007] +++ exited with 0 +++ [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6006] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" executing program [pid 6008] write(1, "executing program\n", 18) = 18 [pid 6005] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6008] memfd_create("syzkaller", 0 [pid 6005] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6008] <... memfd_create resumed>) = 3 [pid 6005] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6008] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6006] <... link resumed>) = 0 [pid 6006] sync( [pid 6005] <... link resumed>) = 0 [pid 6005] sync( [pid 6004] <... sync resumed>) = 0 [pid 6004] exit_group(0) = ? [pid 6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6004] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./33/file1", [pid 5829] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6005] <... sync resumed>) = 0 [pid 5832] getdents64(4, [pid 6006] <... sync resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6006] exit_group(0 [pid 5832] close(4 [pid 6006] <... exit_group resumed>) = ? [pid 6005] exit_group(0 [pid 5832] <... close resumed>) = 0 [pid 6008] <... write resumed>) = 524288 [pid 6005] <... exit_group resumed>) = ? [pid 5832] rmdir("./33/file1" [pid 5829] <... umount2 resumed>) = 0 [pid 6005] +++ exited with 0 +++ [pid 5832] <... rmdir resumed>) = 0 [pid 6008] munmap(0x7ff1eb400000, 138412032 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6006] +++ exited with 0 +++ [pid 5832] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./33/file1", [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6008] <... munmap resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(3, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] unlink("./33/binderfs" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... openat resumed>) = 4 [pid 5832] <... unlink resumed>) = 0 [pid 5830] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(4, "", [pid 5832] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./33/file1" [pid 6008] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5829] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6008] <... openat resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6008] ioctl(4, LOOP_SET_FD, 3 [pid 5832] rmdir("./33" [pid 5829] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5828] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./33/binderfs") = 0 [pid 5829] getdents64(3, [pid 5828] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./33") = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5829] mkdir("./34", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached [pid 5832] mkdir("./34", 0777 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6009] set_robust_list(0x5555934ed660, 24 [pid 5832] <... mkdir resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6009] <... set_robust_list resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6009 [pid 5828] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6009] chdir("./34") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6008] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... umount2 resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6009] <... openat resumed>) = 3 [pid 6008] close(3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [ 105.656482][ T6008] loop3: detected capacity change from 0 to 1024 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 6008] close(4 [pid 5832] close(3 [pid 6008] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./34/file1", [pid 5828] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6009] write(1, "executing program\n", 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6010 attached [pid 6009] <... write resumed>) = 18 [pid 5830] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6010 [pid 6010] set_robust_list(0x5555934ed660, 24) = 0 [pid 6008] mkdir("./file1", 0777 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./30/file1", [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6009] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... openat resumed>) = 4 [pid 5828] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6010] chdir("./34" [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6008] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6010] <... chdir resumed>) = 0 [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6008] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] newfstatat(4, "", [pid 6010] <... prctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6010] setpgid(0, 0 [pid 5830] getdents64(4, [pid 5828] <... openat resumed>) = 4 [pid 6010] <... setpgid resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] newfstatat(4, "", [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] getdents64(4, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(4, [pid 6010] <... openat resumed>) = 3 [pid 5830] close(4 [pid 6010] write(3, "1000", 4) = 4 [pid 5830] <... close resumed>) = 0 [pid 6010] close(3 [pid 5830] rmdir("./34/file1" [pid 6010] <... close resumed>) = 0 [pid 6010] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... rmdir resumed>) = 0 executing program [pid 6010] <... symlink resumed>) = 0 [pid 6008] <... mount resumed>) = 0 [pid 5830] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6010] write(1, "executing program\n", 18 [pid 6008] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6010] <... write resumed>) = 18 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6010] memfd_create("syzkaller", 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 6010] <... memfd_create resumed>) = 3 [pid 6008] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6008] chdir("./file1" [pid 6010] <... mmap resumed>) = 0x7ff1eb400000 [pid 6008] <... chdir resumed>) = 0 [pid 5830] unlink("./34/binderfs" [pid 5828] close(4 [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 5828] rmdir("./30/file1" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] close(3 [pid 5828] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6008] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./34" [pid 5828] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./30/binderfs" [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6008] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 5830] mkdir("./35", 0777 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6009] <... write resumed>) = 524288 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./30" [pid 6008] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] mkdir("./31", 0777 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6009] munmap(0x7ff1eb400000, 138412032 [pid 5830] close(3 [pid 6009] <... munmap resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6011 attached [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6009] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6008] <... link resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6008] sync( [pid 6009] <... openat resumed>) = 4 [pid 5828] close(3) = 0 [pid 6009] ioctl(4, LOOP_SET_FD, 3 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6011] set_robust_list(0x5555934ed660, 24) = 0 [pid 6011] chdir("./35" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6011 [pid 6011] <... chdir resumed>) = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6012 ./strace-static-x86_64: Process 6012 attached [pid 6012] set_robust_list(0x5555934ed660, 24 [pid 6011] <... openat resumed>) = 3 [pid 6012] <... set_robust_list resumed>) = 0 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6012] chdir("./31" [pid 6011] write(1, "executing program\n", 18 [pid 6008] <... sync resumed>) = 0 [pid 6011] <... write resumed>) = 18 [pid 6012] <... chdir resumed>) = 0 [pid 6011] memfd_create("syzkaller", 0 [pid 6010] <... write resumed>) = 524288 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6008] exit_group(0 [pid 6012] <... prctl resumed>) = 0 [pid 6011] <... memfd_create resumed>) = 3 [pid 6008] <... exit_group resumed>) = ? [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6012] setpgid(0, 0 [pid 6011] <... mmap resumed>) = 0x7ff1eb400000 [pid 6012] <... setpgid resumed>) = 0 [pid 6010] munmap(0x7ff1eb400000, 138412032 [pid 6008] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6010] <... munmap resumed>) = 0 [pid 5831] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6012] write(3, "1000", 4 [pid 6010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6012] <... write resumed>) = 4 [pid 6012] close(3 [pid 5831] <... openat resumed>) = 3 [pid 6010] <... openat resumed>) = 4 [pid 6012] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6012] symlink("/dev/binderfs", "./binderfs" [pid 6011] <... write resumed>) = 524288 [pid 6010] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6012] <... symlink resumed>) = 0 [pid 6012] write(1, "executing program\n", 18 [pid 6009] <... ioctl resumed>) = 0 executing program [pid 6012] <... write resumed>) = 18 [pid 6009] close(3 [pid 6012] memfd_create("syzkaller", 0 [pid 6009] <... close resumed>) = 0 [pid 6009] close(4 [pid 6012] <... memfd_create resumed>) = 3 [pid 6009] <... close resumed>) = 0 [pid 6009] mkdir("./file1", 0777) = 0 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6010] <... ioctl resumed>) = 0 [pid 6009] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6012] <... mmap resumed>) = 0x7ff1eb400000 [pid 6011] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6011] <... openat resumed>) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = 0 [pid 6011] ioctl(4, LOOP_CLR_FD) = 0 [pid 6009] <... mount resumed>) = 0 [pid 6012] <... write resumed>) = 524288 [pid 6011] ioctl(4, LOOP_SET_FD, 3 [pid 6010] close(3 [pid 6009] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6011] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] close(4 [pid 5831] newfstatat(AT_FDCWD, "./29/file1", [pid 6011] <... close resumed>) = 0 [pid 6010] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6011] close(3 [pid 5831] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6011] <... close resumed>) = 0 [pid 6009] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6009] chdir("./file1" [pid 5831] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 105.835119][ T6009] loop1: detected capacity change from 0 to 1024 [ 105.872173][ T6010] loop4: detected capacity change from 0 to 1024 [pid 6010] close(4 [pid 6009] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 6009] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] newfstatat(4, "", [pid 6010] <... close resumed>) = 0 [pid 6009] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6009] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 6011] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] rmdir("./29/file1" [pid 6011] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5831] <... rmdir resumed>) = 0 [pid 6011] sync( [pid 5831] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./29/binderfs" [pid 6010] mkdir("./file1", 0777 [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./29") = 0 [pid 6012] munmap(0x7ff1eb400000, 138412032 [pid 6010] <... mkdir resumed>) = 0 [pid 6009] <... link resumed>) = 0 [pid 5831] mkdir("./30", 0777 [pid 6009] sync( [pid 6012] <... munmap resumed>) = 0 [pid 6010] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 6012] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6012] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6013 attached , child_tidptr=0x5555934ed650) = 6013 [pid 6013] set_robust_list(0x5555934ed660, 24) = 0 [pid 6013] chdir("./30" [pid 6012] <... ioctl resumed>) = 0 [pid 6011] <... sync resumed>) = 0 [pid 6010] <... mount resumed>) = 0 [pid 6009] <... sync resumed>) = 0 [pid 6010] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6009] exit_group(0 [pid 6011] exit_group(0 [pid 6013] <... chdir resumed>) = 0 [pid 6012] close(3 [pid 6010] <... openat resumed>) = 3 [pid 6009] <... exit_group resumed>) = ? [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6012] <... close resumed>) = 0 [pid 6013] <... prctl resumed>) = 0 [pid 6012] close(4 [pid 6013] setpgid(0, 0 [pid 6012] <... close resumed>) = 0 [pid 6013] <... setpgid resumed>) = 0 [pid 6012] mkdir("./file1", 0777 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6012] <... mkdir resumed>) = 0 [pid 6010] chdir("./file1" [pid 6009] +++ exited with 0 +++ [pid 6013] <... openat resumed>) = 3 [pid 6012] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6010] <... chdir resumed>) = 0 [pid 6013] write(3, "1000", 4 [pid 6010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6013] <... write resumed>) = 4 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6010] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6011] <... exit_group resumed>) = ? executing program [pid 6013] close(3 [pid 6011] +++ exited with 0 +++ [pid 6010] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... restart_syscall resumed>) = 0 [pid 6013] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6013] write(1, "executing program\n", 18) = 18 [pid 5830] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6013] memfd_create("syzkaller", 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6013] <... memfd_create resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6013] <... mmap resumed>) = 0x7ff1eb400000 [ 105.946783][ T6012] loop0: detected capacity change from 0 to 1024 [pid 5830] newfstatat(3, "", [pid 5829] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5829] newfstatat(3, "", [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 6013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] newfstatat(AT_FDCWD, "./35/binderfs", [pid 5829] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./35/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 6010] <... link resumed>) = 0 [pid 5830] rmdir("./35" [pid 6010] sync( [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./36", 0777) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3 [pid 6012] <... mount resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6014 attached [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6012] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6012] chdir("./file1") = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6014] set_robust_list(0x5555934ed660, 24 [pid 6012] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... openat resumed>) = 4 [pid 6012] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6014] <... set_robust_list resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 6013] <... write resumed>) = 524288 [pid 6012] <... link resumed>) = 0 [pid 6012] sync( [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6014 [pid 6014] chdir("./36" [pid 6013] munmap(0x7ff1eb400000, 138412032 [pid 6014] <... chdir resumed>) = 0 [pid 6013] <... munmap resumed>) = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0) = 0 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6013] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6013] <... openat resumed>) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3 [pid 5829] getdents64(4, [pid 6014] <... openat resumed>) = 3 [pid 6014] write(3, "1000", 4 [pid 6012] <... sync resumed>) = 0 [pid 6014] <... write resumed>) = 4 [pid 6012] exit_group(0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6014] close(3 [pid 5829] getdents64(4, [pid 6014] <... close resumed>) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6014] write(1, "executing program\n", 18 [pid 5829] close(4 [pid 6014] <... write resumed>) = 18 [pid 5829] <... close resumed>) = 0 [pid 6014] memfd_create("syzkaller", 0 [pid 6010] <... sync resumed>) = 0 [pid 5829] rmdir("./34/file1" [pid 6014] <... memfd_create resumed>) = 3 [pid 6010] exit_group(0 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6010] <... exit_group resumed>) = ? [pid 5829] <... rmdir resumed>) = 0 [pid 6012] <... exit_group resumed>) = ? [pid 5829] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6012] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6010] +++ exited with 0 +++ [pid 5829] newfstatat(AT_FDCWD, "./34/binderfs", [pid 6013] <... ioctl resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6010, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] unlink("./34/binderfs" [pid 5832] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] <... unlink resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] getdents64(3, [pid 5832] <... openat resumed>) = 3 [pid 5828] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6013] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6013] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5829] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6014] <... write resumed>) = 524288 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5832] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./34" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6013] close(4 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6013] <... close resumed>) = 0 [pid 6013] mkdir("./file1", 0777) = 0 [pid 5829] mkdir("./35", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6014] munmap(0x7ff1eb400000, 138412032 [pid 6013] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... openat resumed>) = 3 [ 106.072708][ T6013] loop3: detected capacity change from 0 to 1024 [pid 6014] <... munmap resumed>) = 0 [pid 6013] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6013] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... ioctl resumed>) = 0 [pid 6013] <... openat resumed>) = 3 [pid 5829] close(3 [pid 6013] chdir("./file1" [pid 5829] <... close resumed>) = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6013] <... chdir resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6014] <... openat resumed>) = 4 [pid 6013] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6014] ioctl(4, LOOP_SET_FD, 3 [pid 6013] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6013] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x5555934ed660, 24) = 0 [pid 5832] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6015 [pid 6015] chdir("./35" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6015] <... chdir resumed>) = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6015] <... prctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = 0 [pid 6015] setpgid(0, 0 [pid 6013] <... link resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6015] <... setpgid resumed>) = 0 [pid 6013] sync( [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... openat resumed>) = 4 [pid 6015] <... openat resumed>) = 3 [pid 5828] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(4, "", [pid 6015] write(3, "1000", 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 6015] <... write resumed>) = 4 [pid 5828] newfstatat(AT_FDCWD, "./31/file1", [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] getdents64(4, [pid 5828] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6015] close(3 [pid 5832] close(4executing program ) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5832] rmdir("./34/file1" [pid 6015] <... close resumed>) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs" [pid 6013] <... sync resumed>) = 0 [pid 6015] <... symlink resumed>) = 0 [pid 6013] exit_group(0 [pid 5832] <... rmdir resumed>) = 0 [pid 6015] write(1, "executing program\n", 18 [pid 6013] <... exit_group resumed>) = ? [pid 6015] <... write resumed>) = 18 [pid 5832] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(4, "", [pid 6015] memfd_create("syzkaller", 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] <... memfd_create resumed>) = 3 [pid 6014] <... ioctl resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] getdents64(4, [pid 6015] <... mmap resumed>) = 0x7ff1eb400000 [pid 6014] close(3 [pid 6013] +++ exited with 0 +++ [pid 5832] unlink("./34/binderfs" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6014] <... close resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] <... unlink resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6014] close(4 [pid 5828] getdents64(4, [pid 6014] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6014] mkdir("./file1", 0777 [ 106.141656][ T6014] loop2: detected capacity change from 0 to 1024 [pid 5828] close(4 [pid 6014] <... mkdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./31/file1" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(3 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5831] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./34" [pid 5828] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./31/binderfs") = 0 [pid 6014] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./35", 0777 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./31" [pid 5832] <... mkdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6015] <... write resumed>) = 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] mkdir("./32", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6016 attached [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6016 [pid 6016] set_robust_list(0x5555934ed660, 24 [pid 6014] <... mount resumed>) = 0 [pid 5831] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6016] <... set_robust_list resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6016] chdir("./32" [pid 5831] newfstatat(AT_FDCWD, "./30/file1", [pid 6016] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6014] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6016] <... prctl resumed>) = 0 [pid 6015] munmap(0x7ff1eb400000, 138412032 [pid 6014] <... openat resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6016] setpgid(0, 0 [pid 6015] <... munmap resumed>) = 0 [pid 6014] chdir("./file1" [pid 5832] close(3 [pid 6016] <... setpgid resumed>) = 0 [pid 6014] <... chdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6015] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6014] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6016] <... openat resumed>) = 3 [pid 6015] ioctl(4, LOOP_SET_FD, 3 [pid 6014] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... openat resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 6014] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] newfstatat(4, "", [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6016] write(3, "1000", 4) = 4 [pid 6016] close(3) = 0 [pid 6016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6016] write(1, "executing program\n", 18 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6017 [pid 5831] getdents64(4, ./strace-static-x86_64: Process 6017 attached [pid 6017] set_robust_list(0x5555934ed660, 24) = 0 executing program [pid 6017] chdir("./35" [pid 6016] <... write resumed>) = 18 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6017] <... chdir resumed>) = 0 [pid 6016] memfd_create("syzkaller", 0 [pid 5831] close(4 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6016] <... memfd_create resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] rmdir("./30/file1" [pid 6017] setpgid(0, 0 [pid 6016] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./30/binderfs", [pid 6014] <... link resumed>) = 0 [pid 6014] sync( [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6017] <... setpgid resumed>) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] unlink("./30/binderfs" [pid 6017] <... openat resumed>) = 3 [pid 5831] <... unlink resumed>) = 0 [pid 6017] write(3, "1000", 4) = 4 [pid 5831] getdents64(3, [pid 6017] close(3 [pid 6015] <... ioctl resumed>) = 0 [pid 6015] close(3) = 0 [pid 6015] close(4 [pid 6017] <... close resumed>) = 0 [pid 6016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./30") = 0 [pid 5831] mkdir("./31", 0777) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs" [pid 6015] <... close resumed>) = 0 [pid 6014] <... sync resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6015] mkdir("./file1", 0777) = 0 [pid 6015] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6017] <... symlink resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6017] write(1, "executing program\n", 18 [pid 6014] exit_group(0 [pid 5831] <... ioctl resumed>) = 0 [pid 6014] <... exit_group resumed>) = ? [pid 5831] close(3executing program [ 106.251038][ T6015] loop1: detected capacity change from 0 to 1024 [pid 6017] <... write resumed>) = 18 [pid 5831] <... close resumed>) = 0 [pid 6017] memfd_create("syzkaller", 0 [pid 6016] <... write resumed>) = 524288 [pid 6017] <... memfd_create resumed>) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6014] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6015] <... mount resumed>) = 0 [pid 6016] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6015] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... restart_syscall resumed>) = 0 [pid 6015] <... openat resumed>) = 3 [pid 6015] chdir("./file1" [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6015] <... chdir resumed>) = 0 [pid 5830] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6018 attached [pid 6017] <... write resumed>) = 524288 [pid 6016] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6016] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6018] set_robust_list(0x5555934ed660, 24 [pid 5830] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6016] ioctl(4, LOOP_CLR_FD) = 0 [pid 6018] <... set_robust_list resumed>) = 0 [pid 6018] chdir("./31" [pid 6015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6018] <... chdir resumed>) = 0 [pid 6015] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0 [pid 6015] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6016] ioctl(4, LOOP_SET_FD, 3 [pid 6018] <... setpgid resumed>) = 0 [pid 6016] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6016] close(4 [pid 6018] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6018 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6018] write(1, "executing program\n", 18) = 18 executing program [pid 6018] memfd_create("syzkaller", 0 [pid 6016] <... close resumed>) = 0 [pid 6018] <... memfd_create resumed>) = 3 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6015] <... link resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6015] sync( [pid 6016] close(3 [pid 6017] munmap(0x7ff1eb400000, 138412032 [pid 6016] <... close resumed>) = 0 [pid 6017] <... munmap resumed>) = 0 [pid 6015] <... sync resumed>) = 0 [pid 5830] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6018] <... write resumed>) = 524288 [pid 6017] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6016] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6015] exit_group(0 [pid 5830] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6017] <... openat resumed>) = 4 [pid 6016] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6015] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] munmap(0x7ff1eb400000, 138412032 [pid 6017] ioctl(4, LOOP_SET_FD, 3 [pid 6015] +++ exited with 0 +++ [pid 5830] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6018] <... munmap resumed>) = 0 [pid 6016] sync( [pid 5830] <... openat resumed>) = 4 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6017] <... ioctl resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6016] <... sync resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6018] <... openat resumed>) = 4 [pid 6016] exit_group(0 [pid 5829] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6018] ioctl(4, LOOP_SET_FD, 3 [pid 6016] <... exit_group resumed>) = ? [pid 5830] rmdir("./36/file1" [pid 5829] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 6017] close(3) = 0 [pid 6016] +++ exited with 0 +++ [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6017] close(4 [pid 5829] getdents64(3, [pid 6017] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6016, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./36/binderfs", [pid 5828] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5830] unlink("./36/binderfs") = 0 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] getdents64(3, [pid 5828] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 5828] newfstatat(AT_FDCWD, "./32/binderfs", [pid 5830] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] rmdir("./36" [pid 5828] unlink("./32/binderfs" [pid 6017] mkdir("./file1", 0777 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 6017] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] mkdir("./37", 0777 [pid 5828] close(3 [pid 6017] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [ 106.409523][ T6017] loop4: detected capacity change from 0 to 1024 [ 106.421432][ T6018] loop3: detected capacity change from 0 to 1024 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] rmdir("./32") = 0 [pid 6018] <... ioctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] mkdir("./33", 0777 [pid 6018] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... mkdir resumed>) = 0 [pid 6018] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6018] close(4 [pid 5830] <... ioctl resumed>) = 0 [pid 6018] <... close resumed>) = 0 [pid 5830] close(3 [pid 6018] mkdir("./file1", 0777 [pid 5830] <... close resumed>) = 0 [pid 6018] <... mkdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6019 attached [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5829] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] close(3 [pid 6019] set_robust_list(0x5555934ed660, 24 [pid 6018] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... close resumed>) = 0 [pid 6017] <... mount resumed>) = 0 [pid 6017] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6019] <... set_robust_list resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6019 [pid 5829] <... openat resumed>) = 4 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6020 attached [pid 6019] chdir("./37" [pid 6017] <... openat resumed>) = 3 [pid 5829] newfstatat(4, "", [pid 6019] <... chdir resumed>) = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6017] chdir("./file1" [pid 6019] <... prctl resumed>) = 0 [pid 6020] set_robust_list(0x5555934ed660, 24 [pid 6017] <... chdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6020 [pid 6020] <... set_robust_list resumed>) = 0 [pid 6019] setpgid(0, 0 [pid 6017] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] getdents64(4, [pid 6020] chdir("./33" [pid 6019] <... setpgid resumed>) = 0 [pid 6017] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6020] <... chdir resumed>) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6018] <... mount resumed>) = 0 [pid 6017] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] getdents64(4, [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6019] <... openat resumed>) = 3 [pid 6018] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./35/file1" [pid 6020] <... prctl resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6020] setpgid(0, 0) = 0 [pid 6018] <... openat resumed>) = 3 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6018] chdir("./file1" [pid 6019] write(3, "1000", 4 [pid 6018] <... chdir resumed>) = 0 [pid 6019] <... write resumed>) = 4 [pid 6018] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6019] close(3 [pid 6018] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6019] <... close resumed>) = 0 [pid 6018] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] newfstatat(AT_FDCWD, "./35/binderfs", [pid 6020] <... openat resumed>) = 3 [pid 6019] symlink("/dev/binderfs", "./binderfs" [pid 6020] write(3, "1000", 4) = 4 [pid 6019] <... symlink resumed>) = 0 executing program executing program [pid 6020] close(3 [pid 6017] <... link resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6020] <... close resumed>) = 0 [pid 6019] write(1, "executing program\n", 18 [pid 5829] unlink("./35/binderfs" [pid 6020] symlink("/dev/binderfs", "./binderfs" [pid 6019] <... write resumed>) = 18 [pid 5829] <... unlink resumed>) = 0 [pid 6020] <... symlink resumed>) = 0 [pid 6019] memfd_create("syzkaller", 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 6019] <... memfd_create resumed>) = 3 [pid 6020] write(1, "executing program\n", 18) = 18 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6020] memfd_create("syzkaller", 0 [pid 6019] <... mmap resumed>) = 0x7ff1eb400000 [pid 6017] sync( [pid 5829] rmdir("./35") = 0 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6020] <... memfd_create resumed>) = 3 [pid 5829] mkdir("./36", 0777 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6020] <... mmap resumed>) = 0x7ff1eb400000 [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555934ed650) = 6021 [pid 6018] <... link resumed>) = 0 [pid 6018] sync( [pid 6019] <... write resumed>) = 524288 ./strace-static-x86_64: Process 6021 attached [pid 6020] <... write resumed>) = 524288 [pid 6021] set_robust_list(0x5555934ed660, 24 [pid 6019] munmap(0x7ff1eb400000, 138412032 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6019] <... munmap resumed>) = 0 [pid 6020] munmap(0x7ff1eb400000, 138412032 [pid 6019] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6021] chdir("./36") = 0 [pid 6020] <... munmap resumed>) = 0 [pid 6019] <... openat resumed>) = 4 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6017] <... sync resumed>) = 0 [pid 6021] <... prctl resumed>) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6019] ioctl(4, LOOP_SET_FD, 3 [pid 6018] <... sync resumed>) = 0 [pid 6017] exit_group(0 [pid 6021] setpgid(0, 0 [pid 6020] <... openat resumed>) = 4 [pid 6019] <... ioctl resumed>) = 0 [pid 6018] exit_group(0 [pid 6021] <... setpgid resumed>) = 0 [pid 6020] ioctl(4, LOOP_SET_FD, 3 [pid 6018] <... exit_group resumed>) = ? [pid 6017] <... exit_group resumed>) = ? [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6018] +++ exited with 0 +++ [pid 6021] <... openat resumed>) = 3 [pid 6017] +++ exited with 0 +++ [pid 6021] write(3, "1000", 4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6021] <... write resumed>) = 4 [pid 5831] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6021] close(3 [pid 5832] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 6021] <... close resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs" [pid 5832] getdents64(3, [pid 6021] <... symlink resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6019] close(3) = 0 [pid 6019] close(4) = 0 [pid 6019] mkdir("./file1", 0777) = 0 [pid 6019] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6021] write(1, "executing program\n", 18 [pid 5832] <... umount2 resumed>) = 0 executing program [pid 5832] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6021] <... write resumed>) = 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6021] memfd_create("syzkaller", 0 [pid 5832] newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 106.611670][ T6019] loop2: detected capacity change from 0 to 1024 [ 106.627374][ T6020] loop0: detected capacity change from 0 to 1024 [pid 6020] <... ioctl resumed>) = 0 [pid 6021] <... memfd_create resumed>) = 3 [pid 5832] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] close(3 [pid 5832] <... openat resumed>) = 4 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6020] <... close resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 6021] <... mmap resumed>) = 0x7ff1eb400000 [pid 6020] close(4 [pid 6019] <... mount resumed>) = 0 [pid 6020] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6020] mkdir("./file1", 0777 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6019] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] close(4 [pid 6020] <... mkdir resumed>) = 0 [pid 6019] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 6019] chdir("./file1") = 0 [pid 5832] rmdir("./35/file1" [pid 6019] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] <... rmdir resumed>) = 0 [pid 6020] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6019] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] unlink("./35/binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... unlink resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./31/file1", [pid 5832] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] rmdir("./35") = 0 [pid 6019] <... link resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 6019] sync( [pid 5832] mkdir("./36", 0777 [pid 6021] <... write resumed>) = 524288 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6021] munmap(0x7ff1eb400000, 138412032 [pid 6020] <... mount resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] getdents64(4, [pid 6021] <... munmap resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6020] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] close(4 [pid 6020] chdir("./file1") = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] <... close resumed>) = 0 [pid 6020] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] rmdir("./31/file1" [pid 6021] <... openat resumed>) = 4 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... rmdir resumed>) = 0 [pid 6021] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6022 attached [pid 5831] newfstatat(AT_FDCWD, "./31/binderfs", [pid 6020] <... link resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6022] set_robust_list(0x5555934ed660, 24 [pid 6020] sync( [pid 6022] <... set_robust_list resumed>) = 0 [pid 5831] unlink("./31/binderfs"executing program [pid 6022] chdir("./36" [pid 6019] <... sync resumed>) = 0 [pid 6019] exit_group(0 [pid 5831] <... unlink resumed>) = 0 [pid 6022] <... chdir resumed>) = 0 [pid 6019] <... exit_group resumed>) = ? [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6019] +++ exited with 0 +++ [pid 6022] <... prctl resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6022 [pid 6022] <... symlink resumed>) = 0 [pid 6022] write(1, "executing program\n", 18) = 18 [pid 6022] memfd_create("syzkaller", 0 [pid 5831] getdents64(3, [pid 6022] <... memfd_create resumed>) = 3 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./31" [pid 6021] <... ioctl resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./32", 0777 [pid 6021] close(3 [pid 6022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6021] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6021] close(4 [pid 6020] <... sync resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 106.738819][ T6021] loop1: detected capacity change from 0 to 1024 [pid 5830] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6021] <... close resumed>) = 0 [pid 6020] exit_group(0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6021] mkdir("./file1", 0777 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] <... exit_group resumed>) = ? [pid 5830] <... openat resumed>) = 3 [pid 6020] +++ exited with 0 +++ [pid 5831] <... ioctl resumed>) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6021] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5830] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 6021] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555934ed650) = 6023 ./strace-static-x86_64: Process 6023 attached [pid 5828] <... restart_syscall resumed>) = 0 [pid 6023] set_robust_list(0x5555934ed660, 24) = 0 [pid 6022] <... write resumed>) = 524288 [pid 5828] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6023] chdir("./32" [pid 5828] <... openat resumed>) = 3 [pid 6023] <... chdir resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6023] <... prctl resumed>) = 0 [pid 6023] setpgid(0, 0 [pid 6022] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6023] <... setpgid resumed>) = 0 [pid 6022] <... munmap resumed>) = 0 [pid 5828] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6022] <... openat resumed>) = 4 [pid 6023] <... openat resumed>) = 3 [pid 6022] ioctl(4, LOOP_SET_FD, 3 [pid 5830] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3executing program ) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] symlink("/dev/binderfs", "./binderfs" [pid 6022] <... ioctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6023] <... symlink resumed>) = 0 [pid 6022] close(3 [pid 5830] <... openat resumed>) = 4 [pid 6022] <... close resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 6022] close(4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6022] <... close resumed>) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6022] mkdir("./file1", 0777 [pid 6023] write(1, "executing program\n", 18 [pid 6022] <... mkdir resumed>) = 0 [pid 6021] <... mount resumed>) = 0 [pid 6023] <... write resumed>) = 18 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 6023] memfd_create("syzkaller", 0 [pid 6021] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] rmdir("./37/file1" [pid 6023] <... memfd_create resumed>) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6022] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6021] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6023] <... mmap resumed>) = 0x7ff1eb400000 [pid 6021] chdir("./file1" [pid 5830] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./37/binderfs" [pid 5828] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./33/file1", [pid 6023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6021] <... chdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(3, [pid 5828] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6022] <... mount resumed>) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6022] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] close(3 [pid 6022] chdir("./file1" [pid 6021] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6022] <... chdir resumed>) = 0 [pid 6021] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] rmdir("./37" [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6022] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... openat resumed>) = 4 [pid 6022] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] newfstatat(4, "", [pid 5830] mkdir("./38", 0777 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 106.842087][ T6022] loop4: detected capacity change from 0 to 1024 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] getdents64(4, [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5828] close(4 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] <... close resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] rmdir("./33/file1" [pid 6022] <... link resumed>) = 0 [pid 5830] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 6022] sync( [pid 5830] <... close resumed>) = 0 [pid 5828] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./33/binderfs", [pid 6021] <... link resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6024] set_robust_list(0x5555934ed660, 24 [pid 6021] sync( [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6024 [pid 5828] unlink("./33/binderfs" [pid 6023] <... write resumed>) = 524288 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6024] <... set_robust_list resumed>) = 0 [pid 5828] close(3 [pid 6024] chdir("./38" [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./33" [pid 6024] <... chdir resumed>) = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] munmap(0x7ff1eb400000, 138412032 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6023] <... munmap resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] mkdir("./34", 0777 [pid 6024] <... openat resumed>) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6023] <... openat resumed>) = 4 executing program [pid 6024] <... symlink resumed>) = 0 [pid 6023] ioctl(4, LOOP_SET_FD, 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 6024] write(1, "executing program\n", 18 [pid 5828] <... close resumed>) = 0 [pid 6024] <... write resumed>) = 18 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6022] <... sync resumed>) = 0 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6022] exit_group(0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6025 [pid 6024] <... mmap resumed>) = 0x7ff1eb400000 ./strace-static-x86_64: Process 6025 attached [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6021] <... sync resumed>) = 0 [pid 6025] set_robust_list(0x5555934ed660, 24 [pid 6022] <... exit_group resumed>) = ? [pid 6025] <... set_robust_list resumed>) = 0 [pid 6022] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6022, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6021] exit_group(0 [pid 6025] chdir("./34" [pid 6021] <... exit_group resumed>) = ? [pid 6025] <... chdir resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 6021] +++ exited with 0 +++ [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6025] <... prctl resumed>) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 5829] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5832] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6024] <... write resumed>) = 524288 [pid 6025] <... openat resumed>) = 3 [pid 6023] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6025] write(3, "1000", 4 [pid 6024] munmap(0x7ff1eb400000, 138412032 [pid 6023] close(3 [pid 6025] <... write resumed>) = 4 [pid 6024] <... munmap resumed>) = 0 [pid 6023] <... close resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5829] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6023] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] <... close resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./36/file1", [pid 6024] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6023] mkdir("./file1", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6025] close(3 [pid 6024] <... openat resumed>) = 4 [pid 6023] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 106.955465][ T6023] loop3: detected capacity change from 0 to 1024 [pid 5829] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6025] <... close resumed>) = 0 [pid 6024] ioctl(4, LOOP_SET_FD, 3 [pid 6023] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] getdents64(3, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6025] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6025] <... symlink resumed>) = 0 [pid 5832] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./36/file1") = 0 [pid 5829] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./36/binderfs") = 0 [pid 5829] getdents64(3, executing program 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6025] write(1, "executing program\n", 18 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] close(3 [pid 6025] <... write resumed>) = 18 [pid 5832] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./36") = 0 [pid 5829] mkdir("./37", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6025] memfd_create("syzkaller", 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(3 [pid 6025] <... memfd_create resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./36/file1", [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6026 attached [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6026] set_robust_list(0x5555934ed660, 24 [pid 6025] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6026 [pid 6026] <... set_robust_list resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6026] chdir("./37") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6023] <... mount resumed>) = 0 [pid 6025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6024] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 6026] <... openat resumed>) = 3 [pid 6023] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6026] write(3, "1000", 4 [pid 6023] <... openat resumed>) = 3 [pid 5832] newfstatat(4, "", [pid 6023] chdir("./file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6024] close(3 [pid 6023] <... chdir resumed>) = 0 [pid 6026] <... write resumed>) = 4 [pid 6023] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 107.023569][ T6024] loop2: detected capacity change from 0 to 1024 [pid 6026] close(3 [pid 6023] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6026] <... close resumed>) = 0 [pid 6024] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 6024] close(4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6026] symlink("/dev/binderfs", "./binderfs" [pid 6024] <... close resumed>) = 0 [pid 6023] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] getdents64(4, [pid 6024] mkdir("./file1", 0777 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6026] <... symlink resumed>) = 0 [pid 5832] close(4 [pid 6024] <... mkdir resumed>) = 0 executing program [pid 6026] write(1, "executing program\n", 18 [pid 6024] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... close resumed>) = 0 [pid 6026] <... write resumed>) = 18 [pid 6026] memfd_create("syzkaller", 0 [pid 5832] rmdir("./36/file1" [pid 6026] <... memfd_create resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6024] <... mount resumed>) = 0 [pid 6023] <... link resumed>) = 0 [pid 5832] unlink("./36/binderfs" [pid 6026] <... mmap resumed>) = 0x7ff1eb400000 [pid 6023] sync( [pid 6025] <... write resumed>) = 524288 [pid 6024] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... unlink resumed>) = 0 [pid 6026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6025] munmap(0x7ff1eb400000, 138412032 [pid 6024] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 6025] <... munmap resumed>) = 0 [pid 6024] chdir("./file1" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6024] <... chdir resumed>) = 0 [pid 5832] close(3 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 6025] <... openat resumed>) = 4 [pid 6024] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] rmdir("./36" [pid 6025] ioctl(4, LOOP_SET_FD, 3 [pid 6024] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./37", 0777 [pid 6024] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... mkdir resumed>) = 0 [pid 6023] <... sync resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6024] <... link resumed>) = 0 [pid 6026] <... write resumed>) = 524288 [pid 6024] sync( [pid 6023] exit_group(0 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 6023] <... exit_group resumed>) = ? [pid 5832] <... close resumed>) = 0 [pid 6026] munmap(0x7ff1eb400000, 138412032 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6026] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6027 attached [pid 6024] <... sync resumed>) = 0 [pid 6023] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6024] exit_group(0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6027 [pid 5831] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6027] set_robust_list(0x5555934ed660, 24 [pid 5831] <... openat resumed>) = 3 [pid 6027] <... set_robust_list resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6024] <... exit_group resumed>) = ? [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6027] chdir("./37" [pid 5831] getdents64(3, [pid 6026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6027] <... chdir resumed>) = 0 [pid 5831] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6024] +++ exited with 0 +++ [pid 6027] <... prctl resumed>) = 0 [pid 6026] <... openat resumed>) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6027] setpgid(0, 0 [pid 6026] ioctl(4, LOOP_SET_FD, 3 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6027] <... setpgid resumed>) = 0 [pid 6025] <... ioctl resumed>) = 0 [pid 6025] close(3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 6025] <... close resumed>) = 0 [pid 6025] close(4 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6025] <... close resumed>) = 0 [pid 6025] mkdir("./file1", 0777 [pid 6027] <... openat resumed>) = 3 [pid 6025] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6027] write(3, "1000", 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6027] <... write resumed>) = 4 [pid 6025] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6027] close(3 [pid 5831] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 6027] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(3, "", [pid 6027] symlink("/dev/binderfs", "./binderfs" [pid 5831] newfstatat(AT_FDCWD, "./32/file1", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(3, [pid 5831] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6027] <... symlink resumed>) = 0 [pid 6025] <... mount resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6025] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./32/file1") = 0 [ 107.145997][ T6025] loop0: detected capacity change from 0 to 1024 [ 107.185497][ T6026] loop1: detected capacity change from 0 to 1024 [pid 6027] write(1, "executing program\n", 18 [pid 6025] <... openat resumed>) = 3 [pid 5831] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6025] chdir("./file1") = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5830] <... umount2 resumed>) = 0 [pid 6027] <... write resumed>) = 18 [pid 6026] <... ioctl resumed>) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./32/binderfs", [pid 6027] memfd_create("syzkaller", 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6027] <... memfd_create resumed>) = 3 [pid 5831] unlink("./32/binderfs" [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... unlink resumed>) = 0 [pid 6027] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] getdents64(3, [pid 6026] close(3 [pid 6025] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6026] <... close resumed>) = 0 [pid 5830] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6026] close(4 [pid 6025] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6026] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./38/file1", [pid 6026] mkdir("./file1", 0777 [pid 5831] rmdir("./32" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6026] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6026] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] mkdir("./33", 0777 [pid 5830] newfstatat(4, "", [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] getdents64(4, [pid 5831] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] close(4 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] rmdir("./38/file1" [pid 6025] <... link resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6028 attached [pid 6025] sync( [pid 6028] set_robust_list(0x5555934ed660, 24 [pid 5830] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6027] <... write resumed>) = 524288 [pid 6028] <... set_robust_list resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] chdir("./33" [pid 5830] newfstatat(AT_FDCWD, "./38/binderfs", [pid 6028] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6028 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] unlink("./38/binderfs" [pid 6028] <... prctl resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 6028] setpgid(0, 0 [pid 5830] getdents64(3, executing program [pid 6028] <... setpgid resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] close(3) = 0 [pid 5830] rmdir("./38" [pid 6027] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... rmdir resumed>) = 0 [pid 6028] <... openat resumed>) = 3 [pid 6027] <... munmap resumed>) = 0 [pid 6028] write(3, "1000", 4) = 4 [pid 5830] mkdir("./39", 0777 [pid 6028] close(3 [pid 5830] <... mkdir resumed>) = 0 [pid 6028] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6028] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... openat resumed>) = 3 [pid 6028] <... symlink resumed>) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6027] <... openat resumed>) = 4 [pid 5830] <... ioctl resumed>) = 0 [pid 6028] write(1, "executing program\n", 18 [pid 6027] ioctl(4, LOOP_SET_FD, 3 [pid 5830] close(3 [pid 6028] <... write resumed>) = 18 [pid 6028] memfd_create("syzkaller", 0 [pid 5830] <... close resumed>) = 0 [pid 6026] <... mount resumed>) = 0 [pid 6026] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6026] chdir("./file1" [pid 6028] <... memfd_create resumed>) = 3 [pid 6026] <... chdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6026] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"./strace-static-x86_64: Process 6029 attached [pid 6028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6029] set_robust_list(0x5555934ed660, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6029 [pid 6029] chdir("./39") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 executing program [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6029] write(1, "executing program\n", 18 [pid 6027] <... ioctl resumed>) = 0 [pid 6029] <... write resumed>) = 18 [pid 6027] close(3 [pid 6029] memfd_create("syzkaller", 0 [pid 6027] <... close resumed>) = 0 [pid 6029] <... memfd_create resumed>) = 3 [pid 6027] close(4 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6027] <... close resumed>) = 0 [pid 6026] <... link resumed>) = 0 [pid 6029] <... mmap resumed>) = 0x7ff1eb400000 [pid 6027] mkdir("./file1", 0777 [pid 6026] sync( [pid 6029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6027] <... mkdir resumed>) = 0 [pid 6025] <... sync resumed>) = 0 [ 107.310734][ T6027] loop4: detected capacity change from 0 to 1024 [pid 6025] exit_group(0 [pid 6028] <... write resumed>) = 524288 [pid 6025] <... exit_group resumed>) = ? [pid 6028] munmap(0x7ff1eb400000, 138412032 [pid 6027] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6028] <... munmap resumed>) = 0 [pid 6025] +++ exited with 0 +++ [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6028] <... openat resumed>) = 4 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6028] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6029] <... write resumed>) = 524288 [pid 6028] <... ioctl resumed>) = 0 [pid 6028] close(3 [pid 5828] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6028] <... close resumed>) = 0 [pid 6028] close(4) = 0 [pid 6028] mkdir("./file1", 0777) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6028] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6029] munmap(0x7ff1eb400000, 138412032 [pid 5828] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6029] <... munmap resumed>) = 0 [pid 6027] <... mount resumed>) = 0 [pid 5828] getdents64(4, [pid 6027] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6029] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6027] <... openat resumed>) = 3 [pid 5828] getdents64(4, [pid 6029] <... openat resumed>) = 4 [pid 6027] chdir("./file1" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6027] <... chdir resumed>) = 0 [pid 5828] close(4 [pid 6027] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... close resumed>) = 0 [pid 6029] ioctl(4, LOOP_SET_FD, 3 [pid 6027] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] rmdir("./34/file1") = 0 [ 107.379490][ T6028] loop3: detected capacity change from 0 to 1024 [pid 6027] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6029] <... ioctl resumed>) = 0 [pid 5828] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./34/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./34" [pid 6028] <... mount resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./35", 0777) = 0 [pid 6028] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 6028] <... openat resumed>) = 3 [pid 6028] chdir("./file1" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6028] <... chdir resumed>) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6026] <... sync resumed>) = 0 ./strace-static-x86_64: Process 6030 attached [pid 6028] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6026] exit_group(0 [pid 6028] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6027] <... link resumed>) = 0 [pid 6026] <... exit_group resumed>) = ? [pid 6027] sync( [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6030 [pid 6030] set_robust_list(0x5555934ed660, 24) = 0 [pid 6030] chdir("./35") = 0 [pid 6029] close(3 [pid 6026] +++ exited with 0 +++ [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] <... close resumed>) = 0 [pid 6030] <... prctl resumed>) = 0 [pid 6029] close(4 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6030] setpgid(0, 0 [pid 6029] <... close resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6030] <... setpgid resumed>) = 0 [pid 6029] mkdir("./file1", 0777 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6029] <... mkdir resumed>) = 0 [pid 6030] <... openat resumed>) = 3 [pid 6029] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6030] write(3, "1000", 4 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6030] <... write resumed>) = 4 [pid 6030] close(3 [pid 6028] <... link resumed>) = 0 [pid 6028] sync( [pid 6030] <... close resumed>) = 0 [ 107.439380][ T6029] loop2: detected capacity change from 0 to 1024 [pid 6030] symlink("/dev/binderfs", "./binderfs" [pid 5829] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] <... symlink resumed>) = 0 executing program [pid 6030] write(1, "executing program\n", 18 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6030] <... write resumed>) = 18 [pid 5829] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6030] memfd_create("syzkaller", 0 [pid 5829] <... openat resumed>) = 3 [pid 6030] <... memfd_create resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 6029] <... mount resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] getdents64(3, [pid 6030] <... mmap resumed>) = 0x7ff1eb400000 [pid 6029] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6029] <... openat resumed>) = 3 [pid 5829] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6029] chdir("./file1") = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6029] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... umount2 resumed>) = 0 [pid 6030] <... write resumed>) = 524288 [pid 6030] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6029] <... link resumed>) = 0 [pid 5829] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] ioctl(4, LOOP_SET_FD, 3 [pid 6029] sync( [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] <... sync resumed>) = 0 [pid 6027] <... sync resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./37/file1", [pid 6028] exit_group(0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6028] <... exit_group resumed>) = ? [pid 5829] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6030] <... ioctl resumed>) = 0 [pid 6027] exit_group(0 [pid 5829] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6028] +++ exited with 0 +++ [pid 6030] close(3 [pid 6029] <... sync resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5829] newfstatat(4, "", [pid 6029] exit_group(0) = ? [pid 6029] +++ exited with 0 +++ [pid 6030] <... close resumed>) = 0 [pid 6027] <... exit_group resumed>) = ? [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6030] close(4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6030] <... close resumed>) = 0 [pid 6027] +++ exited with 0 +++ [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] getdents64(4, [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6030] mkdir("./file1", 0777 [pid 5829] getdents64(4, [pid 6030] <... mkdir resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [ 107.563582][ T6030] loop0: detected capacity change from 0 to 1024 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(4 [pid 5831] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6030] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5830] <... openat resumed>) = 3 [pid 5832] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(3, "", [pid 5829] rmdir("./37/file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5831] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6030] <... mount resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(AT_FDCWD, "./37/binderfs", [pid 6030] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6030] chdir("./file1" [pid 5829] unlink("./37/binderfs" [pid 6030] <... chdir resumed>) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] <... unlink resumed>) = 0 [pid 6030] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6030] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] getdents64(3, [pid 5832] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] close(3 [pid 5832] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./37" [pid 5832] <... umount2 resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] mkdir("./38", 0777 [pid 5830] newfstatat(AT_FDCWD, "./39/file1", [pid 6030] <... link resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6030] sync( [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(AT_FDCWD, "./37/file1", [pid 5831] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 5829] <... ioctl resumed>) = 0 [pid 5832] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./33/file1", [pid 5829] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6031 attached [pid 5832] newfstatat(4, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6031] set_robust_list(0x5555934ed660, 24 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(4, [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6031 [pid 6031] <... set_robust_list resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6031] chdir("./38" [pid 6030] <... sync resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5830] getdents64(4, [pid 6030] exit_group(0 [pid 6031] <... chdir resumed>) = 0 [pid 6030] <... exit_group resumed>) = ? [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] getdents64(4, [pid 5831] getdents64(4, [pid 5830] close(4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6030] +++ exited with 0 +++ [pid 5832] close(4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 5832] rmdir("./37/file1" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] rmdir("./39/file1" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6031] setpgid(0, 0 [pid 5828] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(4 [pid 5830] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6031] <... setpgid resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5828] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6031] <... openat resumed>) = 3 [pid 5830] unlink("./39/binderfs" [pid 5828] newfstatat(3, "", [pid 5831] rmdir("./33/file1" [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6031] write(3, "1000", 4 [pid 5828] getdents64(3, [pid 6031] <... write resumed>) = 4 [pid 5830] getdents64(3, [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6031] close(3 [pid 5830] close(3 [pid 5828] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6031] <... close resumed>) = 0 [pid 5832] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./39" [pid 5832] newfstatat(AT_FDCWD, "./37/binderfs", [pid 6031] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] unlink("./37/binderfs" [pid 5831] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6031] write(1, "executing program\n", 18) = 18 [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6031] memfd_create("syzkaller", 0 [pid 5832] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./33/binderfs", [pid 6031] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] close(3 [pid 5830] mkdir("./40", 0777 [pid 5831] unlink("./33/binderfs" [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... unlink resumed>) = 0 [pid 6031] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5832] rmdir("./37" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 6031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5831] rmdir("./33" [pid 6031] <... write resumed>) = 524288 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] mkdir("./38", 0777 [pid 5828] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] newfstatat(AT_FDCWD, "./35/file1", [pid 5830] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 3 [pid 5831] mkdir("./34", 0777 [pid 5828] newfstatat(4, "", [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(3 [pid 5828] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 6031] munmap(0x7ff1eb400000, 138412032 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 6032 attached [pid 6031] <... munmap resumed>) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] getdents64(4, ./strace-static-x86_64: Process 6033 attached 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6032] set_robust_list(0x5555934ed660, 24 [pid 6031] <... openat resumed>) = 4 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6032 [pid 5828] close(4 [pid 6032] <... set_robust_list resumed>) = 0 [pid 6031] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... close resumed>) = 0 [pid 6033] set_robust_list(0x5555934ed660, 24 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] rmdir("./35/file1" [pid 5831] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6033 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6033] <... set_robust_list resumed>) = 0 [pid 5828] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 6032] chdir("./40" [pid 5831] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6033] chdir("./38" [pid 5831] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./35/binderfs", [pid 6033] <... chdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6032] <... chdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6032] setpgid(0, 0) = 0 [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6034 attached [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6032] <... openat resumed>) = 3 [pid 5828] unlink("./35/binderfs" [pid 6034] set_robust_list(0x5555934ed660, 24 [pid 6033] <... prctl resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6034 [pid 6032] write(3, "1000", 4 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 6032] <... write resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6032] close(3 [pid 5828] close(3 [pid 6034] <... set_robust_list resumed>) = 0 [pid 6033] setpgid(0, 0 [pid 6034] chdir("./34" [pid 6033] <... setpgid resumed>) = 0 [pid 6032] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6032] symlink("/dev/binderfs", "./binderfs" [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6032] <... symlink resumed>) = 0 [pid 5828] rmdir("./35"executing program [pid 6034] <... chdir resumed>) = 0 [pid 6033] <... openat resumed>) = 3 [pid 6032] write(1, "executing program\n", 18 [pid 5828] <... rmdir resumed>) = 0 [pid 6033] write(3, "1000", 4 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6032] <... write resumed>) = 18 [pid 5828] mkdir("./36", 0777 [pid 6034] <... prctl resumed>) = 0 [pid 6033] <... write resumed>) = 4 [pid 6034] setpgid(0, 0 [pid 6033] close(3 [pid 6032] memfd_create("syzkaller", 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6034] <... setpgid resumed>) = 0 [pid 6033] <... close resumed>) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6033] symlink("/dev/binderfs", "./binderfs" [pid 6032] <... memfd_create resumed>) = 3 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6033] <... symlink resumed>) = 0 [pid 6032] <... mmap resumed>) = 0x7ff1eb400000 [pid 6034] <... openat resumed>) = 3 [pid 6031] <... ioctl resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6034] write(3, "1000", 4 [pid 6033] write(1, "executing program\n", 18 [pid 6032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6031] close(3 [pid 5828] ioctl(3, LOOP_CLR_FDexecuting program [pid 6034] <... write resumed>) = 4 [pid 6033] <... write resumed>) = 18 [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 6033] memfd_create("syzkaller", 0 [pid 6031] <... close resumed>) = 0 [pid 6031] close(4) = 0 [pid 6031] mkdir("./file1", 0777 [pid 6034] close(3 [pid 6031] <... mkdir resumed>) = 0 [ 107.804789][ T6031] loop1: detected capacity change from 0 to 1024 [pid 6031] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6034] <... close resumed>) = 0 [pid 6033] <... memfd_create resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 6034] symlink("/dev/binderfs", "./binderfs" [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6032] <... write resumed>) = 524288 [pid 6034] <... symlink resumed>) = 0 executing program [pid 6034] write(1, "executing program\n", 18 [pid 6033] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6034] <... write resumed>) = 18 ./strace-static-x86_64: Process 6035 attached [pid 6034] memfd_create("syzkaller", 0 [pid 6035] set_robust_list(0x5555934ed660, 24) = 0 [pid 6033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6035 [pid 6034] <... memfd_create resumed>) = 3 [pid 6035] chdir("./36") = 0 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6031] <... mount resumed>) = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6034] <... mmap resumed>) = 0x7ff1eb400000 [pid 6035] <... prctl resumed>) = 0 [pid 6034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6032] munmap(0x7ff1eb400000, 138412032 [pid 6031] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6035] setpgid(0, 0 [pid 6032] <... munmap resumed>) = 0 [pid 6031] <... openat resumed>) = 3 [pid 6035] <... setpgid resumed>) = 0 [pid 6031] chdir("./file1") = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6031] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6035] <... openat resumed>) = 3 [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6035] write(3, "1000", 4) = 4 [pid 6032] <... openat resumed>) = 4 [pid 6032] ioctl(4, LOOP_SET_FD, 3 [pid 6035] close(3 [pid 6033] <... write resumed>) = 524288 [pid 6035] <... close resumed>) = 0 [pid 6034] <... write resumed>) = 524288 [pid 6033] munmap(0x7ff1eb400000, 138412032 [pid 6031] <... link resumed>) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs" [pid 6031] sync( [pid 6035] <... symlink resumed>) = 0 [pid 6034] munmap(0x7ff1eb400000, 138412032 [pid 6033] <... munmap resumed>) = 0 [pid 6034] <... munmap resumed>) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6035] write(1, "executing program\n", 18 [pid 6033] <... openat resumed>) = 4 executing program [pid 6033] ioctl(4, LOOP_SET_FD, 3 [pid 6035] <... write resumed>) = 18 [pid 6034] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6035] memfd_create("syzkaller", 0 [pid 6034] <... openat resumed>) = 4 [pid 6035] <... memfd_create resumed>) = 3 [pid 6034] ioctl(4, LOOP_SET_FD, 3 [pid 6032] <... ioctl resumed>) = 0 [pid 6031] <... sync resumed>) = 0 [pid 6032] close(3 [pid 6031] exit_group(0 [pid 6032] <... close resumed>) = 0 [pid 6031] <... exit_group resumed>) = ? [pid 6032] close(4 [pid 6031] +++ exited with 0 +++ [pid 6032] <... close resumed>) = 0 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6032] mkdir("./file1", 0777 [pid 6035] <... mmap resumed>) = 0x7ff1eb400000 [pid 6032] <... mkdir resumed>) = 0 [pid 5829] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6032] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [ 107.911189][ T6032] loop2: detected capacity change from 0 to 1024 [ 107.945451][ T6033] loop4: detected capacity change from 0 to 1024 [ 107.954841][ T6034] loop3: detected capacity change from 0 to 1024 [pid 5829] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6034] <... ioctl resumed>) = 0 [pid 6033] <... ioctl resumed>) = 0 [pid 6035] <... write resumed>) = 524288 [pid 6034] close(3) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6035] munmap(0x7ff1eb400000, 138412032 [pid 6034] close(4 [pid 6035] <... munmap resumed>) = 0 [pid 6034] <... close resumed>) = 0 [pid 6034] mkdir("./file1", 0777 [pid 6033] close(3 [pid 6034] <... mkdir resumed>) = 0 [pid 6033] <... close resumed>) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6033] close(4 [pid 6035] <... openat resumed>) = 4 [pid 6033] <... close resumed>) = 0 [pid 6032] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6034] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6035] ioctl(4, LOOP_SET_FD, 3 [pid 6033] mkdir("./file1", 0777 [pid 5829] newfstatat(AT_FDCWD, "./38/file1", [pid 6033] <... mkdir resumed>) = 0 [pid 6032] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6032] <... openat resumed>) = 3 [pid 5829] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6032] chdir("./file1") = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... openat resumed>) = 4 [pid 6032] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] newfstatat(4, "", [pid 6032] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6034] <... mount resumed>) = 0 [pid 6033] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] getdents64(4, [pid 6034] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 6034] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 6034] chdir("./file1") = 0 [pid 6033] <... mount resumed>) = 0 [pid 5829] rmdir("./38/file1" [pid 6034] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... rmdir resumed>) = 0 [pid 6034] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6033] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6034] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... ioctl resumed>) = 0 [pid 6033] <... openat resumed>) = 3 [pid 6032] <... link resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./38/binderfs", [pid 6035] close(3 [pid 6033] chdir("./file1" [pid 6035] <... close resumed>) = 0 [pid 6034] <... link resumed>) = 0 [pid 6032] sync( [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6033] <... chdir resumed>) = 0 [pid 6035] close(4 [pid 6034] sync( [pid 6033] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] unlink("./38/binderfs" [pid 6035] <... close resumed>) = 0 [pid 6033] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 108.024918][ T6035] loop0: detected capacity change from 0 to 1024 [pid 6035] mkdir("./file1", 0777 [pid 6033] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... unlink resumed>) = 0 [pid 6035] <... mkdir resumed>) = 0 [pid 6033] <... link resumed>) = 0 [pid 5829] getdents64(3, [pid 6033] sync( [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6035] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] close(3) = 0 [pid 5829] rmdir("./38") = 0 [pid 5829] mkdir("./39", 0777) = 0 [pid 6035] <... mount resumed>) = 0 [pid 6035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6032] <... sync resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6032] exit_group(0 [pid 5829] <... ioctl resumed>) = 0 [pid 6034] <... sync resumed>) = 0 [pid 6032] <... exit_group resumed>) = ? [pid 5829] close(3 [pid 6035] <... openat resumed>) = 3 [pid 6034] exit_group(0 [pid 6033] <... sync resumed>) = 0 [pid 6032] +++ exited with 0 +++ [pid 5829] <... close resumed>) = 0 [pid 6035] chdir("./file1" [pid 6034] <... exit_group resumed>) = ? [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6033] exit_group(0) = ? [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 6036 attached [pid 6035] <... chdir resumed>) = 0 [pid 6034] +++ exited with 0 +++ [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6036] set_robust_list(0x5555934ed660, 24 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6036 [pid 5831] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6035] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6036] <... set_robust_list resumed>) = 0 [pid 6035] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6036] chdir("./39" [pid 5831] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6036] <... chdir resumed>) = 0 [pid 6033] +++ exited with 0 +++ [pid 5831] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] newfstatat(3, "", [pid 6036] <... prctl resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6036] setpgid(0, 0 [pid 6035] <... link resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] newfstatat(3, "", [pid 6036] <... setpgid resumed>) = 0 [pid 6035] sync( [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6036] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 6036] write(3, "1000", 4) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6036] close(3 [pid 5832] getdents64(3, [pid 6036] <... close resumed>) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6036] <... symlink resumed>) = 0 [pid 5832] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./40/file1", [pid 6036] write(1, "executing program\n", 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, executing program [pid 6036] <... write resumed>) = 18 [pid 5831] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6036] memfd_create("syzkaller", 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, [pid 5831] newfstatat(AT_FDCWD, "./34/file1", [pid 6036] <... memfd_create resumed>) = 3 [pid 6035] <... sync resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6035] exit_group(0 [pid 5831] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(4 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6035] <... exit_group resumed>) = ? [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6036] <... mmap resumed>) = 0x7ff1eb400000 [pid 6035] +++ exited with 0 +++ [pid 5832] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./40/file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] newfstatat(AT_FDCWD, "./38/file1", [pid 5831] newfstatat(4, "", [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5832] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 5832] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(4, "", [pid 5831] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] unlink("./40/binderfs" [pid 5832] getdents64(4, [pid 5831] rmdir("./34/file1") = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 6036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] newfstatat(AT_FDCWD, "./34/binderfs", [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] getdents64(4, [pid 5828] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] unlink("./34/binderfs" [pid 5832] close(4 [pid 5828] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... unlink resumed>) = 0 [pid 5830] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5832] rmdir("./38/file1" [pid 5830] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] rmdir("./40" [pid 5828] getdents64(3, [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./41", 0777 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6036] <... write resumed>) = 524288 [pid 5832] newfstatat(AT_FDCWD, "./38/binderfs", [pid 5831] close(3./strace-static-x86_64: Process 6037 attached [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6037 [pid 5832] unlink("./38/binderfs" [pid 5831] rmdir("./34" [pid 6037] set_robust_list(0x5555934ed660, 24) = 0 [pid 6037] chdir("./41") = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5831] mkdir("./35", 0777 [pid 5832] getdents64(3, [pid 6037] write(3, "1000", 4) = 4 [pid 5831] <... mkdir resumed>) = 0 [pid 6037] close(3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6037] <... close resumed>) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs" [pid 6036] <... munmap resumed>) = 0 [pid 5832] close(3 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6037] <... symlink resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./38" [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] newfstatat(AT_FDCWD, "./36/file1", executing program [pid 6037] write(1, "executing program\n", 18) = 18 [pid 6037] memfd_create("syzkaller", 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] close(3 [pid 6036] <... openat resumed>) = 4 [pid 5832] mkdir("./39", 0777 [pid 5831] <... close resumed>) = 0 [pid 5828] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6037] <... memfd_create resumed>) = 3 [pid 6036] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 ./strace-static-x86_64: Process 6038 attached [pid 5832] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6038] set_robust_list(0x5555934ed660, 24 [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6038 [pid 5828] <... openat resumed>) = 4 [pid 6038] <... set_robust_list resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 5832] close(3) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] chdir("./35" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] getdents64(4, [pid 6038] <... chdir resumed>) = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 6039 attached [pid 6038] <... prctl resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6039 [pid 5828] getdents64(4, [pid 6038] setpgid(0, 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6038] <... setpgid resumed>) = 0 [pid 5828] close(4 [pid 6039] set_robust_list(0x5555934ed660, 24 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6037] <... write resumed>) = 524288 [pid 6036] <... ioctl resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./36/file1" [pid 6039] <... set_robust_list resumed>) = 0 [pid 6039] chdir("./39" [pid 6037] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... rmdir resumed>) = 0 [pid 6039] <... chdir resumed>) = 0 [pid 6037] <... munmap resumed>) = 0 [pid 5828] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] <... prctl resumed>) = 0 [pid 6039] setpgid(0, 0 [pid 6038] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./36/binderfs", [pid 6039] <... setpgid resumed>) = 0 [pid 6038] write(3, "1000", 4 [pid 6037] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6036] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6038] <... write resumed>) = 4 [pid 6037] <... openat resumed>) = 4 [pid 6036] <... close resumed>) = 0 [pid 5828] unlink("./36/binderfs" [pid 6038] close(3 [pid 6036] close(4 [pid 6038] <... close resumed>) = 0 [pid 6036] <... close resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [ 108.324859][ T6036] loop1: detected capacity change from 0 to 1024 [pid 6037] ioctl(4, LOOP_SET_FD, 3 [pid 6039] <... openat resumed>) = 3 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 6036] mkdir("./file1", 0777 [pid 5828] getdents64(3, [pid 6039] write(3, "1000", 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6039] <... write resumed>) = 4 [pid 6038] <... symlink resumed>) = 0 [pid 6036] <... mkdir resumed>) = 0 [pid 5828] close(3 [pid 6038] write(1, "executing program\n", 18 [pid 6036] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./36" [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... rmdir resumed>) = 0 executing program executing program [pid 6039] <... symlink resumed>) = 0 [pid 6039] write(1, "executing program\n", 18 [pid 6038] <... write resumed>) = 18 [pid 5828] mkdir("./37", 0777 [pid 6039] <... write resumed>) = 18 [pid 6038] memfd_create("syzkaller", 0 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 5828] <... mkdir resumed>) = 0 [pid 6038] <... memfd_create resumed>) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6039] <... mmap resumed>) = 0x7ff1eb400000 [pid 6038] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6037] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6040 attached [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6037] close(3 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6040 [pid 6037] <... close resumed>) = 0 [pid 6040] set_robust_list(0x5555934ed660, 24 [pid 6037] close(4) = 0 [pid 6040] <... set_robust_list resumed>) = 0 [ 108.370503][ T6037] loop2: detected capacity change from 0 to 1024 [pid 6037] mkdir("./file1", 0777 [pid 6040] chdir("./37" [pid 6037] <... mkdir resumed>) = 0 [pid 6036] <... mount resumed>) = 0 [pid 6036] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6040] <... chdir resumed>) = 0 [pid 6039] <... write resumed>) = 524288 [pid 6038] <... write resumed>) = 524288 [pid 6037] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6036] <... openat resumed>) = 3 [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6039] munmap(0x7ff1eb400000, 138412032 [pid 6038] munmap(0x7ff1eb400000, 138412032 [pid 6036] chdir("./file1" [pid 6040] <... prctl resumed>) = 0 [pid 6040] setpgid(0, 0 [pid 6038] <... munmap resumed>) = 0 [pid 6036] <... chdir resumed>) = 0 [pid 6040] <... setpgid resumed>) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6039] <... munmap resumed>) = 0 [pid 6036] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6036] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6040] <... openat resumed>) = 3 [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6038] <... openat resumed>) = 4 [pid 6037] <... mount resumed>) = 0 [pid 6039] <... openat resumed>) = 4 [pid 6037] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6039] ioctl(4, LOOP_SET_FD, 3 [pid 6038] ioctl(4, LOOP_SET_FD, 3 [pid 6037] <... openat resumed>) = 3 [pid 6040] write(3, "1000", 4 [pid 6037] chdir("./file1") = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6037] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6040] <... write resumed>) = 4 [pid 6040] close(3) = 0 [pid 6040] symlink("/dev/binderfs", "./binderfs" [pid 6036] <... link resumed>) = 0 executing program [pid 6036] sync( [pid 6040] <... symlink resumed>) = 0 [pid 6040] write(1, "executing program\n", 18) = 18 [pid 6040] memfd_create("syzkaller", 0 [pid 6038] <... ioctl resumed>) = 0 [pid 6037] <... link resumed>) = 0 [pid 6040] <... memfd_create resumed>) = 3 [pid 6039] <... ioctl resumed>) = 0 [pid 6038] close(3 [pid 6037] sync( [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6039] close(3 [pid 6038] <... close resumed>) = 0 [pid 6040] <... mmap resumed>) = 0x7ff1eb400000 [pid 6039] <... close resumed>) = 0 [pid 6038] close(4 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6039] close(4 [pid 6038] <... close resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 6038] mkdir("./file1", 0777 [ 108.465206][ T6039] loop4: detected capacity change from 0 to 1024 [ 108.472404][ T6038] loop3: detected capacity change from 0 to 1024 [pid 6039] mkdir("./file1", 0777) = 0 [pid 6038] <... mkdir resumed>) = 0 [pid 6037] <... sync resumed>) = 0 [pid 6036] <... sync resumed>) = 0 [pid 6037] exit_group(0) = ? [pid 6039] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6038] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6037] +++ exited with 0 +++ [pid 6036] exit_group(0) = ? [pid 6036] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(3, [pid 6039] <... mount resumed>) = 0 [pid 6038] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] <... write resumed>) = 524288 [pid 6039] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6038] chdir("./file1" [pid 5830] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6040] munmap(0x7ff1eb400000, 138412032 [pid 6039] <... openat resumed>) = 3 [pid 6038] <... chdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6040] <... munmap resumed>) = 0 [pid 6039] chdir("./file1" [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] newfstatat(3, "", [pid 6039] <... chdir resumed>) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6039] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6038] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6039] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6039] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6040] <... openat resumed>) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6038] <... link resumed>) = 0 [pid 5830] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6038] sync( [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./41/file1", [pid 5829] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6039] <... link resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6039] sync( [pid 5830] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6040] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5829] <... openat resumed>) = 4 [pid 6040] close(3 [pid 5830] newfstatat(4, "", [pid 5829] newfstatat(4, "", [pid 6040] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6040] close(4 [pid 5830] getdents64(4, [pid 5829] getdents64(4, [pid 6040] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6040] mkdir("./file1", 0777) = 0 [pid 5830] getdents64(4, [pid 5829] getdents64(4, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6040] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] close(4 [pid 5829] close(4 [pid 5830] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] rmdir("./41/file1" [pid 5829] rmdir("./39/file1") = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 108.574145][ T6040] loop0: detected capacity change from 0 to 1024 [pid 5830] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] unlink("./39/binderfs" [pid 5830] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 5830] unlink("./41/binderfs" [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./39" [pid 5830] getdents64(3, [pid 5829] <... rmdir resumed>) = 0 [pid 6040] <... mount resumed>) = 0 [pid 6040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6040] <... openat resumed>) = 3 [pid 6039] <... sync resumed>) = 0 [pid 6038] <... sync resumed>) = 0 [pid 5829] mkdir("./40", 0777 [pid 6038] exit_group(0 [pid 6040] chdir("./file1" [pid 6039] exit_group(0 [pid 6038] <... exit_group resumed>) = ? [pid 5830] close(3 [pid 5829] <... mkdir resumed>) = 0 [pid 6040] <... chdir resumed>) = 0 [pid 6038] +++ exited with 0 +++ [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6039] <... exit_group resumed>) = ? [pid 5830] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6040] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] rmdir("./41" [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6039] +++ exited with 0 +++ [pid 6040] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] mkdir("./42", 0777 [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5830] <... mkdir resumed>) = 0 [pid 5831] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 5830] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] newfstatat(3, "", [pid 5829] <... close resumed>) = 0 [pid 5831] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6041 attached , child_tidptr=0x5555934ed650) = 6041 ./strace-static-x86_64: Process 6042 attached [pid 6041] set_robust_list(0x5555934ed660, 24 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6042] set_robust_list(0x5555934ed660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6042 [pid 6041] <... set_robust_list resumed>) = 0 [pid 6041] chdir("./40") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6042] <... set_robust_list resumed>) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6040] <... link resumed>) = 0 [pid 5832] getdents64(3, [pid 5831] <... umount2 resumed>) = 0 [pid 6042] chdir("./42" [pid 6041] <... openat resumed>) = 3 [pid 6040] sync( [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./35/file1", [pid 6041] write(3, "1000", 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6041] <... write resumed>) = 4 [pid 5831] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6041] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6041] <... close resumed>) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] write(1, "executing program\n", 18) = 18 [pid 6041] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6041] <... memfd_create resumed>) = 3 [pid 5831] newfstatat(4, "", [pid 6042] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] getdents64(4, [pid 6042] <... prctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6042] setpgid(0, 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] getdents64(4, [pid 6042] <... setpgid resumed>) = 0 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] <... sync resumed>) = 0 [pid 5832] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6041] <... mmap resumed>) = 0x7ff1eb400000 [pid 6040] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(4 [pid 6042] <... openat resumed>) = 3 [pid 6040] <... exit_group resumed>) = ? [pid 5832] newfstatat(AT_FDCWD, "./39/file1", [pid 5831] <... close resumed>) = 0 [pid 6042] write(3, "1000", 4 [pid 5831] rmdir("./35/file1" [pid 6042] <... write resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6042] close(3 [pid 5832] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 6042] <... close resumed>) = 0 [pid 6040] +++ exited with 0 +++ [pid 6042] symlink("/dev/binderfs", "./binderfs" [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6042] <... symlink resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6040, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- executing program [pid 6042] write(1, "executing program\n", 18 [pid 5832] <... openat resumed>) = 4 [pid 5831] newfstatat(AT_FDCWD, "./35/binderfs", [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6042] <... write resumed>) = 18 [pid 5832] newfstatat(4, "", [pid 5828] <... restart_syscall resumed>) = 0 [pid 6042] memfd_create("syzkaller", 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6042] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./35/binderfs" [pid 6042] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] getdents64(4, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6041] <... write resumed>) = 524288 [pid 5828] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6041] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] close(4 [pid 5831] getdents64(3, [pid 5828] newfstatat(3, "", [pid 5832] <... close resumed>) = 0 [pid 6041] <... munmap resumed>) = 0 [pid 5832] rmdir("./39/file1" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5828] getdents64(3, [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5828] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./35" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5831] mkdir("./36", 0777 [pid 5828] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6042] <... write resumed>) = 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6042] munmap(0x7ff1eb400000, 138412032 [pid 5832] unlink("./39/binderfs" [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./37/file1", [pid 5832] <... unlink resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6042] <... munmap resumed>) = 0 [pid 5832] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... openat resumed>) = 4 [pid 6042] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6041] <... ioctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5832] close(3 [pid 6041] close(3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6042] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 5832] <... close resumed>) = 0 [pid 6041] <... close resumed>) = 0 [pid 5832] rmdir("./39" [pid 5831] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6041] close(4 [pid 5831] close(3 [pid 5828] getdents64(4, [pid 6042] ioctl(4, LOOP_SET_FD, 3 [pid 6041] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] mkdir("./40", 0777 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6041] mkdir("./file1", 0777) = 0 [pid 5828] getdents64(4, ./strace-static-x86_64: Process 6043 attached [pid 5832] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6041] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] close(4) = 0 [pid 5828] rmdir("./37/file1" [pid 6043] set_robust_list(0x5555934ed660, 24 [pid 5828] <... rmdir resumed>) = 0 [pid 6043] <... set_robust_list resumed>) = 0 [pid 5828] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] newfstatat(AT_FDCWD, "./37/binderfs", [pid 6043] chdir("./36" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5828] unlink("./37/binderfs" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6043 [pid 5828] <... unlink resumed>) = 0 [pid 6043] <... chdir resumed>) = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 6043] <... prctl resumed>) = 0 [pid 5828] getdents64(3, [pid 6043] setpgid(0, 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6043] <... setpgid resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] rmdir("./37" [pid 5832] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 6043] write(3, "1000", 4 [pid 5832] <... close resumed>) = 0 executing program [pid 6043] <... write resumed>) = 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] mkdir("./38", 0777 [pid 6043] close(3) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] write(1, "executing program\n", 18 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6044 [pid 6043] <... write resumed>) = 18 ./strace-static-x86_64: Process 6044 attached [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6043] memfd_create("syzkaller", 0 [pid 5828] <... openat resumed>) = 3 [pid 6043] <... memfd_create resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6043] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] close(3) = 0 [ 108.821771][ T6041] loop1: detected capacity change from 0 to 1024 [ 108.854466][ T6042] loop2: detected capacity change from 0 to 1024 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached [pid 6044] set_robust_list(0x5555934ed660, 24 [pid 6042] <... ioctl resumed>) = 0 [pid 6044] <... set_robust_list resumed>) = 0 [pid 6041] <... mount resumed>) = 0 [pid 6041] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] set_robust_list(0x5555934ed660, 24 [pid 6041] chdir("./file1" [pid 6045] <... set_robust_list resumed>) = 0 [pid 6041] <... chdir resumed>) = 0 [pid 6045] chdir("./38" [pid 6041] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6044] chdir("./40" [pid 6042] close(3 [pid 6041] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6041] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6044] <... chdir resumed>) = 0 [pid 6042] <... close resumed>) = 0 [pid 6045] <... chdir resumed>) = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6042] close(4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6045 [pid 6044] <... prctl resumed>) = 0 [pid 6042] <... close resumed>) = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6045] <... prctl resumed>) = 0 [pid 6044] setpgid(0, 0 [pid 6043] <... write resumed>) = 524288 [pid 6042] mkdir("./file1", 0777 [pid 6045] setpgid(0, 0) = 0 [pid 6044] <... setpgid resumed>) = 0 [pid 6042] <... mkdir resumed>) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6042] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6045] <... openat resumed>) = 3 executing program [pid 6045] write(3, "1000", 4 [pid 6044] <... openat resumed>) = 3 [pid 6045] <... write resumed>) = 4 [pid 6044] write(3, "1000", 4 [pid 6045] close(3 [pid 6044] <... write resumed>) = 4 [pid 6045] <... close resumed>) = 0 [pid 6044] close(3 [pid 6045] symlink("/dev/binderfs", "./binderfs" [pid 6044] <... close resumed>) = 0 [pid 6045] <... symlink resumed>) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs" [pid 6045] write(1, "executing program\n", 18) = 18 [pid 6045] memfd_create("syzkaller", 0 [pid 6044] <... symlink resumed>) = 0 [pid 6041] <... link resumed>) = 0 [pid 6045] <... memfd_create resumed>) = 3 [pid 6044] write(1, "executing program\n", 18executing program [pid 6042] <... mount resumed>) = 0 [pid 6041] sync( [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6044] <... write resumed>) = 18 [pid 6042] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6045] <... mmap resumed>) = 0x7ff1eb400000 [pid 6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6044] memfd_create("syzkaller", 0 [pid 6043] munmap(0x7ff1eb400000, 138412032 [pid 6042] <... openat resumed>) = 3 [pid 6044] <... memfd_create resumed>) = 3 [pid 6043] <... munmap resumed>) = 0 [pid 6042] chdir("./file1" [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6042] <... chdir resumed>) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6043] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6042] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6043] <... openat resumed>) = 4 [pid 6042] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6043] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6043] ioctl(4, LOOP_CLR_FD) = 0 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6042] <... link resumed>) = 0 [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6042] sync( [pid 6043] close(4 [pid 6041] <... sync resumed>) = 0 [pid 6041] exit_group(0 [pid 6043] <... close resumed>) = 0 [pid 6041] <... exit_group resumed>) = ? [pid 6043] close(3 [pid 6042] <... sync resumed>) = 0 [pid 6043] <... close resumed>) = 0 [pid 6045] <... write resumed>) = 524288 [pid 6045] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6042] exit_group(0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] +++ exited with 0 +++ [pid 6045] ioctl(4, LOOP_SET_FD, 3 [pid 6042] <... exit_group resumed>) = ? [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6044] <... write resumed>) = 524288 [pid 6042] +++ exited with 0 +++ [pid 5829] <... restart_syscall resumed>) = 0 [pid 6045] <... ioctl resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6043] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6043] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6043] sync( [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6044] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... openat resumed>) = 3 [pid 5830] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(3, "", [pid 6044] <... munmap resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6044] <... openat resumed>) = 4 [pid 5830] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6044] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6043] <... sync resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... umount2 resumed>) = 0 [pid 6043] exit_group(0 [pid 5830] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6043] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = 0 [pid 6045] close(3 [pid 6043] +++ exited with 0 +++ [pid 5829] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] newfstatat(AT_FDCWD, "./40/file1", [pid 5831] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6045] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6045] close(4 [pid 5831] newfstatat(3, "", [pid 5829] <... openat resumed>) = 4 [pid 6045] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(4, "", [pid 6045] mkdir("./file1", 0777 [pid 5831] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6045] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 109.011428][ T6045] loop0: detected capacity change from 0 to 1024 [pid 5829] getdents64(4, [pid 6045] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./42/file1", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(4, [pid 5831] newfstatat(AT_FDCWD, "./36/binderfs", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] close(4 [pid 5831] unlink("./36/binderfs" [pid 5829] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5829] rmdir("./40/file1" [pid 5831] getdents64(3, [pid 5829] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5831] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] unlink("./40/binderfs" [pid 5831] rmdir("./36" [pid 5829] <... unlink resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5831] mkdir("./37", 0777 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] close(3) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./40" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... openat resumed>) = 4 [pid 5829] <... rmdir resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5829] mkdir("./41", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] getdents64(4, [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] getdents64(4, [pid 6044] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6045] <... mount resumed>) = 0 [pid 6044] close(3 [pid 5831] <... close resumed>) = 0 [pid 5830] close(4 [pid 6044] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6044] close(4 [pid 5830] rmdir("./42/file1" [pid 6045] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6044] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6044] mkdir("./file1", 0777./strace-static-x86_64: Process 6046 attached [pid 6045] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6044] <... mkdir resumed>) = 0 [pid 6045] chdir("./file1" [pid 6044] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = 0 [pid 6045] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(3 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] <... close resumed>) = 0 [pid 6046] set_robust_list(0x5555934ed660, 24 [pid 6045] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(AT_FDCWD, "./42/binderfs", [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6047 attached [pid 6045] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6046] <... set_robust_list resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6046 [pid 5830] unlink("./42/binderfs" [pid 6047] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6047 [pid 5830] <... unlink resumed>) = 0 [pid 6047] <... set_robust_list resumed>) = 0 [pid 6046] chdir("./37" [pid 5830] getdents64(3, [pid 6047] chdir("./41" [pid 6046] <... chdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6047] <... chdir resumed>) = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] close(3 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6046] <... prctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6047] <... prctl resumed>) = 0 [pid 6046] setpgid(0, 0 [pid 5830] rmdir("./42" [pid 6047] setpgid(0, 0 [ 109.063275][ T6044] loop4: detected capacity change from 0 to 1024 [pid 6046] <... setpgid resumed>) = 0 [pid 6044] <... mount resumed>) = 0 [pid 6047] <... setpgid resumed>) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... rmdir resumed>) = 0 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6046] <... openat resumed>) = 3 [pid 6046] write(3, "1000", 4) = 4 [pid 6046] close(3) = 0 [pid 6047] write(3, "1000", 4 [pid 6046] symlink("/dev/binderfs", "./binderfs" [pid 6047] <... write resumed>) = 4 [pid 6046] <... symlink resumed>) = 0 [pid 6045] <... link resumed>) = 0 [pid 6044] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] mkdir("./43", 0777 [pid 6047] close(3executing program [pid 6045] sync( [pid 6047] <... close resumed>) = 0 [pid 6046] write(1, "executing program\n", 18 [pid 6044] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 6044] chdir("./file1" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... openat resumed>) = 3 [pid 6044] <... chdir resumed>) = 0 [pid 6046] <... write resumed>) = 18 [pid 6046] memfd_create("syzkaller", 0 [pid 6044] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6044] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... ioctl resumed>) = 0 [pid 6044] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] close(3) = 0 [pid 6046] <... memfd_create resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 6048 attached [pid 6047] write(1, "executing program\n", 18 [pid 6048] set_robust_list(0x5555934ed660, 24 [pid 6047] <... write resumed>) = 18 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6048] <... set_robust_list resumed>) = 0 [pid 6047] memfd_create("syzkaller", 0 [pid 6046] <... mmap resumed>) = 0x7ff1eb400000 [pid 6048] chdir("./43" [pid 6047] <... memfd_create resumed>) = 3 [pid 6048] <... chdir resumed>) = 0 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6048 [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6047] <... mmap resumed>) = 0x7ff1eb400000 [pid 6048] <... prctl resumed>) = 0 [pid 6045] <... sync resumed>) = 0 [pid 6048] setpgid(0, 0 [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6045] exit_group(0 [pid 6048] <... setpgid resumed>) = 0 [pid 6046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6045] <... exit_group resumed>) = ? [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6045] +++ exited with 0 +++ [pid 6044] <... link resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6048] <... openat resumed>) = 3 [pid 6044] sync( [pid 5828] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6048] write(3, "1000", 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6046] <... write resumed>) = 524288 [pid 5828] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] <... write resumed>) = 4 [pid 6048] close(3 [pid 6047] <... write resumed>) = 524288 [pid 6048] <... close resumed>) = 0 [pid 6048] symlink("/dev/binderfs", "./binderfs"executing program [pid 6046] munmap(0x7ff1eb400000, 138412032 [pid 6048] <... symlink resumed>) = 0 [pid 6047] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... umount2 resumed>) = 0 [pid 6048] write(1, "executing program\n", 18) = 18 [pid 5828] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] memfd_create("syzkaller", 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6048] <... memfd_create resumed>) = 3 [pid 6046] <... munmap resumed>) = 0 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6047] <... munmap resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6046] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6046] ioctl(4, LOOP_SET_FD, 3 [pid 5828] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... openat resumed>) = 4 [pid 6047] <... openat resumed>) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3 [pid 6044] <... sync resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 6044] exit_group(0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6044] <... exit_group resumed>) = ? [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./38/file1") = 0 [pid 6044] +++ exited with 0 +++ [pid 5828] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] unlink("./38/binderfs") = 0 [pid 5832] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./38") = 0 [pid 5828] mkdir("./39", 0777 [pid 5832] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... mkdir resumed>) = 0 [pid 6046] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6046] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 6046] <... close resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6046] close(4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... ioctl resumed>) = 0 [pid 6046] <... close resumed>) = 0 [pid 5832] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 6046] mkdir("./file1", 0777 [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6047] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6049 attached [pid 6046] <... mkdir resumed>) = 0 [pid 6047] close(3 [pid 6049] set_robust_list(0x5555934ed660, 24 [pid 6047] <... close resumed>) = 0 [pid 6046] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6049] <... set_robust_list resumed>) = 0 [pid 6047] close(4 [pid 6049] chdir("./39" [pid 6047] <... close resumed>) = 0 [pid 6047] mkdir("./file1", 0777 [pid 6049] <... chdir resumed>) = 0 [pid 6047] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6049 [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6049] setpgid(0, 0) = 0 [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 109.231907][ T6046] loop3: detected capacity change from 0 to 1024 [ 109.245126][ T6047] loop1: detected capacity change from 0 to 1024 [pid 6047] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6049] <... openat resumed>) = 3 [pid 6048] <... write resumed>) = 524288 [pid 6047] <... mount resumed>) = 0 [pid 6049] write(3, "1000", 4 [pid 6047] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6046] <... mount resumed>) = 0 [pid 6049] <... write resumed>) = 4 [pid 6047] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 6049] close(3 [pid 6047] chdir("./file1" [pid 6046] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6049] <... close resumed>) = 0 [pid 6047] <... chdir resumed>) = 0 [pid 6046] <... openat resumed>) = 3 [pid 6047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6049] symlink("/dev/binderfs", "./binderfs" [pid 6047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6049] <... symlink resumed>) = 0 [pid 6048] munmap(0x7ff1eb400000, 138412032 [pid 6047] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6046] chdir("./file1" [pid 5832] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6049] write(1, "executing program\n", 18 [pid 6046] <... chdir resumed>) = 0 [pid 6049] <... write resumed>) = 18 [pid 6046] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6049] memfd_create("syzkaller", 0 [pid 6046] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(AT_FDCWD, "./40/file1", [pid 6049] <... memfd_create resumed>) = 3 [pid 6046] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6048] <... openat resumed>) = 4 [pid 6049] <... mmap resumed>) = 0x7ff1eb400000 [pid 6048] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6048] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 6047] <... link resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6048] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(4, [pid 6048] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6048] close(4 [pid 5832] getdents64(4, [pid 6048] <... close resumed>) = 0 [pid 6047] sync( [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 6049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6046] <... link resumed>) = 0 [pid 6046] sync( [pid 5832] rmdir("./40/file1" [pid 6049] <... write resumed>) = 524288 [pid 6048] close(3 [pid 5832] <... rmdir resumed>) = 0 [pid 6048] <... close resumed>) = 0 [pid 5832] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6047] <... sync resumed>) = 0 [pid 6049] munmap(0x7ff1eb400000, 138412032 [pid 6048] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6046] <... sync resumed>) = 0 [pid 5832] unlink("./40/binderfs" [pid 6048] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6046] exit_group(0 [pid 6048] sync( [pid 6047] exit_group(0 [pid 5832] <... unlink resumed>) = 0 [pid 6049] <... munmap resumed>) = 0 [pid 6047] <... exit_group resumed>) = ? [pid 6046] <... exit_group resumed>) = ? [pid 5832] getdents64(3, [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6049] <... openat resumed>) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6049] ioctl(4, LOOP_CLR_FD) = 0 [pid 6047] +++ exited with 0 +++ [pid 6046] +++ exited with 0 +++ [pid 6049] ioctl(4, LOOP_SET_FD, 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6046, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6049] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6049] close(4) = 0 [pid 6049] close(3 [pid 5832] close(3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./40" [pid 6048] <... sync resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6048] exit_group(0 [pid 5831] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6048] <... exit_group resumed>) = ? [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6048] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6049] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(3, "", [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5831] getdents64(3, [pid 5829] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5832] <... rmdir resumed>) = 0 [pid 5831] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] mkdir("./41", 0777 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 6049] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6049] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6049] sync( [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5830] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 ./strace-static-x86_64: Process 6050 attached [pid 5830] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./43/binderfs" [pid 5831] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6050 [pid 5830] <... unlink resumed>) = 0 [pid 6050] set_robust_list(0x5555934ed660, 24 [pid 5831] newfstatat(AT_FDCWD, "./37/file1", [pid 5830] getdents64(3, [pid 6049] <... sync resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6049] exit_group(0 [pid 5831] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6049] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6050] <... set_robust_list resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... close resumed>) = 0 [pid 6050] chdir("./41" [pid 5830] rmdir("./43" [pid 5831] newfstatat(4, "", [pid 6050] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] getdents64(4, [pid 5830] mkdir("./44", 0777 [pid 6050] <... prctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6050] setpgid(0, 0 [pid 6049] +++ exited with 0 +++ [pid 5831] getdents64(4, [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6050] <... setpgid resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6049, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] close(4 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] rmdir("./37/file1" [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6050] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 6050] write(3, "1000", 4 [pid 5831] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(3, "", [pid 6050] <... write resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./41/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6050] close(3 [pid 5831] newfstatat(AT_FDCWD, "./37/binderfs", [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./37/binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./39/binderfs", ./strace-static-x86_64: Process 6051 attached [pid 6050] symlink("/dev/binderfs", "./binderfs" [pid 5831] getdents64(3, [pid 5829] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./39/binderfs" [pid 5831] close(3 [pid 5829] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... unlink resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5828] getdents64(3, executing program [pid 6050] <... symlink resumed>) = 0 [pid 5831] rmdir("./37" [pid 5829] newfstatat(4, "", [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6051] set_robust_list(0x5555934ed660, 24 [pid 6050] write(1, "executing program\n", 18 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6051 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] close(3) = 0 [pid 5829] getdents64(4, [pid 5828] rmdir("./39" [pid 6050] <... write resumed>) = 18 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] mkdir("./38", 0777 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] mkdir("./40", 0777 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6050] memfd_create("syzkaller", 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6050] <... memfd_create resumed>) = 3 [pid 5829] close(4 [pid 5828] <... openat resumed>) = 3 [pid 6051] chdir("./44" [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... close resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6051] <... chdir resumed>) = 0 [pid 6050] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] rmdir("./41/file1" [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... openat resumed>) = 3 [pid 6051] <... prctl resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] close(3 [pid 6051] setpgid(0, 0 [pid 6050] <... write resumed>) = 524288 [pid 5829] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6052 attached [pid 6051] <... setpgid resumed>) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6052] set_robust_list(0x5555934ed660, 24 [pid 5831] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6052 [pid 6052] <... set_robust_list resumed>) = 0 [pid 5831] close(3 [pid 5829] newfstatat(AT_FDCWD, "./41/binderfs", [pid 6052] chdir("./40" [pid 5831] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] unlink("./41/binderfs" [pid 6052] <... chdir resumed>) = 0 [pid 6051] <... openat resumed>) = 3 [pid 6050] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... unlink resumed>) = 0 [pid 6051] write(3, "1000", 4./strace-static-x86_64: Process 6053 attached [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] getdents64(3, [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6053 [pid 6050] <... munmap resumed>) = 0 [pid 6051] <... write resumed>) = 4 [pid 6051] close(3 [pid 6052] <... prctl resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6052] setpgid(0, 0 [pid 5829] close(3 [pid 6052] <... setpgid resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] rmdir("./41" [pid 6053] set_robust_list(0x5555934ed660, 24 [pid 6052] <... openat resumed>) = 3 [pid 5829] <... rmdir resumed>) = 0 [pid 6053] <... set_robust_list resumed>) = 0 [pid 6052] write(3, "1000", 4 [pid 6053] chdir("./38" [pid 6052] <... write resumed>) = 4 [pid 5829] mkdir("./42", 0777 [pid 6053] <... chdir resumed>) = 0 [pid 6052] close(3 [pid 5829] <... mkdir resumed>) = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6052] <... close resumed>) = 0 [pid 6053] <... prctl resumed>) = 0 [pid 6052] symlink("/dev/binderfs", "./binderfs" [pid 6050] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6053] setpgid(0, 0 [pid 6052] <... symlink resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6053] <... setpgid resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... ioctl resumed>) = 0 executing program [pid 6052] write(1, "executing program\n", 18 [pid 6051] <... close resumed>) = 0 [pid 6050] <... openat resumed>) = 4 [pid 5829] close(3 [pid 6053] <... openat resumed>) = 3 [pid 6052] <... write resumed>) = 18 [pid 6051] symlink("/dev/binderfs", "./binderfs" [pid 6050] ioctl(4, LOOP_SET_FD, 3 [pid 6052] memfd_create("syzkaller", 0executing program [pid 6053] write(3, "1000", 4 [pid 6052] <... memfd_create resumed>) = 3 [pid 6051] <... symlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6051] write(1, "executing program\n", 18 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6051] <... write resumed>) = 18 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6052] <... mmap resumed>) = 0x7ff1eb400000 [pid 6051] memfd_create("syzkaller", 0 [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6051] <... memfd_create resumed>) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6054 ./strace-static-x86_64: Process 6054 attached [pid 6054] set_robust_list(0x5555934ed660, 24 [pid 6053] <... write resumed>) = 4 [pid 6053] close(3) = 0 [pid 6054] <... set_robust_list resumed>) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs" [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6054] chdir("./42" [pid 6053] <... symlink resumed>) = 0 executing program [pid 6054] <... chdir resumed>) = 0 [pid 6053] write(1, "executing program\n", 18 [pid 6051] <... mmap resumed>) = 0x7ff1eb400000 [pid 6054] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6053] <... write resumed>) = 18 [pid 6054] <... prctl resumed>) = 0 [pid 6053] memfd_create("syzkaller", 0 [pid 6054] setpgid(0, 0 [pid 6053] <... memfd_create resumed>) = 3 [pid 6051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6050] <... ioctl resumed>) = 0 [pid 6054] <... setpgid resumed>) = 0 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6050] close(3 [pid 6054] <... openat resumed>) = 3 [pid 6050] <... close resumed>) = 0 [pid 6050] close(4 [pid 6054] write(3, "1000", 4 [pid 6052] <... write resumed>) = 524288 [pid 6054] <... write resumed>) = 4 [pid 6052] munmap(0x7ff1eb400000, 138412032 [pid 6050] <... close resumed>) = 0 [ 109.588979][ T6050] loop4: detected capacity change from 0 to 1024 [pid 6054] close(3 [pid 6052] <... munmap resumed>) = 0 [pid 6054] <... close resumed>) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6050] mkdir("./file1", 0777 [pid 6054] symlink("/dev/binderfs", "./binderfs"executing program [pid 6052] <... openat resumed>) = 4 [pid 6054] <... symlink resumed>) = 0 [pid 6053] <... write resumed>) = 524288 [pid 6051] <... write resumed>) = 524288 [pid 6050] <... mkdir resumed>) = 0 [pid 6054] write(1, "executing program\n", 18 [pid 6052] ioctl(4, LOOP_SET_FD, 3 [pid 6051] munmap(0x7ff1eb400000, 138412032 [pid 6050] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6053] munmap(0x7ff1eb400000, 138412032 [pid 6054] <... write resumed>) = 18 [pid 6053] <... munmap resumed>) = 0 [pid 6051] <... munmap resumed>) = 0 [pid 6054] memfd_create("syzkaller", 0 [pid 6053] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6051] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6054] <... memfd_create resumed>) = 3 [pid 6051] <... openat resumed>) = 4 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6053] <... openat resumed>) = 4 [pid 6051] ioctl(4, LOOP_SET_FD, 3 [pid 6054] <... mmap resumed>) = 0x7ff1eb400000 [pid 6053] ioctl(4, LOOP_SET_FD, 3 [pid 6051] <... ioctl resumed>) = 0 [pid 6054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6053] <... ioctl resumed>) = 0 [pid 6052] <... ioctl resumed>) = 0 [pid 6052] close(3) = 0 [pid 6052] close(4) = 0 [pid 6052] mkdir("./file1", 0777) = 0 [pid 6050] <... mount resumed>) = 0 [pid 6052] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6050] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6054] <... write resumed>) = 524288 [pid 6050] <... openat resumed>) = 3 [pid 6054] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6050] chdir("./file1") = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6051] close(3 [pid 6050] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6054] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6051] <... close resumed>) = 0 [pid 6050] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [ 109.664806][ T6052] loop0: detected capacity change from 0 to 1024 [ 109.680086][ T6051] loop2: detected capacity change from 0 to 1024 [ 109.691365][ T6053] loop3: detected capacity change from 0 to 1024 [pid 6051] close(4 [pid 6054] <... openat resumed>) = 4 [pid 6051] <... close resumed>) = 0 [pid 6054] ioctl(4, LOOP_SET_FD, 3 [pid 6051] mkdir("./file1", 0777 [pid 6053] close(3) = 0 [pid 6051] <... mkdir resumed>) = 0 [pid 6053] close(4) = 0 [pid 6053] mkdir("./file1", 0777 [pid 6051] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6053] <... mkdir resumed>) = 0 [pid 6052] <... mount resumed>) = 0 [pid 6053] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6052] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6052] chdir("./file1") = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6050] <... link resumed>) = 0 [pid 6052] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6050] sync( [pid 6052] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6051] <... mount resumed>) = 0 [pid 6053] <... mount resumed>) = 0 [pid 6051] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6054] <... ioctl resumed>) = 0 [pid 6053] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6051] chdir("./file1" [pid 6053] <... openat resumed>) = 3 [pid 6051] <... chdir resumed>) = 0 [pid 6053] chdir("./file1" [pid 6051] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6054] close(3 [pid 6053] <... chdir resumed>) = 0 [ 109.723967][ T6054] loop1: detected capacity change from 0 to 1024 [pid 6051] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6054] <... close resumed>) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6052] <... link resumed>) = 0 [pid 6052] sync( [pid 6054] close(4) = 0 [pid 6054] mkdir("./file1", 0777) = 0 [pid 6053] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6054] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6051] <... link resumed>) = 0 [pid 6051] sync( [pid 6053] <... link resumed>) = 0 [pid 6053] sync( [pid 6054] <... mount resumed>) = 0 [pid 6054] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6050] <... sync resumed>) = 0 [pid 6050] exit_group(0) = ? [pid 6054] chdir("./file1") = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6050] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6054] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6054] <... link resumed>) = 0 [pid 6053] <... sync resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 6054] sync( [pid 6053] exit_group(0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6053] <... exit_group resumed>) = ? [pid 6051] <... sync resumed>) = 0 [pid 6054] <... sync resumed>) = 0 [pid 6052] <... sync resumed>) = 0 [pid 6054] exit_group(0 [pid 6052] exit_group(0 [pid 6054] <... exit_group resumed>) = ? [pid 5832] getdents64(3, [pid 6054] +++ exited with 0 +++ [pid 6053] +++ exited with 0 +++ [pid 6052] <... exit_group resumed>) = ? [pid 6051] exit_group(0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6054, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6051] <... exit_group resumed>) = ? [pid 5832] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6052] +++ exited with 0 +++ [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6052, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6051] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 5831] newfstatat(3, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5831] getdents64(3, [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5830] newfstatat(3, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 5832] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5831] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(AT_FDCWD, "./41/file1", [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(4, "", [pid 5830] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(4, [pid 5832] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 5829] close(4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 5829] rmdir("./42/file1" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5831] close(4) = 0 [pid 5829] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./38/file1" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... rmdir resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] unlink("./42/binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... unlink resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./38/binderfs", [pid 5829] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] unlink("./38/binderfs" [pid 5829] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(3, [pid 5829] rmdir("./42" [pid 5832] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] mkdir("./43", 0777 [pid 5832] getdents64(4, [pid 5830] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... mkdir resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... umount2 resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5830] newfstatat(AT_FDCWD, "./44/file1", [pid 5829] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./41/file1" [pid 5831] rmdir("./38" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... ioctl resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./40/file1", [pid 5832] newfstatat(AT_FDCWD, "./41/binderfs", [pid 5830] <... openat resumed>) = 4 [pid 5829] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] newfstatat(4, "", [pid 5829] <... close resumed>) = 0 [pid 5832] unlink("./41/binderfs" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] mkdir("./39", 0777 [pid 5830] getdents64(4, [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 5832] close(3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6055 attached [pid 5832] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] close(4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./41" [pid 5830] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... rmdir resumed>) = 0 [pid 5830] rmdir("./44/file1" [pid 5828] <... openat resumed>) = 4 [pid 5832] mkdir("./42", 0777 [pid 6055] set_robust_list(0x5555934ed660, 24 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 6055] <... set_robust_list resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] chdir("./43" [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6055 [pid 5828] getdents64(4, [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] close(3 [pid 5830] unlink("./44/binderfs" [pid 5828] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6055] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] getdents64(3, [pid 5828] close(4 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 ./strace-static-x86_64: Process 6056 attached [pid 6055] <... prctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] rmdir("./40/file1" [pid 6056] set_robust_list(0x5555934ed660, 24 [pid 6055] setpgid(0, 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 6055] <... setpgid resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6056 [pid 6056] <... set_robust_list resumed>) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6056] chdir("./39" [pid 6055] <... openat resumed>) = 3 executing program [pid 5832] close(3 [pid 5830] rmdir("./44" [pid 5828] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6056] <... chdir resumed>) = 0 [pid 6055] write(3, "1000", 4) = 4 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs" [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6055] <... symlink resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6055] write(1, "executing program\n", 18 [pid 5830] mkdir("./45", 0777 [pid 6055] <... write resumed>) = 18 [pid 6055] memfd_create("syzkaller", 0) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] newfstatat(AT_FDCWD, "./40/binderfs", [pid 6055] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./40/binderfs") = 0 [pid 5828] getdents64(3, [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./40") = 0 [pid 5832] <... close resumed>) = 0 [pid 6056] <... prctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6056] setpgid(0, 0) = 0 [pid 5828] mkdir("./41", 0777 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... mkdir resumed>) = 0 [pid 6056] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6056] write(3, "1000", 4 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6056] <... write resumed>) = 4 [pid 5830] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 6056] close(3) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6057 attached [pid 6056] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... close resumed>) = 0 executing program [pid 6056] <... symlink resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6056] write(1, "executing program\n", 18) = 18 ./strace-static-x86_64: Process 6058 attached [pid 6057] set_robust_list(0x5555934ed660, 24 [pid 6056] memfd_create("syzkaller", 0 [pid 6055] <... write resumed>) = 524288 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6058] set_robust_list(0x5555934ed660, 24 [pid 6056] <... memfd_create resumed>) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6059 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6057 ./strace-static-x86_64: Process 6059 attached [pid 6058] <... set_robust_list resumed>) = 0 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6058 [pid 6059] set_robust_list(0x5555934ed660, 24 [pid 6058] chdir("./42" [pid 6056] <... mmap resumed>) = 0x7ff1eb400000 [pid 6059] <... set_robust_list resumed>) = 0 [pid 6058] <... chdir resumed>) = 0 [pid 6057] <... set_robust_list resumed>) = 0 [pid 6059] chdir("./45" [pid 6057] chdir("./41") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6055] munmap(0x7ff1eb400000, 138412032 [pid 6059] <... chdir resumed>) = 0 [pid 6058] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6055] <... munmap resumed>) = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6058] <... prctl resumed>) = 0 [pid 6059] <... prctl resumed>) = 0 [pid 6059] setpgid(0, 0 [pid 6058] setpgid(0, 0 [pid 6059] <... setpgid resumed>) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6058] <... setpgid resumed>) = 0 [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6059] <... openat resumed>) = 3 [pid 6057] <... openat resumed>) = 3 [pid 6055] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6058] <... openat resumed>) = 3 [pid 6059] write(3, "1000", 4 [pid 6058] write(3, "1000", 4 [pid 6056] <... write resumed>) = 524288 [pid 6055] <... openat resumed>) = 4 [pid 6058] <... write resumed>) = 4 [pid 6058] close(3 [pid 6057] write(3, "1000", 4 [pid 6058] <... close resumed>) = 0 [pid 6057] <... write resumed>) = 4 [pid 6057] close(3 [pid 6055] ioctl(4, LOOP_SET_FD, 3 [pid 6058] symlink("/dev/binderfs", "./binderfs"executing program [pid 6059] <... write resumed>) = 4 [pid 6058] <... symlink resumed>) = 0 [pid 6057] <... close resumed>) = 0 [pid 6056] munmap(0x7ff1eb400000, 138412032 [pid 6055] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6059] close(3 [pid 6058] write(1, "executing program\n", 18 [pid 6057] symlink("/dev/binderfs", "./binderfs" [pid 6055] ioctl(4, LOOP_CLR_FD [pid 6059] <... close resumed>) = 0 [pid 6058] <... write resumed>) = 18 [pid 6057] <... symlink resumed>) = 0 [pid 6055] <... ioctl resumed>) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6058] memfd_create("syzkaller", 0 [pid 6057] write(1, "executing program\n", 18 [pid 6059] write(1, "executing program\n", 18) = 18 executing program executing program [pid 6059] memfd_create("syzkaller", 0 [pid 6057] <... write resumed>) = 18 [pid 6057] memfd_create("syzkaller", 0 [pid 6055] ioctl(4, LOOP_SET_FD, 3 [pid 6059] <... memfd_create resumed>) = 3 [pid 6058] <... memfd_create resumed>) = 3 [pid 6057] <... memfd_create resumed>) = 3 [pid 6056] <... munmap resumed>) = 0 [pid 6055] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6055] close(4 [pid 6057] <... mmap resumed>) = 0x7ff1eb400000 [pid 6055] <... close resumed>) = 0 [pid 6055] close(3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6058] <... mmap resumed>) = 0x7ff1eb400000 [pid 6056] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6055] <... close resumed>) = 0 [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6056] <... openat resumed>) = 4 [pid 6055] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6056] ioctl(4, LOOP_SET_FD, 3 [pid 6055] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6057] <... write resumed>) = 524288 [pid 6055] sync( [pid 6059] <... write resumed>) = 524288 [pid 6058] <... write resumed>) = 524288 [pid 6057] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6059] munmap(0x7ff1eb400000, 138412032 [pid 6058] munmap(0x7ff1eb400000, 138412032 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6056] <... ioctl resumed>) = 0 [ 110.122869][ T6056] loop3: detected capacity change from 0 to 1024 [pid 6057] <... openat resumed>) = 4 [pid 6059] <... munmap resumed>) = 0 [pid 6056] close(3 [pid 6057] ioctl(4, LOOP_SET_FD, 3 [pid 6059] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6057] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6057] ioctl(4, LOOP_CLR_FD [pid 6058] <... munmap resumed>) = 0 [pid 6057] <... ioctl resumed>) = 0 [pid 6059] <... openat resumed>) = 4 [pid 6056] <... close resumed>) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6059] ioctl(4, LOOP_SET_FD, 3 [pid 6056] close(4 [pid 6058] <... openat resumed>) = 4 [pid 6056] <... close resumed>) = 0 [pid 6055] <... sync resumed>) = 0 [pid 6057] ioctl(4, LOOP_SET_FD, 3 [pid 6055] exit_group(0 [pid 6057] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6055] <... exit_group resumed>) = ? [pid 6057] close(4 [pid 6055] +++ exited with 0 +++ [pid 6057] <... close resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6057] close(3 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6056] mkdir("./file1", 0777 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6058] ioctl(4, LOOP_SET_FD, 3 [pid 6056] <... mkdir resumed>) = 0 [pid 5829] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6058] <... ioctl resumed>) = 0 [pid 6057] <... close resumed>) = 0 [pid 6056] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6058] close(3 [pid 6057] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] newfstatat(AT_FDCWD, "./43/binderfs", [pid 6058] <... close resumed>) = 0 [pid 6058] close(4 [pid 6057] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./43/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6057] sync( [pid 5829] close(3 [pid 6058] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./43") = 0 [pid 6058] mkdir("./file1", 0777 [pid 5829] mkdir("./44", 0777 [pid 6058] <... mkdir resumed>) = 0 [pid 6056] <... mount resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6056] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6058] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6056] <... openat resumed>) = 3 [pid 6056] chdir("./file1" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6056] <... chdir resumed>) = 0 [ 110.167261][ T6059] loop2: detected capacity change from 0 to 1024 [ 110.181738][ T6058] loop4: detected capacity change from 0 to 1024 [pid 6056] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... openat resumed>) = 3 [pid 6059] <... ioctl resumed>) = 0 [pid 6058] <... mount resumed>) = 0 [pid 6056] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6056] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6059] close(3 [pid 6058] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6059] <... close resumed>) = 0 [pid 6058] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6059] close(4 [pid 5829] <... ioctl resumed>) = 0 [pid 6059] <... close resumed>) = 0 [pid 6059] mkdir("./file1", 0777 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6060 attached [pid 6059] <... mkdir resumed>) = 0 [pid 6058] chdir("./file1" [pid 6057] <... sync resumed>) = 0 [pid 6059] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6058] <... chdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6060 [pid 6058] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6060] set_robust_list(0x5555934ed660, 24 [pid 6058] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6057] exit_group(0 [pid 6056] <... link resumed>) = 0 [pid 6060] <... set_robust_list resumed>) = 0 [pid 6057] <... exit_group resumed>) = ? [pid 6060] chdir("./44") = 0 [pid 6056] sync( [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0 [pid 6057] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6060] <... setpgid resumed>) = 0 [pid 6059] <... mount resumed>) = 0 [pid 6058] <... link resumed>) = 0 [pid 6059] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6058] sync( [pid 5828] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6059] <... openat resumed>) = 3 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6060] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", [pid 6059] chdir("./file1" [pid 6060] write(3, "1000", 4 [pid 6059] <... chdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6060] <... write resumed>) = 4 [pid 6059] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6060] close(3 [pid 5828] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6059] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6060] <... close resumed>) = 0 [pid 6059] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./41/binderfs", executing program {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./41/binderfs" [pid 6060] write(1, "executing program\n", 18 [pid 5828] <... unlink resumed>) = 0 [pid 6060] <... write resumed>) = 18 [pid 5828] getdents64(3, [pid 6060] memfd_create("syzkaller", 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6060] <... memfd_create resumed>) = 3 [pid 5828] close(3 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./41" [pid 6060] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./42", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6059] <... link resumed>) = 0 ./strace-static-x86_64: Process 6061 attached [pid 6060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6059] sync( [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6061 [pid 6061] set_robust_list(0x5555934ed660, 24) = 0 [pid 6061] chdir("./42") = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6061] setpgid(0, 0) = 0 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6056] <... sync resumed>) = 0 [pid 6056] exit_group(0 [pid 6061] <... openat resumed>) = 3 [pid 6056] <... exit_group resumed>) = ? [pid 6061] write(3, "1000", 4) = 4 [pid 6061] close(3) = 0 [pid 6061] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6061] write(1, "executing program\n", 18) = 18 [pid 6061] memfd_create("syzkaller", 0) = 3 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6058] <... sync resumed>) = 0 [pid 6058] exit_group(0) = ? [pid 6056] +++ exited with 0 +++ [pid 6059] <... sync resumed>) = 0 [pid 6061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6059] exit_group(0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6060] <... write resumed>) = 524288 [pid 6059] <... exit_group resumed>) = ? [pid 6058] +++ exited with 0 +++ [pid 5831] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6060] munmap(0x7ff1eb400000, 138412032 [pid 6059] +++ exited with 0 +++ [pid 5831] <... openat resumed>) = 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6058, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5831] newfstatat(3, "", [pid 6060] <... munmap resumed>) = 0 [pid 5832] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6060] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6060] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(3, "", [pid 6061] <... write resumed>) = 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6061] munmap(0x7ff1eb400000, 138412032 [pid 5830] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6061] <... munmap resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5832] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./39/file1", [pid 5830] getdents64(3, [pid 6061] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6061] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6060] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 6060] close(3) = 0 [pid 6060] close(4) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6060] mkdir("./file1", 0777) = 0 [pid 6060] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./39/file1") = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6061] <... ioctl resumed>) = 0 [pid 6060] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./39/binderfs", [pid 6061] close(3 [pid 6060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6061] <... close resumed>) = 0 [pid 5831] unlink("./39/binderfs" [pid 6061] close(4 [pid 6060] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6061] <... close resumed>) = 0 [pid 6060] chdir("./file1" [pid 5832] newfstatat(AT_FDCWD, "./42/file1", [pid 6060] <... chdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6060] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./45/file1", [pid 5831] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./39" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6061] mkdir("./file1", 0777 [pid 5832] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", [pid 5831] mkdir("./40", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6060] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... mkdir resumed>) = 0 [pid 5830] getdents64(4, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 6061] <... mkdir resumed>) = 0 [pid 6060] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] rmdir("./45/file1" [pid 5832] <... openat resumed>) = 4 [pid 6061] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] newfstatat(4, "", [pid 5831] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5830] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5830] newfstatat(AT_FDCWD, "./45/binderfs", [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [ 110.377832][ T6060] loop1: detected capacity change from 0 to 1024 [ 110.406553][ T6061] loop0: detected capacity change from 0 to 1024 [pid 5830] unlink("./45/binderfs" [pid 5832] rmdir("./42/file1" [pid 5831] close(3 [pid 5830] <... unlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(3 [pid 6060] <... link resumed>) = 0 [pid 5832] unlink("./42/binderfs" [pid 5830] <... close resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 6061] <... mount resumed>) = 0 [pid 6060] sync( [pid 5831] <... close resumed>) = 0 [pid 5830] rmdir("./45" [pid 5832] getdents64(3, [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 [pid 6061] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6061] chdir("./file1") = 0 [pid 5830] mkdir("./46", 0777 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6062 attached [pid 6061] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] close(3 [pid 6062] set_robust_list(0x5555934ed660, 24 [pid 6061] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6062 [pid 6062] <... set_robust_list resumed>) = 0 [pid 5832] rmdir("./42" [pid 6062] chdir("./40" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6062] <... chdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] mkdir("./43", 0777 [pid 6062] setpgid(0, 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6062] <... setpgid resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... openat resumed>) = 3 [pid 5830] <... ioctl resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] close(3 [pid 6062] <... openat resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5832] close(3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached [pid 5832] <... close resumed>) = 0 [pid 6062] write(3, "1000", 4 [pid 6063] set_robust_list(0x5555934ed660, 24 [pid 6062] <... write resumed>) = 4 [pid 6063] <... set_robust_list resumed>) = 0 [pid 6063] chdir("./46" [pid 6061] <... link resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6063 [pid 6062] close(3 [pid 6063] <... chdir resumed>) = 0 [pid 6062] <... close resumed>) = 0 [pid 6061] sync( [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6062] symlink("/dev/binderfs", "./binderfs"executing program [pid 6063] <... prctl resumed>) = 0 [pid 6062] <... symlink resumed>) = 0 [pid 6060] <... sync resumed>) = 0 [pid 6062] write(1, "executing program\n", 18 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6062] <... write resumed>) = 18 ./strace-static-x86_64: Process 6064 attached [pid 6063] setpgid(0, 0 [pid 6062] memfd_create("syzkaller", 0 [pid 6060] exit_group(0) = ? [pid 6063] <... setpgid resumed>) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6064] set_robust_list(0x5555934ed660, 24 [pid 6063] <... openat resumed>) = 3 [pid 6062] <... memfd_create resumed>) = 3 [pid 6060] +++ exited with 0 +++ [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6064 [pid 6064] <... set_robust_list resumed>) = 0 [pid 6063] write(3, "1000", 4 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6060, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6064] chdir("./43" [pid 6063] <... write resumed>) = 4 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6064] <... chdir resumed>) = 0 [pid 6063] close(3 [pid 6062] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6063] <... close resumed>) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs" [pid 5829] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6063] <... symlink resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6064] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] getdents64(3, [pid 6063] write(1, "executing program\n", 18executing program [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6063] <... write resumed>) = 18 [pid 5829] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6064] <... prctl resumed>) = 0 [pid 6063] memfd_create("syzkaller", 0 [pid 6064] setpgid(0, 0 [pid 6062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6064] <... setpgid resumed>) = 0 [pid 6063] <... memfd_create resumed>) = 3 [pid 6064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6064] <... openat resumed>) = 3 [pid 6063] <... mmap resumed>) = 0x7ff1eb400000 [pid 6063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6064] write(3, "1000", 4 [pid 6062] <... write resumed>) = 524288 [pid 6061] <... sync resumed>) = 0 [pid 6064] <... write resumed>) = 4 [pid 6061] exit_group(0) = ? [pid 6064] close(3 [pid 6061] +++ exited with 0 +++ [pid 6064] <... close resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6061, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6064] symlink("/dev/binderfs", "./binderfs" [pid 6063] <... write resumed>) = 524288 [pid 6062] munmap(0x7ff1eb400000, 138412032 [pid 6064] <... symlink resumed>) = 0 [pid 6064] write(1, "executing program\n", 18 [pid 6062] <... munmap resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6064] <... write resumed>) = 18 [pid 5828] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6064] memfd_create("syzkaller", 0) = 3 [pid 6062] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6062] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6064] <... mmap resumed>) = 0x7ff1eb400000 [pid 6062] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6063] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5829] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6063] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6063] <... openat resumed>) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3 [pid 6064] <... write resumed>) = 524288 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... umount2 resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(4 [pid 5828] newfstatat(AT_FDCWD, "./42/file1", [pid 6062] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6062] close(3) = 0 [pid 6062] close(4) = 0 [pid 6062] mkdir("./file1", 0777 [pid 6064] munmap(0x7ff1eb400000, 138412032 [pid 6062] <... mkdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6062] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] rmdir("./44/file1" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 4 [pid 5829] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5828] newfstatat(4, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6064] <... munmap resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, [pid 5829] unlink("./44/binderfs" [pid 6064] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6064] <... openat resumed>) = 4 [pid 5829] getdents64(3, [pid 5828] close(4 [pid 6063] <... ioctl resumed>) = 0 [pid 6063] close(3) = 0 [pid 6063] close(4) = 0 [pid 6063] mkdir("./file1", 0777) = 0 [pid 6063] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6064] ioctl(4, LOOP_SET_FD, 3 [pid 6062] <... mount resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... close resumed>) = 0 [pid 5829] close(3 [pid 5828] rmdir("./42/file1" [pid 6062] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 6062] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [ 110.632026][ T6062] loop3: detected capacity change from 0 to 1024 [ 110.653783][ T6063] loop2: detected capacity change from 0 to 1024 [pid 6062] chdir("./file1" [pid 5829] rmdir("./44" [pid 5828] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6062] <... chdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6062] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... rmdir resumed>) = 0 [pid 6063] <... mount resumed>) = 0 [pid 6062] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] newfstatat(AT_FDCWD, "./42/binderfs", [pid 6062] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] mkdir("./45", 0777 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6063] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./file1") = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] unlink("./42/binderfs" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6063] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... openat resumed>) = 3 [pid 5828] <... unlink resumed>) = 0 [pid 6063] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6063] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] getdents64(3, [pid 6064] <... ioctl resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6064] close(3 [pid 5829] close(3 [pid 5828] close(3 [pid 6064] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6064] close(4 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... close resumed>) = 0 [pid 6064] <... close resumed>) = 0 ./strace-static-x86_64: Process 6065 attached [pid 6064] mkdir("./file1", 0777 [pid 6062] <... link resumed>) = 0 [pid 5828] rmdir("./42" [pid 6062] sync( [pid 5828] <... rmdir resumed>) = 0 [pid 6064] <... mkdir resumed>) = 0 [pid 6063] <... link resumed>) = 0 [pid 6063] sync( [pid 6065] set_robust_list(0x5555934ed660, 24 [pid 5828] mkdir("./43", 0777 [pid 6065] <... set_robust_list resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6065 [pid 5828] <... mkdir resumed>) = 0 [pid 6065] chdir("./45" [pid 6064] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 6065] <... chdir resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 6066 attached [ 110.702101][ T6064] loop4: detected capacity change from 0 to 1024 ) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6066 [pid 6065] setpgid(0, 0 [pid 6066] set_robust_list(0x5555934ed660, 24) = 0 [pid 6066] chdir("./43") = 0 [pid 6066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6066] setpgid(0, 0) = 0 [pid 6066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6065] <... setpgid resumed>) = 0 [pid 6066] <... openat resumed>) = 3 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6066] write(3, "1000", 4) = 4 [pid 6065] <... openat resumed>) = 3 [pid 6066] close(3) = 0 [pid 6066] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6066] write(1, "executing program\n", 18) = 18 [pid 6066] memfd_create("syzkaller", 0) = 3 [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6065] write(3, "1000", 4 [pid 6064] <... mount resumed>) = 0 [pid 6066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6065] <... write resumed>) = 4 [pid 6064] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6065] close(3 [pid 6064] <... openat resumed>) = 3 [pid 6063] <... sync resumed>) = 0 [pid 6062] <... sync resumed>) = 0 [pid 6065] <... close resumed>) = 0 [pid 6064] chdir("./file1" [pid 6063] exit_group(0 [pid 6062] exit_group(0 [pid 6065] symlink("/dev/binderfs", "./binderfs" [pid 6063] <... exit_group resumed>) = ? [pid 6062] <... exit_group resumed>) = ? [pid 6065] <... symlink resumed>) = 0 [pid 6064] <... chdir resumed>) = 0 [pid 6063] +++ exited with 0 +++ [pid 6062] +++ exited with 0 +++ executing program [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6065] write(1, "executing program\n", 18 [pid 6064] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6065] <... write resumed>) = 18 [pid 6064] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6065] memfd_create("syzkaller", 0 [pid 6064] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6065] <... memfd_create resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6065] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] getdents64(3, [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6066] <... write resumed>) = 524288 [pid 5830] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] <... munmap resumed>) = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6066] ioctl(4, LOOP_SET_FD, 3 [pid 6065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6064] <... link resumed>) = 0 [pid 6064] sync( [pid 6066] <... ioctl resumed>) = 0 [pid 6066] close(3) = 0 [pid 6066] close(4) = 0 [pid 6066] mkdir("./file1", 0777 [pid 6065] <... write resumed>) = 524288 [pid 5830] <... umount2 resumed>) = 0 [pid 6066] <... mkdir resumed>) = 0 [pid 5830] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5831] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./40/file1", [pid 5830] close(4) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./46/file1" [pid 5831] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... rmdir resumed>) = 0 [pid 6066] <... mount resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 6066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6066] chdir("./file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 6066] <... chdir resumed>) = 0 [pid 5830] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6065] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6066] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 110.860552][ T6066] loop0: detected capacity change from 0 to 1024 [pid 5830] newfstatat(AT_FDCWD, "./46/binderfs", [pid 6066] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6065] <... munmap resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] getdents64(4, [pid 5830] unlink("./46/binderfs" [pid 6065] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 6065] ioctl(4, LOOP_SET_FD, 3 [pid 6064] <... sync resumed>) = 0 [pid 5831] close(4 [pid 6064] exit_group(0 [pid 5831] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 6064] <... exit_group resumed>) = ? [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] rmdir("./40/file1" [pid 5830] close(3) = 0 [pid 5830] rmdir("./46" [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./47", 0777) = 0 [pid 6066] <... link resumed>) = 0 [pid 6066] sync( [pid 5831] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6064] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5830] <... openat resumed>) = 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6064, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] unlink("./40/binderfs" [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached [pid 6065] <... ioctl resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6067 [pid 6067] set_robust_list(0x5555934ed660, 24) = 0 [pid 6066] <... sync resumed>) = 0 [pid 5832] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] close(3 [pid 5831] close(3 [pid 6066] exit_group(0) = ? [pid 6065] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 6065] close(4 [pid 6067] chdir("./47") = 0 [pid 5832] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] rmdir("./40" [pid 6065] <... close resumed>) = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6065] mkdir("./file1", 0777 [pid 6067] setpgid(0, 0 [pid 6066] +++ exited with 0 +++ [pid 5831] <... rmdir resumed>) = 0 [pid 6067] <... setpgid resumed>) = 0 [pid 6065] <... mkdir resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] newfstatat(3, "", [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6066, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6067] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] mkdir("./41", 0777 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6067] write(3, "1000", 4 [pid 5832] getdents64(3, [pid 5828] <... restart_syscall resumed>) = 0 [pid 6067] <... write resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6067] close(3) = 0 [pid 6065] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6067] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6067] <... symlink resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 executing program [pid 6067] write(1, "executing program\n", 18 [pid 5828] newfstatat(3, "", [pid 6067] <... write resumed>) = 18 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 110.931524][ T6065] loop1: detected capacity change from 0 to 1024 [pid 6067] memfd_create("syzkaller", 0 [pid 5828] getdents64(3, [pid 6067] <... memfd_create resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6068 attached [pid 5832] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] <... mount resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6065] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./43/file1", [pid 5832] newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6068] set_robust_list(0x5555934ed660, 24 [pid 6067] <... write resumed>) = 524288 [pid 6065] <... openat resumed>) = 3 [pid 5832] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6068 [pid 6068] <... set_robust_list resumed>) = 0 [pid 6067] munmap(0x7ff1eb400000, 138412032 [pid 6065] chdir("./file1" [pid 5832] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 4 [pid 6065] <... chdir resumed>) = 0 [pid 6068] chdir("./41" [pid 6067] <... munmap resumed>) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] newfstatat(4, "", [pid 5828] newfstatat(4, "", [pid 6067] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6065] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6067] <... openat resumed>) = 4 [pid 6067] ioctl(4, LOOP_SET_FD, 3 [pid 6068] <... chdir resumed>) = 0 [pid 6065] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] getdents64(4, [pid 5828] getdents64(4, [pid 6068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6068] setpgid(0, 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6068] <... setpgid resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] close(4 [pid 5832] getdents64(4, [pid 5828] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] rmdir("./43/file1" [pid 6067] <... ioctl resumed>) = 0 [pid 5832] close(4 [pid 5828] <... rmdir resumed>) = 0 [pid 6067] close(3) = 0 [pid 6067] close(4) = 0 [pid 6067] mkdir("./file1", 0777 [pid 6068] <... openat resumed>) = 3 [pid 6067] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6067] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""executing program [pid 6068] write(3, "1000", 4 [pid 5832] rmdir("./43/file1" [pid 5828] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6068] <... write resumed>) = 4 [pid 6068] close(3 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6068] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./43/binderfs", [pid 6068] symlink("/dev/binderfs", "./binderfs" [pid 6065] <... link resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6068] <... symlink resumed>) = 0 [pid 6065] sync( [pid 5828] unlink("./43/binderfs" [pid 6068] write(1, "executing program\n", 18) = 18 [pid 5828] <... unlink resumed>) = 0 [pid 6068] memfd_create("syzkaller", 0 [pid 5832] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 6068] <... memfd_create resumed>) = 3 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6067] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6068] <... mmap resumed>) = 0x7ff1eb400000 [pid 6067] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] close(3 [pid 6067] <... openat resumed>) = 3 [pid 6067] chdir("./file1") = 0 [pid 5828] <... close resumed>) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5828] rmdir("./43" [pid 6067] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5832] unlink("./43/binderfs" [pid 5828] mkdir("./44", 0777 [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 5828] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6067] <... link resumed>) = 0 [ 111.038784][ T6067] loop2: detected capacity change from 0 to 1024 [pid 6067] sync( [pid 5832] close(3 [pid 5828] <... openat resumed>) = 3 [pid 6065] <... sync resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] rmdir("./43" [pid 5828] <... ioctl resumed>) = 0 [pid 6065] exit_group(0) = ? [pid 5832] <... rmdir resumed>) = 0 [pid 5828] close(3 [pid 6065] +++ exited with 0 +++ [pid 5828] <... close resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] mkdir("./44", 0777 [pid 5829] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6069 attached [pid 6068] <... write resumed>) = 524288 [pid 5832] <... mkdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6067] <... sync resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6067] exit_group(0 [pid 5829] newfstatat(3, "", [pid 6067] <... exit_group resumed>) = ? [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6067] +++ exited with 0 +++ [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5829] <... umount2 resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6069] set_robust_list(0x5555934ed660, 24 [pid 6068] munmap(0x7ff1eb400000, 138412032 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6069 [pid 5832] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./45/file1", [pid 6069] <... set_robust_list resumed>) = 0 [pid 6068] <... munmap resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6069] chdir("./44" [pid 6068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6069] <... chdir resumed>) = 0 [pid 6068] <... openat resumed>) = 4 [pid 5829] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6068] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6069] <... prctl resumed>) = 0 [pid 6068] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] getdents64(4, [pid 6068] ioctl(4, LOOP_CLR_FD [pid 6069] setpgid(0, 0 [pid 6068] <... ioctl resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6069] <... setpgid resumed>) = 0 [pid 5829] close(4) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] rmdir("./45/file1" [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6068] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6069] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6068] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6069] write(3, "1000", 4 [pid 6068] close(4 [pid 6069] <... write resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./45/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 6069] close(3 [pid 6068] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 6069] <... close resumed>) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs" [pid 5829] rmdir("./45" [pid 6069] <... symlink resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./46", 0777 [pid 6069] write(1, "executing program\n", 18 [pid 6068] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3executing program ./strace-static-x86_64: Process 6070 attached [pid 6069] <... write resumed>) = 18 [pid 5830] newfstatat(AT_FDCWD, "./47/file1", [pid 6069] memfd_create("syzkaller", 0 [pid 6070] set_robust_list(0x5555934ed660, 24 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6069] <... memfd_create resumed>) = 3 [pid 5830] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6070] <... set_robust_list resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6069] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6070 [pid 5830] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6070] chdir("./44") = 0 [pid 6070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6070] setpgid(0, 0) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] newfstatat(4, "", [pid 6070] <... openat resumed>) = 3 [pid 6069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6068] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 6068] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] rmdir("./47/file1" [pid 6070] write(3, "1000", 4 [pid 5830] <... rmdir resumed>) = 0 [pid 6068] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6070] <... write resumed>) = 4 [pid 6069] <... write resumed>) = 524288 [pid 6068] sync( [pid 5830] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] close(3) = 0 [pid 5829] <... close resumed>) = 0 [pid 6070] symlink("/dev/binderfs", "./binderfs"executing program [pid 6069] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6070] <... symlink resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6070] write(1, "executing program\n", 18 [pid 6069] <... munmap resumed>) = 0 [pid 6070] <... write resumed>) = 18 [pid 5830] newfstatat(AT_FDCWD, "./47/binderfs", [pid 6070] memfd_create("syzkaller", 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6070] <... memfd_create resumed>) = 3 [pid 6069] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6071 ./strace-static-x86_64: Process 6071 attached [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6069] ioctl(4, LOOP_SET_FD, 3 [pid 5830] unlink("./47/binderfs" [pid 6071] set_robust_list(0x5555934ed660, 24 [pid 6070] <... mmap resumed>) = 0x7ff1eb400000 [pid 6071] <... set_robust_list resumed>) = 0 [pid 6069] <... ioctl resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 6071] chdir("./46" [pid 5830] getdents64(3, [pid 6071] <... chdir resumed>) = 0 [pid 6070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6068] <... sync resumed>) = 0 [pid 5830] close(3 [pid 6071] <... prctl resumed>) = 0 [pid 6068] exit_group(0 [pid 6071] setpgid(0, 0 [pid 6068] <... exit_group resumed>) = ? [pid 5830] <... close resumed>) = 0 [pid 6071] <... setpgid resumed>) = 0 [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] rmdir("./47" [pid 6071] <... openat resumed>) = 3 [pid 6071] write(3, "1000", 4) = 4 [pid 6071] close(3) = 0 [pid 6071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... rmdir resumed>) = 0 executing program [pid 6071] write(1, "executing program\n", 18 [pid 5830] mkdir("./48", 0777 [pid 6071] <... write resumed>) = 18 [pid 6071] memfd_create("syzkaller", 0) = 3 [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6071] <... mmap resumed>) = 0x7ff1eb400000 [pid 6070] <... write resumed>) = 524288 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6068] +++ exited with 0 +++ [pid 5830] <... openat resumed>) = 3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6068, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6070] munmap(0x7ff1eb400000, 138412032 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... ioctl resumed>) = 0 [pid 6070] <... munmap resumed>) = 0 [pid 5830] close(3 [pid 6071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6069] close(3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6069] <... close resumed>) = 0 [pid 5831] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] <... openat resumed>) = 4 [pid 6069] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6071] <... write resumed>) = 524288 [pid 6069] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6071] munmap(0x7ff1eb400000, 138412032 [ 111.229563][ T6069] loop0: detected capacity change from 0 to 1024 [pid 6069] mkdir("./file1", 0777 [pid 6070] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 3 [pid 6071] <... munmap resumed>) = 0 [pid 6069] <... mkdir resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6071] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6069] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 6071] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6071] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached [pid 5831] newfstatat(AT_FDCWD, "./41/binderfs", [pid 6072] set_robust_list(0x5555934ed660, 24 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6072 [pid 6072] <... set_robust_list resumed>) = 0 [pid 5831] unlink("./41/binderfs" [pid 6072] chdir("./48") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... unlink resumed>) = 0 [pid 6072] <... prctl resumed>) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 5831] getdents64(3, [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6070] <... ioctl resumed>) = 0 [pid 6070] close(3 [pid 6072] <... openat resumed>) = 3 [pid 6070] <... close resumed>) = 0 [pid 6070] close(4) = 0 [pid 6070] mkdir("./file1", 0777 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6072] write(3, "1000", 4 [pid 6069] <... mount resumed>) = 0 [pid 5831] close(3 [pid 6072] <... write resumed>) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs" [pid 6070] <... mkdir resumed>) = 0 [pid 6072] <... symlink resumed>) = 0 [pid 6071] <... ioctl resumed>) = 0 [pid 6070] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6069] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 6072] write(1, "executing program\n", 18 [pid 6071] close(3 [pid 6069] <... openat resumed>) = 3 executing program [pid 5831] rmdir("./41" [pid 6072] <... write resumed>) = 18 [pid 6071] <... close resumed>) = 0 [ 111.283438][ T6070] loop4: detected capacity change from 0 to 1024 [ 111.295610][ T6071] loop1: detected capacity change from 0 to 1024 [pid 6069] chdir("./file1" [pid 5831] <... rmdir resumed>) = 0 [pid 6072] memfd_create("syzkaller", 0 [pid 6071] close(4 [pid 6069] <... chdir resumed>) = 0 [pid 5831] mkdir("./42", 0777 [pid 6072] <... memfd_create resumed>) = 3 [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6071] <... close resumed>) = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 6071] mkdir("./file1", 0777 [pid 6069] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6071] <... mkdir resumed>) = 0 [pid 6069] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6071] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 6070] <... mount resumed>) = 0 [pid 6070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6073 attached [pid 6070] <... openat resumed>) = 3 [pid 6070] chdir("./file1" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6073 [pid 6073] set_robust_list(0x5555934ed660, 24 [pid 6070] <... chdir resumed>) = 0 [pid 6073] <... set_robust_list resumed>) = 0 [pid 6073] chdir("./42" [pid 6070] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6073] <... chdir resumed>) = 0 [pid 6073] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6070] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6073] <... prctl resumed>) = 0 [pid 6073] setpgid(0, 0 [pid 6070] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6069] <... link resumed>) = 0 [pid 6073] <... setpgid resumed>) = 0 [pid 6073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6071] <... mount resumed>) = 0 [pid 6069] sync( [pid 6073] <... openat resumed>) = 3 [pid 6071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] write(3, "1000", 4 [pid 6071] chdir("./file1" [pid 6072] <... write resumed>) = 524288 [pid 6073] <... write resumed>) = 4 [pid 6072] munmap(0x7ff1eb400000, 138412032 [pid 6071] <... chdir resumed>) = 0 [pid 6073] close(3) = 0 [pid 6072] <... munmap resumed>) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6073] symlink("/dev/binderfs", "./binderfs" [pid 6071] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6071] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6070] <... link resumed>) = 0 executing program [pid 6073] <... symlink resumed>) = 0 [pid 6072] <... openat resumed>) = 4 [pid 6070] sync( [pid 6073] write(1, "executing program\n", 18) = 18 [pid 6072] ioctl(4, LOOP_SET_FD, 3 [pid 6073] memfd_create("syzkaller", 0 [pid 6072] <... ioctl resumed>) = 0 [pid 6069] <... sync resumed>) = 0 [pid 6069] exit_group(0 [pid 6073] <... memfd_create resumed>) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6069] <... exit_group resumed>) = ? [pid 6073] <... mmap resumed>) = 0x7ff1eb400000 [pid 6071] <... link resumed>) = 0 [pid 6071] sync( [pid 6073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6069] +++ exited with 0 +++ [pid 6073] <... write resumed>) = 524288 [pid 6072] close(3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6072] <... close resumed>) = 0 [pid 6072] close(4) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6073] munmap(0x7ff1eb400000, 138412032 [pid 6072] mkdir("./file1", 0777 [pid 5828] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.429113][ T6072] loop2: detected capacity change from 0 to 1024 [pid 5828] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6073] <... munmap resumed>) = 0 [pid 6072] <... mkdir resumed>) = 0 [pid 6071] <... sync resumed>) = 0 [pid 6070] <... sync resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6073] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6071] exit_group(0 [pid 6070] exit_group(0 [pid 5828] newfstatat(3, "", [pid 6073] ioctl(4, LOOP_SET_FD, 3 [pid 6072] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6071] <... exit_group resumed>) = ? [pid 6070] <... exit_group resumed>) = ? [pid 6071] +++ exited with 0 +++ [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] <... ioctl resumed>) = 0 [pid 6070] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6073] close(3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6070, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6073] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6073] close(4) = 0 [pid 5829] newfstatat(3, "", [pid 6073] mkdir("./file1", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 6073] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6073] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6072] <... mount resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5829] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6072] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] newfstatat(3, "", [pid 6073] <... mount resumed>) = 0 [pid 6072] <... openat resumed>) = 3 [pid 6072] chdir("./file1" [ 111.485277][ T6073] loop3: detected capacity change from 0 to 1024 [pid 6073] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6072] <... chdir resumed>) = 0 [pid 6073] chdir("./file1") = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6072] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] getdents64(3, [pid 5828] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6072] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6073] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] newfstatat(AT_FDCWD, "./44/file1", [pid 5832] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6073] <... link resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./44/file1" [pid 5829] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] sync( [pid 5829] newfstatat(AT_FDCWD, "./46/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./44/binderfs" [pid 5832] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6072] <... link resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 6072] sync( [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] close(3 [pid 5829] <... openat resumed>) = 4 [pid 5828] <... close resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5828] rmdir("./44" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] mkdir("./45", 0777 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... mkdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5832] newfstatat(AT_FDCWD, "./44/file1", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./46/file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5829] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6074 attached [pid 5832] newfstatat(4, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] unlink("./46/binderfs" [pid 5832] getdents64(4, [pid 5829] <... unlink resumed>) = 0 [pid 6074] set_robust_list(0x5555934ed660, 24 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(3, [pid 6074] <... set_robust_list resumed>) = 0 [pid 6073] <... sync resumed>) = 0 [pid 6072] <... sync resumed>) = 0 [pid 5832] getdents64(4, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6074 [pid 6074] chdir("./45" [pid 6072] exit_group(0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 6072] <... exit_group resumed>) = ? [pid 5832] close(4) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./46" [pid 6074] <... chdir resumed>) = 0 [pid 6072] +++ exited with 0 +++ [pid 5832] rmdir("./44/file1" [pid 6073] exit_group(0 [pid 5829] <... rmdir resumed>) = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... rmdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6074] <... prctl resumed>) = 0 [pid 5832] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6074] setpgid(0, 0 [pid 6073] <... exit_group resumed>) = ? [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mkdir("./47", 0777 [pid 6074] <... setpgid resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] newfstatat(AT_FDCWD, "./44/binderfs", [pid 6074] <... openat resumed>) = 3 [pid 5830] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6073] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6073, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] <... openat resumed>) = 3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6074] write(3, "1000", 4 [pid 5830] newfstatat(3, "", [pid 5829] <... ioctl resumed>) = 0 [pid 6074] <... write resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6074] close(3 [pid 5832] unlink("./44/binderfs" [pid 6074] <... close resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] close(3 [pid 5832] getdents64(3, [pid 5831] <... restart_syscall resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] rmdir("./44" [pid 6074] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6075 attached [pid 6074] <... symlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 executing program [pid 6074] write(1, "executing program\n", 18 [pid 5831] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6074] <... write resumed>) = 18 [pid 5831] <... openat resumed>) = 3 [pid 6074] memfd_create("syzkaller", 0 [pid 5831] newfstatat(3, "", [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6075 [pid 6074] <... memfd_create resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] getdents64(3, [pid 6074] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6075] set_robust_list(0x5555934ed660, 24 [pid 5832] mkdir("./45", 0777 [pid 6075] <... set_robust_list resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 6074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6075] chdir("./47" [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6075] <... chdir resumed>) = 0 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... openat resumed>) = 3 [pid 6075] <... prctl resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6075] setpgid(0, 0 [pid 5832] <... ioctl resumed>) = 0 [pid 6075] <... setpgid resumed>) = 0 [pid 5832] close(3 [pid 5830] <... umount2 resumed>) = 0 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... close resumed>) = 0 [pid 6075] <... openat resumed>) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6075] write(3, "1000", 4) = 4 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6076 ./strace-static-x86_64: Process 6076 attached [pid 6076] set_robust_list(0x5555934ed660, 24 [pid 6075] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 6075] <... close resumed>) = 0 [pid 6076] <... set_robust_list resumed>) = 0 [pid 6075] symlink("/dev/binderfs", "./binderfs" [pid 5830] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6076] chdir("./45" [pid 6075] <... symlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6076] <... chdir resumed>) = 0 [pid 6075] write(1, "executing program\n", 18 [pid 6076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6075] <... write resumed>) = 18 [pid 6076] <... prctl resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./48/file1", [pid 6076] setpgid(0, 0 [pid 6075] memfd_create("syzkaller", 0 [pid 6074] <... write resumed>) = 524288 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6076] <... setpgid resumed>) = 0 [pid 6075] <... memfd_create resumed>) = 3 [pid 5830] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6074] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6074] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6076] <... openat resumed>) = 3 [pid 6075] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] newfstatat(AT_FDCWD, "./42/file1", [pid 5830] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] newfstatat(4, "", [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6074] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, [pid 5831] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6076] write(3, "1000", 4 [pid 6074] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 4 [pid 5830] getdents64(4, [pid 6076] <... write resumed>) = 4 [pid 6076] close(3 [pid 6075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] newfstatat(4, "", [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6076] <... close resumed>) = 0 [pid 6076] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] close(4 [pid 5831] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 6076] <... symlink resumed>) = 0 executing program [pid 6076] write(1, "executing program\n", 18) = 18 [pid 5830] rmdir("./48/file1" [pid 6076] memfd_create("syzkaller", 0) = 3 [pid 6075] <... write resumed>) = 524288 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6075] munmap(0x7ff1eb400000, 138412032 [pid 6076] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] close(4 [pid 5830] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6075] <... munmap resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./42/file1" [pid 5830] newfstatat(AT_FDCWD, "./48/binderfs", [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6075] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5831] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] unlink("./48/binderfs" [pid 6075] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./42/binderfs", [pid 5830] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] unlink("./42/binderfs" [pid 5830] close(3 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6074] <... ioctl resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] rmdir("./48" [pid 6074] close(3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6074] <... close resumed>) = 0 [pid 5831] close(3 [pid 5830] mkdir("./49", 0777 [pid 6074] close(4 [pid 5831] <... close resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6074] <... close resumed>) = 0 [pid 5831] rmdir("./42" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6074] mkdir("./file1", 0777 [pid 5831] <... rmdir resumed>) = 0 [pid 6074] <... mkdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6074] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] mkdir("./43", 0777 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6077 attached ) = 0 [pid 6076] <... write resumed>) = 524288 [pid 5831] close(3 [pid 6075] <... ioctl resumed>) = 0 [ 111.732058][ T6074] loop0: detected capacity change from 0 to 1024 [ 111.764676][ T6075] loop1: detected capacity change from 0 to 1024 [pid 6077] set_robust_list(0x5555934ed660, 24 [pid 6075] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6077 [pid 6075] <... close resumed>) = 0 [pid 6077] <... set_robust_list resumed>) = 0 [pid 6077] chdir("./49" [pid 6076] munmap(0x7ff1eb400000, 138412032 [pid 6075] close(4) = 0 [pid 6077] <... chdir resumed>) = 0 [pid 6076] <... munmap resumed>) = 0 [pid 6075] mkdir("./file1", 0777 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6076] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6075] <... mkdir resumed>) = 0 [pid 6076] <... openat resumed>) = 4 [pid 6075] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6077] <... openat resumed>) = 3 [pid 6076] ioctl(4, LOOP_SET_FD, 3 [pid 6077] write(3, "1000", 4 [pid 6074] <... mount resumed>) = 0 [pid 6077] <... write resumed>) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6074] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6077] write(1, "executing program\n", 18 [pid 6074] <... openat resumed>) = 3 [pid 6077] <... write resumed>) = 18 [pid 6074] chdir("./file1" [pid 5831] <... close resumed>) = 0 [pid 6077] memfd_create("syzkaller", 0 [pid 6074] <... chdir resumed>) = 0 [pid 6077] <... memfd_create resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6074] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6074] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"./strace-static-x86_64: Process 6078 attached [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6078 [pid 6077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6078] set_robust_list(0x5555934ed660, 24 [pid 6076] <... ioctl resumed>) = 0 [pid 6074] <... link resumed>) = 0 [pid 6078] <... set_robust_list resumed>) = 0 [pid 6076] close(3) = 0 [pid 6078] chdir("./43" [pid 6074] sync( [pid 6078] <... chdir resumed>) = 0 [pid 6076] close(4) = 0 [pid 6076] mkdir("./file1", 0777) = 0 [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6076] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6078] <... prctl resumed>) = 0 [ 111.823090][ T6076] loop4: detected capacity change from 0 to 1024 [pid 6077] <... write resumed>) = 524288 [pid 6078] setpgid(0, 0 [pid 6076] <... mount resumed>) = 0 [pid 6078] <... setpgid resumed>) = 0 [pid 6076] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6076] <... openat resumed>) = 3 [pid 6078] <... openat resumed>) = 3 [pid 6077] munmap(0x7ff1eb400000, 138412032 [pid 6076] chdir("./file1" [pid 6078] write(3, "1000", 4 [pid 6077] <... munmap resumed>) = 0 [pid 6076] <... chdir resumed>) = 0 [pid 6078] <... write resumed>) = 4 [pid 6078] close(3 [pid 6076] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6077] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6076] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6077] <... openat resumed>) = 4 [pid 6076] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6078] <... close resumed>) = 0 [pid 6077] ioctl(4, LOOP_SET_FD, 3 [pid 6078] symlink("/dev/binderfs", "./binderfs" [pid 6075] <... mount resumed>) = 0 executing program [pid 6078] <... symlink resumed>) = 0 [pid 6075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6078] write(1, "executing program\n", 18 [pid 6075] <... openat resumed>) = 3 [pid 6078] <... write resumed>) = 18 [pid 6075] chdir("./file1" [pid 6078] memfd_create("syzkaller", 0 [pid 6076] <... link resumed>) = 0 [pid 6075] <... chdir resumed>) = 0 [pid 6078] <... memfd_create resumed>) = 3 [pid 6076] sync( [pid 6075] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6075] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6075] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6077] <... ioctl resumed>) = 0 [pid 6077] close(3) = 0 [pid 6077] close(4) = 0 [pid 6078] <... mmap resumed>) = 0x7ff1eb400000 [pid 6077] mkdir("./file1", 0777 [pid 6078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6077] <... mkdir resumed>) = 0 [pid 6074] <... sync resumed>) = 0 [pid 6074] exit_group(0 [pid 6077] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6074] <... exit_group resumed>) = ? [pid 6074] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6074, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 111.897768][ T6077] loop2: detected capacity change from 0 to 1024 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6078] <... write resumed>) = 524288 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6075] <... link resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6075] sync( [pid 5828] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6078] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3 [pid 6077] <... mount resumed>) = 0 [pid 6077] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6077] chdir("./file1") = 0 [pid 6077] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [ 111.986513][ T6078] loop3: detected capacity change from 0 to 1024 [pid 6077] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... umount2 resumed>) = 0 [pid 6078] <... ioctl resumed>) = 0 [pid 6077] <... link resumed>) = 0 [pid 6076] <... sync resumed>) = 0 [pid 6075] <... sync resumed>) = 0 [pid 6075] exit_group(0) = ? [pid 6076] exit_group(0 [pid 6078] close(3 [pid 6077] sync( [pid 5828] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6078] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6078] close(4 [pid 5828] newfstatat(AT_FDCWD, "./45/file1", [pid 6078] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6078] mkdir("./file1", 0777 [pid 6075] +++ exited with 0 +++ [pid 5828] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6078] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6075, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6076] <... exit_group resumed>) = ? [pid 5828] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... openat resumed>) = 4 [pid 6078] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 6076] +++ exited with 0 +++ [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6076, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 5832] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] close(4 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] newfstatat(3, "", [pid 5828] <... close resumed>) = 0 [pid 5832] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6078] <... mount resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] rmdir("./45/file1" [pid 5829] getdents64(3, [pid 6078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6078] chdir("./file1" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6078] <... chdir resumed>) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] unlink("./45/binderfs" [pid 6078] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... unlink resumed>) = 0 [pid 6078] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6077] <... sync resumed>) = 0 [pid 5828] getdents64(3, [pid 6077] exit_group(0) = ? [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6077] +++ exited with 0 +++ [pid 5832] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./45" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] newfstatat(AT_FDCWD, "./45/file1", [pid 5828] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] mkdir("./46", 0777 [pid 5832] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6078] <... link resumed>) = 0 [pid 5832] getdents64(4, [pid 5829] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5829] newfstatat(AT_FDCWD, "./47/file1", [pid 5828] <... openat resumed>) = 3 [pid 6078] sync( [pid 5830] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(4) = 0 [pid 5832] rmdir("./45/file1") = 0 [pid 5830] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5828] <... ioctl resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5829] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 5832] newfstatat(AT_FDCWD, "./45/binderfs", [pid 5828] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./45/binderfs") = 0 [pid 5832] getdents64(3, ./strace-static-x86_64: Process 6079 attached [pid 6079] set_robust_list(0x5555934ed660, 24 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] close(3) = 0 [pid 5832] rmdir("./45") = 0 [pid 5832] mkdir("./46", 0777 [pid 5829] <... openat resumed>) = 4 [pid 6079] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... mkdir resumed>) = 0 [pid 6079] chdir("./46" [pid 5829] newfstatat(4, "", [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6079 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6079] <... chdir resumed>) = 0 [pid 6078] <... sync resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] getdents64(4, [pid 6079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6078] exit_group(0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6079] <... prctl resumed>) = 0 [pid 6078] <... exit_group resumed>) = ? [pid 5829] getdents64(4, [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6078] +++ exited with 0 +++ [pid 5829] close(4 [pid 6079] setpgid(0, 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] <... close resumed>) = 0 ./strace-static-x86_64: Process 6080 attached [pid 6079] <... setpgid resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... umount2 resumed>) = 0 [pid 5829] rmdir("./47/file1" [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6080 [pid 6079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6080] set_robust_list(0x5555934ed660, 24) = 0 [pid 6080] chdir("./46" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] newfstatat(AT_FDCWD, "./47/binderfs", [pid 6080] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(3, "", [pid 5829] unlink("./47/binderfs" [pid 6079] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... unlink resumed>) = 0 [pid 6080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6080] setpgid(0, 0 [pid 5830] newfstatat(AT_FDCWD, "./49/file1", [pid 6080] <... setpgid resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] getdents64(3, [pid 5831] getdents64(3, [pid 5830] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6079] write(3, "1000", 4 [pid 5829] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 6080] <... openat resumed>) = 3 [pid 6079] <... write resumed>) = 4 [pid 5831] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 6080] write(3, "1000", 4 [pid 6079] close(3 [pid 5830] newfstatat(4, "", [pid 5829] rmdir("./47" [pid 6079] <... close resumed>) = 0 [pid 6080] <... write resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6080] close(3 [pid 5830] getdents64(4, [pid 6080] <... close resumed>) = 0 [pid 6079] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6080] symlink("/dev/binderfs", "./binderfs" [pid 5830] getdents64(4, [pid 6080] <... symlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./49/file1") = 0 [pid 6080] write(1, "executing program\n", 18) = 18 [pid 6080] memfd_create("syzkaller", 0) = 3 [pid 6079] <... symlink resumed>) = 0 [pid 5830] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./49/binderfs", executing program [pid 6080] <... mmap resumed>) = 0x7ff1eb400000 [pid 6079] write(1, "executing program\n", 18 [pid 5831] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6079] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./49/binderfs" [pid 6079] memfd_create("syzkaller", 0 [pid 5831] newfstatat(AT_FDCWD, "./43/file1", [pid 5829] mkdir("./48", 0777 [pid 6079] <... memfd_create resumed>) = 3 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6079] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] getdents64(4, [pid 5830] rmdir("./49" [pid 5829] <... ioctl resumed>) = 0 [pid 6080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] close(3 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] mkdir("./50", 0777 [pid 5831] close(4 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] rmdir("./43/file1"./strace-static-x86_64: Process 6081 attached [pid 6080] <... write resumed>) = 524288 [pid 5830] close(3) = 0 [pid 6081] set_robust_list(0x5555934ed660, 24 [pid 6079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6081 [pid 6081] <... set_robust_list resumed>) = 0 [pid 6081] chdir("./48"./strace-static-x86_64: Process 6082 attached ) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6082 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6082] set_robust_list(0x5555934ed660, 24) = 0 [pid 6081] <... openat resumed>) = 3 [pid 6082] chdir("./50" [pid 6080] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6081] write(3, "1000", 4) = 4 [pid 6080] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6082] <... chdir resumed>) = 0 [pid 6081] close(3 [pid 5831] newfstatat(AT_FDCWD, "./43/binderfs", [pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6081] <... close resumed>) = 0 [pid 6080] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6082] <... prctl resumed>) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs" [pid 6082] setpgid(0, 0 [pid 6081] <... symlink resumed>) = 0 [pid 6082] <... setpgid resumed>) = 0 [pid 6080] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] unlink("./43/binderfs"executing program [pid 6081] write(1, "executing program\n", 18) = 18 [pid 5831] <... unlink resumed>) = 0 [pid 6082] <... openat resumed>) = 3 [pid 6081] memfd_create("syzkaller", 0 [pid 6080] ioctl(4, LOOP_SET_FD, 3 [pid 6079] <... write resumed>) = 524288 [pid 5831] getdents64(3, [pid 6082] write(3, "1000", 4 [pid 6080] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6082] <... write resumed>) = 4 [pid 6080] ioctl(4, LOOP_CLR_FD [pid 5831] close(3 [pid 6082] close(3 [pid 6080] <... ioctl resumed>) = 0 [pid 6082] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] <... memfd_create resumed>) = 3 [pid 5831] rmdir("./43" [pid 6080] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6079] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... rmdir resumed>) = 0 [pid 6082] write(1, "executing program\n", 18 [pid 6081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 6082] <... write resumed>) = 18 [pid 6081] <... mmap resumed>) = 0x7ff1eb400000 [pid 6080] close(4 [pid 6079] <... munmap resumed>) = 0 [pid 5831] mkdir("./44", 0777 [pid 6082] memfd_create("syzkaller", 0 [pid 6080] <... close resumed>) = 0 [pid 6081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 6082] <... memfd_create resumed>) = 3 [pid 6080] close(3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6080] <... close resumed>) = 0 [pid 6079] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6082] <... mmap resumed>) = 0x7ff1eb400000 [pid 6079] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 3 [pid 6080] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6080] sync( [pid 6079] <... ioctl resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 6081] <... write resumed>) = 524288 [pid 5831] close(3 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6080] <... sync resumed>) = 0 [pid 6080] exit_group(0) = ? [pid 6080] +++ exited with 0 +++ [pid 5831] <... close resumed>) = 0 [pid 6082] <... write resumed>) = 524288 [pid 6081] munmap(0x7ff1eb400000, 138412032 [pid 6079] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6080, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 6083 attached [pid 6082] munmap(0x7ff1eb400000, 138412032 [pid 6081] <... munmap resumed>) = 0 [pid 6079] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6083 [pid 6083] set_robust_list(0x5555934ed660, 24 [pid 6082] <... munmap resumed>) = 0 [pid 6081] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6079] close(4 [pid 6083] <... set_robust_list resumed>) = 0 [pid 6079] <... close resumed>) = 0 [pid 6083] chdir("./44" [pid 5832] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6081] <... openat resumed>) = 4 [pid 6079] mkdir("./file1", 0777 [pid 6083] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6079] <... mkdir resumed>) = 0 [pid 6083] prctl(PR_SET_PDEATHSIG, SIGKILL [ 112.301524][ T6079] loop0: detected capacity change from 0 to 1024 [pid 5832] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6083] <... prctl resumed>) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6081] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5832] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./46/binderfs") = 0 [pid 6083] setpgid(0, 0 [pid 6082] <... openat resumed>) = 4 [pid 6079] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] getdents64(3, [pid 6083] <... setpgid resumed>) = 0 [pid 6082] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./46" [pid 6083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... rmdir resumed>) = 0 [pid 6083] <... openat resumed>) = 3 [pid 6081] <... ioctl resumed>) = 0 [pid 5832] mkdir("./47", 0777 [pid 6083] write(3, "1000", 4 [pid 6081] close(3 [pid 5832] <... mkdir resumed>) = 0 [pid 6083] <... write resumed>) = 4 [pid 6081] <... close resumed>) = 0 [pid 6083] close(3 [pid 6082] <... ioctl resumed>) = 0 [pid 6081] close(4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6083] <... close resumed>) = 0 [pid 6081] <... close resumed>) = 0 [pid 6079] <... mount resumed>) = 0 [pid 6083] symlink("/dev/binderfs", "./binderfs" [pid 6082] close(3 [pid 6081] mkdir("./file1", 0777 [pid 6079] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 6083] <... symlink resumed>) = 0 [pid 6082] <... close resumed>) = 0 [pid 6081] <... mkdir resumed>) = 0 [pid 6079] <... openat resumed>) = 3 [pid 6083] write(1, "executing program\n", 18 [pid 6082] close(4 [pid 6081] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6079] chdir("./file1"executing program [pid 6083] <... write resumed>) = 18 [pid 6082] <... close resumed>) = 0 [pid 6079] <... chdir resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] close(3 [pid 6083] memfd_create("syzkaller", 0 [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6083] <... memfd_create resumed>) = 3 [pid 6082] mkdir("./file1", 0777 [pid 6079] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6084 attached [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6084 [pid 6084] set_robust_list(0x5555934ed660, 24 [pid 6083] <... mmap resumed>) = 0x7ff1eb400000 [pid 6082] <... mkdir resumed>) = 0 [pid 6079] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6084] <... set_robust_list resumed>) = 0 [pid 6084] chdir("./47") = 0 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [ 112.357725][ T6081] loop1: detected capacity change from 0 to 1024 [ 112.373883][ T6082] loop2: detected capacity change from 0 to 1024 [pid 6082] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6084] write(1, "executing program\n", 18) = 18 [pid 6084] memfd_create("syzkaller", 0 [pid 6081] <... mount resumed>) = 0 [pid 6084] <... memfd_create resumed>) = 3 [pid 6081] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6081] chdir("./file1" [pid 6079] <... link resumed>) = 0 [pid 6081] <... chdir resumed>) = 0 [pid 6079] sync( [pid 6081] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6081] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6083] <... write resumed>) = 524288 [pid 6082] <... mount resumed>) = 0 [pid 6082] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./file1") = 0 [pid 6084] <... write resumed>) = 524288 [pid 6083] munmap(0x7ff1eb400000, 138412032 [pid 6082] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6081] <... link resumed>) = 0 [pid 6079] <... sync resumed>) = 0 [pid 6083] <... munmap resumed>) = 0 [pid 6082] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6081] sync( [pid 6082] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6084] munmap(0x7ff1eb400000, 138412032 [pid 6079] exit_group(0 [pid 6084] <... munmap resumed>) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6079] <... exit_group resumed>) = ? [pid 6084] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6084] ioctl(4, LOOP_SET_FD, 3 [pid 6083] <... openat resumed>) = 4 [pid 6082] <... link resumed>) = 0 [pid 6079] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6079, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6082] sync( [pid 5828] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6083] ioctl(4, LOOP_SET_FD, 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6084] <... ioctl resumed>) = 0 [pid 6081] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6082] <... sync resumed>) = 0 [pid 6081] exit_group(0 [pid 6082] exit_group(0 [pid 6081] <... exit_group resumed>) = ? [pid 6082] <... exit_group resumed>) = ? [pid 6081] +++ exited with 0 +++ [pid 5828] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6082] +++ exited with 0 +++ [pid 6084] close(3 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6084] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6082, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6084] close(4 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6084] <... close resumed>) = 0 [pid 6084] mkdir("./file1", 0777) = 0 [pid 5828] newfstatat(AT_FDCWD, "./46/file1", [pid 6084] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6083] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6083] close(3 [pid 5828] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6083] <... close resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6083] close(4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6083] <... close resumed>) = 0 [ 112.486954][ T6084] loop4: detected capacity change from 0 to 1024 [ 112.503000][ T6083] loop3: detected capacity change from 0 to 1024 [pid 5828] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6083] mkdir("./file1", 0777 [pid 5830] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 4 [pid 6083] <... mkdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(4, "", [pid 6083] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 5829] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(3, "", [pid 5830] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] getdents64(3, [pid 5830] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 5829] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 6084] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./46/file1" [pid 6084] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] newfstatat(AT_FDCWD, "./48/file1", [pid 5828] <... rmdir resumed>) = 0 [pid 6084] <... openat resumed>) = 3 [pid 6083] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6084] chdir("./file1") = 0 [pid 5829] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6084] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] newfstatat(AT_FDCWD, "./46/binderfs", [pid 6084] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6083] <... openat resumed>) = 3 [pid 5830] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6083] chdir("./file1" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6083] <... chdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6083] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] unlink("./46/binderfs" [pid 6084] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6083] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 4 [pid 5828] <... unlink resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./50/file1", [pid 6083] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(4, "", [pid 5828] close(3 [pid 5830] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... close resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] rmdir("./46" [pid 5830] newfstatat(4, "", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5828] mkdir("./47", 0777 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6083] <... link resumed>) = 0 [pid 5830] getdents64(4, [pid 5829] close(4 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6083] sync( [pid 5829] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] rmdir("./48/file1" [pid 5828] <... openat resumed>) = 3 [pid 5830] close(4 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5830] rmdir("./50/file1" [pid 5829] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 6084] <... link resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 6084] sync( [pid 5830] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./48/binderfs", [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(AT_FDCWD, "./50/binderfs", ./strace-static-x86_64: Process 6085 attached [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./48/binderfs" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./50/binderfs" [pid 5829] <... unlink resumed>) = 0 [pid 6085] set_robust_list(0x5555934ed660, 24) = 0 [pid 6083] <... sync resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6085 [pid 6085] chdir("./47" [pid 6083] exit_group(0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 6085] <... chdir resumed>) = 0 [pid 6083] <... exit_group resumed>) = ? [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 6085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] close(3 [pid 6085] <... prctl resumed>) = 0 [pid 6084] <... sync resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6085] setpgid(0, 0 [pid 5830] <... close resumed>) = 0 [pid 5829] rmdir("./48" [pid 6085] <... setpgid resumed>) = 0 [pid 6084] exit_group(0 [pid 5830] rmdir("./50" [pid 6085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6084] <... exit_group resumed>) = ? [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6085] <... openat resumed>) = 3 [pid 6084] +++ exited with 0 +++ [pid 6083] +++ exited with 0 +++ [pid 6085] write(3, "1000", 4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6083, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] mkdir("./49", 0777 [pid 6085] <... write resumed>) = 4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] <... mkdir resumed>) = 0 [pid 6085] close(3) = 0 [pid 5830] mkdir("./51", 0777executing program [pid 6085] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6085] <... symlink resumed>) = 0 [pid 5832] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6085] write(1, "executing program\n", 18 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6085] <... write resumed>) = 18 [pid 6085] memfd_create("syzkaller", 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... ioctl resumed>) = 0 [pid 6085] <... memfd_create resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 5830] <... openat resumed>) = 3 [pid 5829] close(3 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... close resumed>) = 0 [pid 6085] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] getdents64(3, [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6086 attached [pid 5832] newfstatat(3, "", [pid 5830] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] close(3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6086 [pid 5832] getdents64(3, [pid 5830] <... close resumed>) = 0 [pid 6086] set_robust_list(0x5555934ed660, 24 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6087 attached [pid 5832] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6087] set_robust_list(0x5555934ed660, 24 [pid 6086] <... set_robust_list resumed>) = 0 [pid 5831] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6087 [pid 6086] chdir("./49" [pid 6087] <... set_robust_list resumed>) = 0 [pid 6087] chdir("./51") = 0 [pid 6086] <... chdir resumed>) = 0 [pid 6085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6087] <... prctl resumed>) = 0 [pid 6086] <... prctl resumed>) = 0 [pid 6087] setpgid(0, 0 [pid 6086] setpgid(0, 0) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6087] <... setpgid resumed>) = 0 [pid 6086] <... openat resumed>) = 3 [pid 5832] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6086] write(3, "1000", 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./47/file1", [pid 6086] <... write resumed>) = 4 [pid 6087] <... openat resumed>) = 3 [pid 6086] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6087] write(3, "1000", 4 [pid 6086] <... close resumed>) = 0 [pid 5832] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6087] <... write resumed>) = 4 [pid 6086] symlink("/dev/binderfs", "./binderfs"executing program [pid 6087] close(3 [pid 6086] <... symlink resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6086] write(1, "executing program\n", 18 [pid 5832] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6087] <... close resumed>) = 0 [pid 6087] symlink("/dev/binderfs", "./binderfs" [pid 6086] <... write resumed>) = 18 [pid 5832] <... openat resumed>) = 4 [pid 6087] <... symlink resumed>) = 0 [pid 6086] memfd_create("syzkaller", 0 [pid 5832] newfstatat(4, "", executing program [pid 6087] write(1, "executing program\n", 18 [pid 6086] <... memfd_create resumed>) = 3 [pid 6085] <... write resumed>) = 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6087] <... write resumed>) = 18 [pid 6086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6087] memfd_create("syzkaller", 0 [pid 6086] <... mmap resumed>) = 0x7ff1eb400000 [pid 6085] munmap(0x7ff1eb400000, 138412032 [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./47/file1" [pid 6085] <... munmap resumed>) = 0 [pid 6087] <... memfd_create resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 6087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6087] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./47/binderfs") = 0 [pid 5832] getdents64(3, [pid 5831] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6085] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6085] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6085] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6085] ioctl(4, LOOP_CLR_FD [pid 5832] rmdir("./47" [pid 5831] <... openat resumed>) = 4 [pid 6085] <... ioctl resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./48", 0777) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 6085] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6085] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] getdents64(4, [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 6087] <... write resumed>) = 524288 [pid 6086] <... write resumed>) = 524288 [pid 6085] close(4 [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6086] munmap(0x7ff1eb400000, 138412032 [pid 6085] <... close resumed>) = 0 [pid 5831] close(4 [pid 6085] close(3 [pid 6086] <... munmap resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6087] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6085] <... close resumed>) = 0 [pid 6087] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6086] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6085] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] rmdir("./44/file1" [pid 6087] <... openat resumed>) = 4 [pid 6087] ioctl(4, LOOP_SET_FD, 3 [pid 6086] <... openat resumed>) = 4 [pid 6085] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5831] <... rmdir resumed>) = 0 [pid 6085] sync( [pid 5831] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6086] ioctl(4, LOOP_SET_FD, 3 [pid 6087] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6087] ioctl(4, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6087] <... ioctl resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./44/binderfs" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6088 attached , child_tidptr=0x5555934ed650) = 6088 [pid 6088] set_robust_list(0x5555934ed660, 24) = 0 [pid 6088] chdir("./48") = 0 [pid 6088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6087] ioctl(4, LOOP_SET_FD, 3 [pid 6088] setpgid(0, 0) = 0 [pid 6088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6087] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... unlink resumed>) = 0 [pid 6087] close(4 [pid 5831] getdents64(3, [pid 6087] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6087] close(3 [pid 5831] close(3 [pid 6088] write(3, "1000", 4) = 4 [pid 6087] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6088] close(3) = 0 [pid 5831] rmdir("./44" [pid 6088] symlink("/dev/binderfs", "./binderfs" [pid 6086] <... ioctl resumed>) = 0 [pid 6085] <... sync resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6086] close(3 [pid 5831] mkdir("./45", 0777 [pid 6086] <... close resumed>) = 0 [pid 6088] <... symlink resumed>) = 0 [pid 6086] close(4 [pid 5831] <... mkdir resumed>) = 0 executing program [pid 6088] write(1, "executing program\n", 18 [pid 6086] <... close resumed>) = 0 [pid 6085] exit_group(0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6087] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6086] mkdir("./file1", 0777 [pid 6085] <... exit_group resumed>) = ? [pid 5831] <... openat resumed>) = 3 [pid 6088] <... write resumed>) = 18 [pid 6086] <... mkdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6088] memfd_create("syzkaller", 0) = 3 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6087] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6086] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... ioctl resumed>) = 0 [pid 6085] +++ exited with 0 +++ [pid 5831] close(3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6085, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6087] sync( [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, ./strace-static-x86_64: Process 6089 attached [pid 6086] <... mount resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./47/binderfs", [pid 6088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 112.806919][ T6086] loop1: detected capacity change from 0 to 1024 [pid 5828] unlink("./47/binderfs" [pid 6089] set_robust_list(0x5555934ed660, 24 [pid 5828] <... unlink resumed>) = 0 [pid 6089] <... set_robust_list resumed>) = 0 [pid 5828] getdents64(3, [pid 6086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6089] chdir("./45" [pid 6086] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6089 [pid 6087] <... sync resumed>) = 0 [pid 6086] chdir("./file1" [pid 5828] close(3 [pid 6089] <... chdir resumed>) = 0 [pid 6089] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6087] exit_group(0 [pid 6086] <... chdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6089] <... prctl resumed>) = 0 [pid 6087] <... exit_group resumed>) = ? [pid 6086] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] rmdir("./47" [pid 6089] setpgid(0, 0 [pid 6088] <... write resumed>) = 524288 [pid 6087] +++ exited with 0 +++ [pid 6086] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... rmdir resumed>) = 0 [pid 6089] <... setpgid resumed>) = 0 [pid 6088] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6087, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6088] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6088] <... openat resumed>) = 4 [pid 6086] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] mkdir("./48", 0777 [pid 5830] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6088] ioctl(4, LOOP_SET_FD, 3 [pid 5830] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6089] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./51/binderfs") = 0 [pid 6089] write(3, "1000", 4 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6089] <... write resumed>) = 4 [pid 6089] close(3 [pid 5830] getdents64(3, [pid 5828] <... openat resumed>) = 3 [pid 6089] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./51" [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6089] write(1, "executing program\n", 18 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] close(3 [pid 6086] <... link resumed>) = 0 executing program [pid 5830] mkdir("./52", 0777 [pid 6089] <... write resumed>) = 18 [pid 6086] sync( [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6089] memfd_create("syzkaller", 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6090 attached ) = -1 ENXIO (No such device or address) [pid 6090] set_robust_list(0x5555934ed660, 24 [pid 6089] <... memfd_create resumed>) = 3 [pid 6088] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6090 [pid 6090] <... set_robust_list resumed>) = 0 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... close resumed>) = 0 [pid 6090] chdir("./48" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6089] <... mmap resumed>) = 0x7ff1eb400000 ./strace-static-x86_64: Process 6091 attached [pid 6088] close(3 [pid 6090] <... chdir resumed>) = 0 [pid 6090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6088] <... close resumed>) = 0 [pid 6090] <... prctl resumed>) = 0 [pid 6090] setpgid(0, 0 [pid 6088] close(4) = 0 [ 112.894485][ T6088] loop4: detected capacity change from 0 to 1024 [pid 6088] mkdir("./file1", 0777 [pid 6090] <... setpgid resumed>) = 0 [pid 6088] <... mkdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6091 [pid 6091] set_robust_list(0x5555934ed660, 24 [pid 6090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6086] <... sync resumed>) = 0 [pid 6091] <... set_robust_list resumed>) = 0 [pid 6089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6091] chdir("./52" [pid 6088] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6086] exit_group(0 [pid 6091] <... chdir resumed>) = 0 [pid 6086] <... exit_group resumed>) = ? [pid 6090] <... openat resumed>) = 3 [pid 6086] +++ exited with 0 +++ [pid 6091] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6086, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6090] write(3, "1000", 4 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6091] <... prctl resumed>) = 0 [pid 6090] <... write resumed>) = 4 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6091] setpgid(0, 0 [pid 6090] close(3) = 0 [pid 6090] symlink("/dev/binderfs", "./binderfs" [pid 6091] <... setpgid resumed>) = 0 [pid 6089] <... write resumed>) = 524288 [pid 6091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6090] <... symlink resumed>) = 0 [pid 6088] <... mount resumed>) = 0 [pid 6090] write(1, "executing program\n", 18 [pid 5829] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6090] <... write resumed>) = 18 [pid 6088] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6091] <... openat resumed>) = 3 [pid 6088] chdir("./file1" [pid 5829] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6088] <... chdir resumed>) = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6090] memfd_create("syzkaller", 0 [pid 6088] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... openat resumed>) = 3 [pid 6091] write(3, "1000", 4 [pid 6088] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6091] <... write resumed>) = 4 [pid 5829] newfstatat(3, "", [pid 6091] close(3) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6091] symlink("/dev/binderfs", "./binderfs" [pid 6090] <... memfd_create resumed>) = 3 [pid 5829] getdents64(3, [pid 6091] <... symlink resumed>) = 0 [pid 6090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6090] <... mmap resumed>) = 0x7ff1eb400000 [pid 6089] munmap(0x7ff1eb400000, 138412032 [pid 5829] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288executing program [pid 6091] write(1, "executing program\n", 18 [pid 6089] <... munmap resumed>) = 0 [pid 6091] <... write resumed>) = 18 [pid 6088] <... link resumed>) = 0 [pid 6088] sync( [pid 6091] memfd_create("syzkaller", 0) = 3 [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6089] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6089] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... umount2 resumed>) = 0 [pid 6088] <... sync resumed>) = 0 [pid 6091] <... write resumed>) = 524288 [pid 6090] <... write resumed>) = 524288 [pid 6089] <... ioctl resumed>) = 0 [pid 5829] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6088] exit_group(0) = ? [pid 6091] munmap(0x7ff1eb400000, 138412032 [pid 6090] munmap(0x7ff1eb400000, 138412032 [pid 6089] close(3 [pid 6088] +++ exited with 0 +++ [pid 6091] <... munmap resumed>) = 0 [pid 6090] <... munmap resumed>) = 0 [pid 6089] <... close resumed>) = 0 [pid 6089] close(4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6088, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6091] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6090] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6091] ioctl(4, LOOP_SET_FD, 3 [pid 6090] <... openat resumed>) = 4 [pid 6090] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./49/file1", [pid 6089] <... close resumed>) = 0 [ 113.017301][ T6089] loop3: detected capacity change from 0 to 1024 [ 113.051295][ T6091] loop2: detected capacity change from 0 to 1024 [pid 5832] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6089] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 6089] <... mkdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6089] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5832] <... umount2 resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5832] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./49/file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6091] <... ioctl resumed>) = 0 [pid 5832] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6091] close(3) = 0 [pid 5829] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6091] close(4 [pid 5832] newfstatat(4, "", [pid 5829] unlink("./49/binderfs" [pid 6091] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6091] mkdir("./file1", 0777 [pid 5832] getdents64(4, [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 6091] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [ 113.068216][ T6090] loop0: detected capacity change from 0 to 1024 [pid 6091] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6090] <... ioctl resumed>) = 0 [pid 6089] <... mount resumed>) = 0 [pid 5832] getdents64(4, [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./49" [pid 6089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6089] <... openat resumed>) = 3 [pid 5832] close(4 [pid 6090] close(3 [pid 5832] <... close resumed>) = 0 [pid 6090] <... close resumed>) = 0 [pid 5832] rmdir("./48/file1" [pid 6090] close(4 [pid 6089] chdir("./file1" [pid 5832] <... rmdir resumed>) = 0 [pid 6090] <... close resumed>) = 0 [pid 6089] <... chdir resumed>) = 0 [pid 6090] mkdir("./file1", 0777 [pid 6089] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6090] <... mkdir resumed>) = 0 [pid 6089] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mkdir("./50", 0777 [pid 5832] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./48/binderfs" [pid 6090] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... unlink resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6089] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./48") = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5832] mkdir("./49", 0777) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 ./strace-static-x86_64: Process 6092 attached [pid 6091] <... mount resumed>) = 0 [pid 6090] <... mount resumed>) = 0 [pid 6089] <... link resumed>) = 0 [pid 6092] set_robust_list(0x5555934ed660, 24 [pid 6089] sync( [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6092 [pid 6092] <... set_robust_list resumed>) = 0 [pid 6091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6090] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6092] chdir("./50" [pid 6091] <... openat resumed>) = 3 [pid 6090] <... openat resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 6090] chdir("./file1" [pid 5832] close(3 [pid 6092] <... chdir resumed>) = 0 [pid 6091] chdir("./file1" [pid 6090] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6092] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6091] <... chdir resumed>) = 0 [pid 6090] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6092] <... prctl resumed>) = 0 [pid 6091] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6090] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6091] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6090] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"./strace-static-x86_64: Process 6093 attached [pid 6092] setpgid(0, 0 [pid 6091] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6092] <... setpgid resumed>) = 0 [pid 6092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6093] set_robust_list(0x5555934ed660, 24 [pid 6092] <... openat resumed>) = 3 [pid 6093] <... set_robust_list resumed>) = 0 [pid 6093] chdir("./49" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6093 [pid 6093] <... chdir resumed>) = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6092] write(3, "1000", 4 [pid 6093] <... openat resumed>) = 3 [pid 6092] <... write resumed>) = 4 [pid 6091] <... link resumed>) = 0 [pid 6093] write(3, "1000", 4 [pid 6091] sync( [pid 6093] <... write resumed>) = 4 [pid 6092] close(3 [pid 6093] close(3 [pid 6090] <... link resumed>) = 0 [pid 6093] <... close resumed>) = 0 [pid 6092] <... close resumed>) = 0 [pid 6090] sync(executing program [pid 6093] symlink("/dev/binderfs", "./binderfs" [pid 6092] symlink("/dev/binderfs", "./binderfs" [pid 6089] <... sync resumed>) = 0 [pid 6093] <... symlink resumed>) = 0 [pid 6089] exit_group(0) = ? [pid 6093] write(1, "executing program\n", 18 [pid 6089] +++ exited with 0 +++ [pid 6093] <... write resumed>) = 18 [pid 6091] <... sync resumed>) = 0 [pid 6090] <... sync resumed>) = 0 [pid 6093] memfd_create("syzkaller", 0 [pid 6091] exit_group(0 [pid 6090] exit_group(0) = ? [pid 6093] <... memfd_create resumed>) = 3 [pid 6091] <... exit_group resumed>) = ? [pid 6090] +++ exited with 0 +++ [pid 6093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6092] <... symlink resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6089, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6090, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6093] <... mmap resumed>) = 0x7ff1eb400000 [pid 6093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6091] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6091, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6092] write(1, "executing program\n", 18 [pid 5831] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5828] <... openat resumed>) = 3 [pid 6092] <... write resumed>) = 18 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(3, "", [pid 6092] memfd_create("syzkaller", 0 [pid 5831] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6092] <... memfd_create resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5828] getdents64(3, [pid 5831] newfstatat(3, "", [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6093] <... write resumed>) = 524288 [pid 5828] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6093] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, [pid 6092] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6093] <... munmap resumed>) = 0 [pid 6092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(AT_FDCWD, "./48/file1", [pid 6093] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6093] <... openat resumed>) = 4 [pid 5830] getdents64(3, [pid 5828] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6093] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6093] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6093] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6093] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] getdents64(4, [pid 6093] close(4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6093] <... close resumed>) = 0 [pid 5828] close(4 [pid 6093] close(3 [pid 5828] <... close resumed>) = 0 [pid 6093] <... close resumed>) = 0 [pid 6092] <... write resumed>) = 524288 [pid 5828] rmdir("./48/file1") = 0 [pid 5828] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./48/binderfs" [pid 5831] <... umount2 resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 5831] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./48") = 0 [pid 6093] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] mkdir("./49", 0777 [pid 6093] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... mkdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./45/file1", [pid 6093] sync( [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6092] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", ./strace-static-x86_64: Process 6094 attached [pid 6092] <... munmap resumed>) = 0 [pid 6094] set_robust_list(0x5555934ed660, 24) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6094 [pid 6094] chdir("./49") = 0 [pid 5831] getdents64(4, [pid 6094] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6094] <... prctl resumed>) = 0 [pid 6094] setpgid(0, 0 [pid 6092] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(AT_FDCWD, "./52/file1", [pid 6094] <... setpgid resumed>) = 0 [pid 6094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6094] <... openat resumed>) = 3 [pid 6093] <... sync resumed>) = 0 [pid 6093] exit_group(0 [pid 6092] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6092] ioctl(4, LOOP_SET_FD, 3 [pid 5831] close(4 [pid 6094] write(3, "1000", 4 [pid 6093] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6094] <... write resumed>) = 4 [pid 6093] +++ exited with 0 +++ [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6094] close(3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6094] <... close resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6094] symlink("/dev/binderfs", "./binderfs" [pid 5831] rmdir("./45/file1" [pid 5830] <... openat resumed>) = 4 [pid 6094] <... symlink resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 executing program [pid 6094] write(1, "executing program\n", 18) = 18 [pid 5832] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6094] memfd_create("syzkaller", 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6094] <... memfd_create resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] newfstatat(3, "", [pid 6094] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6092] <... ioctl resumed>) = 0 [pid 5832] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6092] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6092] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./49/binderfs", [pid 5831] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6092] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6092] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] newfstatat(4, "", [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6092] mkdir("./file1", 0777 [pid 5832] unlink("./49/binderfs" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] unlink("./45/binderfs" [pid 6092] <... mkdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 5831] <... unlink resumed>) = 0 [pid 5830] getdents64(4, [pid 6092] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] rmdir("./49" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 6094] <... write resumed>) = 524288 [pid 5831] close(3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6092] <... mount resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./52/file1" [pid 5832] mkdir("./50", 0777) = 0 [pid 6092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] rmdir("./45" [pid 5830] <... rmdir resumed>) = 0 [ 113.351159][ T6092] loop1: detected capacity change from 0 to 1024 [pid 6092] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 6092] chdir("./file1" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] mkdir("./46", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6092] <... chdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5832] close(3) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] unlink("./52/binderfs"./strace-static-x86_64: Process 6095 attached [pid 6092] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... unlink resumed>) = 0 [pid 6092] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] getdents64(3, [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6095] set_robust_list(0x5555934ed660, 24 [pid 6094] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6095 [pid 6095] <... set_robust_list resumed>) = 0 [pid 6094] <... munmap resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 6095] chdir("./50" [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] rmdir("./52" [pid 6095] <... chdir resumed>) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 [pid 6094] <... openat resumed>) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3 [pid 6095] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] mkdir("./53", 0777 [pid 6095] <... prctl resumed>) = 0 [pid 6095] setpgid(0, 0) = 0 [pid 6095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... mkdir resumed>) = 0 [pid 6095] <... openat resumed>) = 3 [pid 6095] write(3, "1000", 4) = 4 [pid 6095] close(3) = 0 [pid 6095] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6095] write(1, "executing program\n", 18) = 18 [pid 6095] memfd_create("syzkaller", 0) = 3 [pid 6095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6095] <... mmap resumed>) = 0x7ff1eb400000 [pid 6092] <... link resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6092] sync( [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 6094] <... ioctl resumed>) = 0 [pid 6094] close(3 [pid 5830] <... close resumed>) = 0 [pid 6094] <... close resumed>) = 0 [pid 6094] close(4) = 0 [pid 6094] mkdir("./file1", 0777./strace-static-x86_64: Process 6096 attached ) = 0 [pid 6094] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6096 [pid 6096] set_robust_list(0x5555934ed660, 24 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6096] <... set_robust_list resumed>) = 0 [pid 6096] chdir("./46") = 0 [pid 6096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 6097 attached [pid 6096] setpgid(0, 0) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6097 [ 113.433210][ T6094] loop0: detected capacity change from 0 to 1024 [pid 6096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6094] <... mount resumed>) = 0 [pid 6094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6097] set_robust_list(0x5555934ed660, 24 [pid 6094] chdir("./file1") = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6092] <... sync resumed>) = 0 [pid 6094] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6092] exit_group(0) = ? [pid 6097] <... set_robust_list resumed>) = 0 [pid 6096] <... openat resumed>) = 3 [pid 6095] <... write resumed>) = 524288 [pid 6092] +++ exited with 0 +++ [pid 6097] chdir("./53" [pid 6096] write(3, "1000", 4 [pid 6095] munmap(0x7ff1eb400000, 138412032 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6092, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6097] <... chdir resumed>) = 0 [pid 6096] <... write resumed>) = 4 [pid 6096] close(3) = 0 [pid 5829] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6097] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6096] symlink("/dev/binderfs", "./binderfs" [pid 6097] <... prctl resumed>) = 0 [pid 6096] <... symlink resumed>) = 0 [pid 6095] <... munmap resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6097] setpgid(0, 0 [pid 6095] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] newfstatat(3, "", [pid 6095] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6097] <... setpgid resumed>) = 0 [pid 6096] write(1, "executing program\n", 18 [pid 6095] ioctl(4, LOOP_SET_FD, 3 [pid 5829] getdents64(3, executing program [pid 6097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6096] <... write resumed>) = 18 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6096] memfd_create("syzkaller", 0) = 3 [pid 6096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6097] <... openat resumed>) = 3 [pid 6096] <... mmap resumed>) = 0x7ff1eb400000 [pid 6094] <... link resumed>) = 0 [pid 6097] write(3, "1000", 4 [pid 6094] sync( [pid 6095] <... ioctl resumed>) = 0 [pid 6096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6097] <... write resumed>) = 4 [pid 6095] close(3 [pid 5829] <... umount2 resumed>) = 0 [pid 6095] <... close resumed>) = 0 [pid 6097] close(3 [pid 6095] close(4) = 0 [pid 6095] mkdir("./file1", 0777 [pid 6097] <... close resumed>) = 0 [pid 6095] <... mkdir resumed>) = 0 [pid 6095] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6097] symlink("/dev/binderfs", "./binderfs" [pid 5829] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6097] <... symlink resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./50/file1", executing program [pid 6097] write(1, "executing program\n", 18 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6097] <... write resumed>) = 18 [pid 5829] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6097] memfd_create("syzkaller", 0 [pid 5829] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6097] <... memfd_create resumed>) = 3 [pid 6095] <... mount resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 113.520869][ T6095] loop4: detected capacity change from 0 to 1024 [pid 5829] newfstatat(4, "", [pid 6097] <... mmap resumed>) = 0x7ff1eb400000 [pid 6095] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6095] <... openat resumed>) = 3 [pid 5829] getdents64(4, [pid 6095] chdir("./file1" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 6095] <... chdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6095] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] rmdir("./50/file1" [pid 6095] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6095] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... rmdir resumed>) = 0 [pid 5829] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./50/binderfs" [pid 6094] <... sync resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 6094] exit_group(0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6094] <... exit_group resumed>) = ? [pid 5829] close(3 [pid 6097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6096] <... write resumed>) = 524288 [pid 5829] <... close resumed>) = 0 [pid 6096] munmap(0x7ff1eb400000, 138412032 [pid 5829] rmdir("./50" [pid 6096] <... munmap resumed>) = 0 [pid 6094] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6094, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./51", 0777 [pid 6095] <... link resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6095] sync( [pid 6096] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6097] <... write resumed>) = 524288 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6095] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6095] exit_group(0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] <... openat resumed>) = 3 [pid 6095] <... exit_group resumed>) = ? [pid 5829] <... ioctl resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6096] <... openat resumed>) = 4 [pid 6095] +++ exited with 0 +++ [pid 5829] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6096] ioctl(4, LOOP_SET_FD, 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6095, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6097] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6096] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6098 attached [pid 6097] <... munmap resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6098 [pid 5828] <... umount2 resumed>) = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] set_robust_list(0x5555934ed660, 24) = 0 [pid 6097] <... openat resumed>) = 4 [pid 6096] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6096] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6096] close(4) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6097] ioctl(4, LOOP_SET_FD, 3 [pid 6096] mkdir("./file1", 0777 [pid 6098] chdir("./51" [pid 5828] newfstatat(AT_FDCWD, "./49/file1", [pid 6096] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6098] <... chdir resumed>) = 0 [pid 6096] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] newfstatat(3, "", [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6098] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] getdents64(4, [pid 6098] <... prctl resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./49/file1") = 0 [pid 5828] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./49/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./49" [pid 6098] setpgid(0, 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./50", 0777 [pid 6098] <... setpgid resumed>) = 0 [pid 6097] <... ioctl resumed>) = 0 [pid 5832] getdents64(3, [pid 5828] <... mkdir resumed>) = 0 [pid 6098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6098] <... openat resumed>) = 3 [pid 6097] close(3 [pid 6096] <... mount resumed>) = 0 [pid 5832] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 6098] write(3, "1000", 4 [pid 6097] <... close resumed>) = 0 [pid 6096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6098] <... write resumed>) = 4 [pid 6097] close(4 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6098] close(3 [pid 6097] <... close resumed>) = 0 [pid 6096] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6098] <... close resumed>) = 0 [ 113.643600][ T6096] loop3: detected capacity change from 0 to 1024 [ 113.675603][ T6097] loop2: detected capacity change from 0 to 1024 [pid 6097] mkdir("./file1", 0777 [pid 6096] chdir("./file1" [pid 5832] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] symlink("/dev/binderfs", "./binderfs" [pid 5828] close(3executing program [pid 6098] <... symlink resumed>) = 0 [pid 6097] <... mkdir resumed>) = 0 [pid 6096] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 6098] write(1, "executing program\n", 18 [pid 6097] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6096] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] newfstatat(AT_FDCWD, "./50/file1", [pid 6098] <... write resumed>) = 18 [pid 6096] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6098] memfd_create("syzkaller", 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6099 attached [pid 6098] <... memfd_create resumed>) = 3 [pid 6096] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6099] set_robust_list(0x5555934ed660, 24 [pid 6098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6099 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6097] <... mount resumed>) = 0 [pid 6099] <... set_robust_list resumed>) = 0 [pid 6099] chdir("./50" [pid 6098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... openat resumed>) = 4 [pid 6099] <... chdir resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6097] <... openat resumed>) = 3 [pid 6096] <... link resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6099] <... prctl resumed>) = 0 [pid 6096] sync( [pid 5832] getdents64(4, [pid 6099] setpgid(0, 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6099] <... setpgid resumed>) = 0 [pid 6097] chdir("./file1" [pid 5832] <... close resumed>) = 0 [pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6098] <... write resumed>) = 524288 [pid 6097] <... chdir resumed>) = 0 [pid 5832] rmdir("./50/file1" [pid 6097] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 6097] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6099] <... openat resumed>) = 3 [pid 6097] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(AT_FDCWD, "./50/binderfs", [pid 6096] <... sync resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6099] write(3, "1000", 4 [pid 6098] munmap(0x7ff1eb400000, 138412032 [pid 6096] exit_group(0 [pid 5832] unlink("./50/binderfs" [pid 6099] <... write resumed>) = 4 [pid 6098] <... munmap resumed>) = 0 [pid 6097] <... link resumed>) = 0 [pid 6096] <... exit_group resumed>) = ? [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 6096] +++ exited with 0 +++ [pid 6099] close(3 [pid 6098] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6097] sync( [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6096, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6099] <... close resumed>) = 0 [pid 6098] <... openat resumed>) = 4 [pid 5832] close(3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6099] symlink("/dev/binderfs", "./binderfs" [pid 6098] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./50" [pid 6099] <... symlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 executing program [pid 6099] write(1, "executing program\n", 18 [pid 5832] mkdir("./51", 0777 [pid 5831] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6099] <... write resumed>) = 18 [pid 6098] <... ioctl resumed>) = 0 [pid 6097] <... sync resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6099] memfd_create("syzkaller", 0 [pid 6098] close(3 [pid 6097] exit_group(0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6099] <... memfd_create resumed>) = 3 [pid 6097] <... exit_group resumed>) = ? [pid 5831] <... openat resumed>) = 3 [pid 6097] +++ exited with 0 +++ [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] newfstatat(3, "", [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6097, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] <... openat resumed>) = 3 [pid 6098] <... close resumed>) = 0 [pid 6099] <... mmap resumed>) = 0x7ff1eb400000 [pid 6098] close(4 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6098] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 6098] mkdir("./file1", 0777 [pid 5832] close(3 [pid 5831] getdents64(3, [pid 6098] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6098] <... mount resumed>) = 0 [ 113.793730][ T6098] loop1: detected capacity change from 0 to 1024 [pid 6098] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... umount2 resumed>) = 0 [pid 6098] <... openat resumed>) = 3 [pid 6099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6098] chdir("./file1" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... umount2 resumed>) = 0 [pid 6098] <... chdir resumed>) = 0 [pid 5830] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6100 attached [pid 6098] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6100] set_robust_list(0x5555934ed660, 24 [pid 6098] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./53/file1", [pid 5831] newfstatat(AT_FDCWD, "./46/file1", [pid 6098] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6100] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6100 [pid 5831] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6100] chdir("./51") = 0 [pid 6100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6100] setpgid(0, 0) = 0 [pid 6100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6100] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6100] write(3, "1000", 4) = 4 [pid 6100] close(3) = 0 [pid 6100] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6100] write(1, "executing program\n", 18) = 18 [pid 6100] memfd_create("syzkaller", 0) = 3 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6099] <... write resumed>) = 524288 [pid 6098] <... link resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 4 [pid 6099] munmap(0x7ff1eb400000, 138412032 [pid 6098] sync( [pid 5831] newfstatat(4, "", [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6099] <... munmap resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] getdents64(4, [pid 5830] getdents64(4, [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5830] close(4 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./46/file1" [pid 5830] <... close resumed>) = 0 [pid 6100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6099] <... openat resumed>) = 4 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] rmdir("./53/file1" [pid 6099] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... rmdir resumed>) = 0 [pid 6098] <... sync resumed>) = 0 [pid 5830] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5831] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./53/binderfs" [pid 6098] exit_group(0) = ? [pid 5831] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5830] <... unlink resumed>) = 0 [pid 6098] +++ exited with 0 +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(3, [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6098, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] unlink("./46/binderfs" [pid 5829] <... restart_syscall resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] close(3 [pid 5831] getdents64(3, [pid 5830] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6099] <... ioctl resumed>) = 0 [pid 5830] rmdir("./53" [pid 6099] close(3 [pid 5831] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6099] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] mkdir("./54", 0777 [pid 6099] close(4 [pid 5831] rmdir("./46" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6099] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6099] mkdir("./file1", 0777 [pid 5831] mkdir("./47", 0777 [pid 5830] <... openat resumed>) = 3 [pid 6100] <... write resumed>) = 524288 [pid 6099] <... mkdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... umount2 resumed>) = 0 [pid 6099] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... ioctl resumed>) = 0 [pid 5829] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(3) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./51/file1", ./strace-static-x86_64: Process 6101 attached [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6101 [pid 5831] <... ioctl resumed>) = 0 [pid 5829] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6100] munmap(0x7ff1eb400000, 138412032) = 0 [ 113.925902][ T6099] loop0: detected capacity change from 0 to 1024 [pid 6100] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6101] set_robust_list(0x5555934ed660, 24 [pid 5831] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6101] <... set_robust_list resumed>) = 0 [pid 6101] chdir("./54" [pid 6100] <... openat resumed>) = 4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... openat resumed>) = 4 [pid 6101] <... chdir resumed>) = 0 [pid 6100] ioctl(4, LOOP_SET_FD, 3 [pid 6101] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] newfstatat(4, "", [pid 6101] <... prctl resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6102 [pid 6101] setpgid(0, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6101] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 6102 attached [pid 6101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] getdents64(4, [pid 6101] <... openat resumed>) = 3 [pid 6099] <... mount resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 6099] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6101] write(3, "1000", 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6101] <... write resumed>) = 4 [pid 6099] <... openat resumed>) = 3 [pid 5829] close(4 [pid 6101] close(3 [pid 6099] chdir("./file1" [pid 5829] <... close resumed>) = 0 [pid 6101] <... close resumed>) = 0 [pid 6099] <... chdir resumed>) = 0 [pid 6102] set_robust_list(0x5555934ed660, 24 [pid 6101] symlink("/dev/binderfs", "./binderfs" [pid 6100] <... ioctl resumed>) = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] rmdir("./51/file1" [pid 6102] <... set_robust_list resumed>) = 0 [pid 6101] <... symlink resumed>) = 0 [pid 6100] close(3 [pid 6102] chdir("./47"executing program [pid 6101] write(1, "executing program\n", 18 [pid 6100] <... close resumed>) = 0 [pid 6099] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... rmdir resumed>) = 0 [pid 6102] <... chdir resumed>) = 0 [pid 6101] <... write resumed>) = 18 [pid 6100] close(4 [pid 6099] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6100] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6102] <... prctl resumed>) = 0 [pid 6100] mkdir("./file1", 0777 [pid 5829] newfstatat(AT_FDCWD, "./51/binderfs", [pid 6102] setpgid(0, 0 [pid 6101] memfd_create("syzkaller", 0 [pid 6100] <... mkdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6102] <... setpgid resumed>) = 0 [pid 6101] <... memfd_create resumed>) = 3 [pid 6100] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] unlink("./51/binderfs" [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... unlink resumed>) = 0 [pid 6102] <... openat resumed>) = 3 [pid 6101] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] getdents64(3, [pid 6102] write(3, "1000", 4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6102] <... write resumed>) = 4 [pid 5829] close(3 [pid 6102] close(3 [pid 5829] <... close resumed>) = 0 [ 114.001095][ T6100] loop4: detected capacity change from 0 to 1024 [pid 6102] <... close resumed>) = 0 [pid 5829] rmdir("./51" [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./52", 0777executing program [pid 6102] write(1, "executing program\n", 18) = 18 [pid 6101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... mkdir resumed>) = 0 [pid 6102] memfd_create("syzkaller", 0) = 3 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6099] <... link resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6099] sync( [pid 5829] <... openat resumed>) = 3 [pid 6102] <... write resumed>) = 524288 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6103 attached [pid 6101] <... write resumed>) = 524288 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6103 [pid 6103] set_robust_list(0x5555934ed660, 24) = 0 [pid 6101] munmap(0x7ff1eb400000, 138412032 [pid 6100] <... mount resumed>) = 0 [pid 6100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./52" [pid 6100] chdir("./file1" [pid 6103] <... chdir resumed>) = 0 [pid 6101] <... munmap resumed>) = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6101] <... openat resumed>) = 4 [pid 6100] <... chdir resumed>) = 0 [pid 6103] setpgid(0, 0 [pid 6101] ioctl(4, LOOP_SET_FD, 3 [pid 6100] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6103] <... setpgid resumed>) = 0 [pid 6103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6102] munmap(0x7ff1eb400000, 138412032 [pid 6100] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6103] <... openat resumed>) = 3 [pid 6102] <... munmap resumed>) = 0 [pid 6100] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6102] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6102] ioctl(4, LOOP_SET_FD, 3 [pid 6103] write(3, "1000", 4) = 4 [pid 6103] close(3) = 0 [pid 6103] symlink("/dev/binderfs", "./binderfs"executing program [pid 6102] <... ioctl resumed>) = 0 [pid 6103] <... symlink resumed>) = 0 [pid 6101] <... ioctl resumed>) = 0 [pid 6103] write(1, "executing program\n", 18) = 18 [pid 6103] memfd_create("syzkaller", 0 [pid 6102] close(3 [pid 6103] <... memfd_create resumed>) = 3 [pid 6101] close(3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6102] <... close resumed>) = 0 [pid 6101] <... close resumed>) = 0 [pid 6102] close(4 [pid 6101] close(4) = 0 [pid 6101] mkdir("./file1", 0777) = 0 [pid 6102] <... close resumed>) = 0 [pid 6102] mkdir("./file1", 0777) = 0 [pid 6102] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6101] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6100] <... link resumed>) = 0 [pid 6100] sync( [ 114.123024][ T6101] loop2: detected capacity change from 0 to 1024 [ 114.126485][ T6102] loop3: detected capacity change from 0 to 1024 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6101] <... mount resumed>) = 0 [pid 6101] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6101] chdir("./file1") = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6101] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6101] sync( [pid 6102] <... mount resumed>) = 0 [pid 6102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6102] chdir("./file1") = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6103] <... write resumed>) = 524288 [pid 6103] munmap(0x7ff1eb400000, 138412032 [pid 6102] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6103] <... munmap resumed>) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6099] <... sync resumed>) = 0 [pid 6103] <... openat resumed>) = 4 [pid 6099] exit_group(0) = ? [pid 6099] +++ exited with 0 +++ [pid 6103] ioctl(4, LOOP_SET_FD, 3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6099, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6102] <... link resumed>) = 0 [pid 6102] sync( [pid 6101] <... sync resumed>) = 0 [pid 6101] exit_group(0 [pid 6102] <... sync resumed>) = 0 [pid 6100] <... sync resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6102] exit_group(0 [pid 6100] exit_group(0 [pid 6102] <... exit_group resumed>) = ? [pid 6100] <... exit_group resumed>) = ? [pid 6102] +++ exited with 0 +++ [pid 6100] +++ exited with 0 +++ [pid 5828] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6100, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5828] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6101] <... exit_group resumed>) = ? [pid 5828] <... openat resumed>) = 3 [pid 6103] <... ioctl resumed>) = 0 [pid 6101] +++ exited with 0 +++ [pid 5832] <... restart_syscall resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6101, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6103] close(3 [pid 5828] getdents64(3, [pid 6103] <... close resumed>) = 0 [pid 5832] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6103] close(4 [pid 5830] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6103] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6103] mkdir("./file1", 0777 [pid 5832] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6103] <... mkdir resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(3, "", [pid 5830] newfstatat(3, "", [pid 5828] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5830] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 114.234605][ T6103] loop1: detected capacity change from 0 to 1024 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] newfstatat(4, "", [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6103] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] getdents64(4, [pid 5831] newfstatat(3, "", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./50/file1" [pid 5831] getdents64(3, [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./50/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./50") = 0 [pid 5828] mkdir("./51", 0777) = 0 [pid 6103] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 6103] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = 0 [pid 5828] close(3 [pid 6103] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 6103] chdir("./file1" [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6103] <... chdir resumed>) = 0 [pid 5832] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./54/file1", ./strace-static-x86_64: Process 6104 attached [pid 6103] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6104] set_robust_list(0x5555934ed660, 24 [pid 6103] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(AT_FDCWD, "./51/file1", [pid 5831] newfstatat(AT_FDCWD, "./47/file1", [pid 5830] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6104] <... set_robust_list resumed>) = 0 [pid 6103] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6104] chdir("./51" [pid 5832] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6104] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 6104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] newfstatat(4, "", [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6104 [pid 6104] <... prctl resumed>) = 0 [pid 6104] setpgid(0, 0 [pid 5832] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6104] <... setpgid resumed>) = 0 [pid 5830] getdents64(4, [pid 5832] newfstatat(4, "", [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5832] getdents64(4, [pid 5831] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6104] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] newfstatat(4, "", [pid 5830] close(4 [pid 6104] write(3, "1000", 4 [pid 5832] getdents64(4, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6104] <... write resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 6104] close(3 [pid 5832] close(4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] rmdir("./54/file1" [pid 6104] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 6104] symlink("/dev/binderfs", "./binderfs" [pid 5832] rmdir("./51/file1" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6104] <... symlink resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(4) = 0 [pid 5830] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6104] write(1, "executing program\n", 18 [pid 6103] <... link resumed>) = 0 [pid 5832] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./47/file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6104] <... write resumed>) = 18 [pid 6103] sync( [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./54/binderfs", [pid 6104] memfd_create("syzkaller", 0 [pid 5832] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6104] <... memfd_create resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./54/binderfs" [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] unlink("./51/binderfs" [pid 5831] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 6104] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./47/binderfs", [pid 5830] getdents64(3, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./54" [pid 5831] unlink("./47/binderfs" [pid 5832] close(3 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6104] <... write resumed>) = 524288 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] mkdir("./55", 0777 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 6103] <... sync resumed>) = 0 [pid 5832] rmdir("./51" [pid 5831] rmdir("./47" [pid 5830] <... mkdir resumed>) = 0 [pid 6103] exit_group(0) = ? [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] mkdir("./52", 0777 [pid 5831] mkdir("./48", 0777 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6103] +++ exited with 0 +++ [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6103, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] <... ioctl resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] close(3) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6105 attached [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] <... ioctl resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] close(3 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 6104] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6105 [pid 5829] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6105] set_robust_list(0x5555934ed660, 24 [pid 5829] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6105] <... set_robust_list resumed>) = 0 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6105] chdir("./55" [pid 6104] <... munmap resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6105] <... chdir resumed>) = 0 [pid 6104] <... openat resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 6104] ioctl(4, LOOP_SET_FD, 3 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6104] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6104] ioctl(4, LOOP_CLR_FD [pid 6105] <... prctl resumed>) = 0 [pid 6105] setpgid(0, 0 [pid 6104] <... ioctl resumed>) = 0 [pid 6105] <... setpgid resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6104] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6104] close(4 [pid 6105] <... openat resumed>) = 3 [pid 6104] <... close resumed>) = 0 [pid 6104] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6104] <... close resumed>) = 0 ./strace-static-x86_64: Process 6106 attached [pid 6105] write(3, "1000", 4 [pid 6106] set_robust_list(0x5555934ed660, 24 [pid 6105] <... write resumed>) = 4 [pid 6106] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6106 [pid 6106] chdir("./52" [pid 5829] <... umount2 resumed>) = 0 [pid 6106] <... chdir resumed>) = 0 [pid 6106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6106] setpgid(0, 0) = 0 [pid 6106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6107 [pid 6106] <... openat resumed>) = 3 [pid 5829] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6104] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6106] write(3, "1000", 4 [pid 6104] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] newfstatat(AT_FDCWD, "./52/file1", [pid 6106] <... write resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6106] close(3 [pid 6104] sync( [pid 6105] close(3./strace-static-x86_64: Process 6107 attached [pid 6106] <... close resumed>) = 0 [pid 6105] <... close resumed>) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs" [pid 6107] set_robust_list(0x5555934ed660, 24 [pid 6106] symlink("/dev/binderfs", "./binderfs" [pid 5829] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6107] <... set_robust_list resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6106] <... symlink resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 executing program executing program [pid 6107] chdir("./48" [pid 6105] <... symlink resumed>) = 0 [pid 6107] <... chdir resumed>) = 0 [pid 6106] write(1, "executing program\n", 18 [pid 6105] write(1, "executing program\n", 18 [pid 5829] getdents64(4, [pid 6107] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6105] <... write resumed>) = 18 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6106] <... write resumed>) = 18 [pid 5829] close(4 [pid 6107] <... prctl resumed>) = 0 [pid 6106] memfd_create("syzkaller", 0 [pid 6105] memfd_create("syzkaller", 0 [pid 5829] <... close resumed>) = 0 [pid 6107] setpgid(0, 0 [pid 6105] <... memfd_create resumed>) = 3 [pid 6107] <... setpgid resumed>) = 0 [pid 6106] <... memfd_create resumed>) = 3 [pid 5829] rmdir("./52/file1" [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6106] <... mmap resumed>) = 0x7ff1eb400000 [pid 6105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6104] <... sync resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6107] <... openat resumed>) = 3 [pid 6106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6105] <... mmap resumed>) = 0x7ff1eb400000 [pid 6104] exit_group(0 [pid 5829] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./52/binderfs") = 0 [pid 6104] <... exit_group resumed>) = ? [pid 6107] write(3, "1000", 4 [pid 6105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] getdents64(3, [pid 6107] <... write resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 6107] close(3 [pid 5829] <... close resumed>) = 0 [pid 6107] <... close resumed>) = 0 [pid 5829] rmdir("./52" [pid 6107] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./53", 0777 [pid 6107] <... symlink resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 executing program [pid 6104] +++ exited with 0 +++ [pid 6107] write(1, "executing program\n", 18) = 18 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6104, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6107] memfd_create("syzkaller", 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 6107] <... memfd_create resumed>) = 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... restart_syscall resumed>) = 0 [pid 6107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 ./strace-static-x86_64: Process 6108 attached [pid 5828] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6108 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6108] set_robust_list(0x5555934ed660, 24 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", [pid 6106] <... write resumed>) = 524288 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6108] <... set_robust_list resumed>) = 0 [pid 5828] getdents64(3, [pid 6108] chdir("./53" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6108] <... chdir resumed>) = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./51/binderfs", [pid 6108] <... openat resumed>) = 3 [pid 6106] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6108] write(3, "1000", 4 [pid 6106] <... munmap resumed>) = 0 [pid 5828] unlink("./51/binderfs" [pid 6108] <... write resumed>) = 4 [pid 6108] close(3) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6108] write(1, "executing program\n", 18 [pid 6106] <... openat resumed>) = 4 [pid 6105] <... write resumed>) = 524288 [pid 5828] getdents64(3, [pid 6108] <... write resumed>) = 18 [pid 6106] ioctl(4, LOOP_SET_FD, 3 [pid 6108] memfd_create("syzkaller", 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6108] <... memfd_create resumed>) = 3 [pid 6105] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... close resumed>) = 0 [pid 6108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] rmdir("./51" [pid 6108] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... rmdir resumed>) = 0 [pid 6105] <... munmap resumed>) = 0 [pid 5828] mkdir("./52", 0777 [pid 6108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... mkdir resumed>) = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6105] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6107] <... write resumed>) = 524288 [pid 6105] ioctl(4, LOOP_SET_FD, 3 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6107] munmap(0x7ff1eb400000, 138412032./strace-static-x86_64: Process 6109 attached ) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6109 [pid 6109] set_robust_list(0x5555934ed660, 24 [pid 6108] <... write resumed>) = 524288 [pid 6107] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6105] <... ioctl resumed>) = 0 [pid 6109] <... set_robust_list resumed>) = 0 [pid 6107] <... openat resumed>) = 4 [pid 6107] ioctl(4, LOOP_SET_FD, 3 [pid 6109] chdir("./52" [pid 6108] munmap(0x7ff1eb400000, 138412032 [pid 6107] <... ioctl resumed>) = 0 [pid 6109] <... chdir resumed>) = 0 [pid 6108] <... munmap resumed>) = 0 [pid 6109] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6108] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6109] <... prctl resumed>) = 0 [pid 6109] setpgid(0, 0 [pid 6108] <... openat resumed>) = 4 [pid 6109] <... setpgid resumed>) = 0 [pid 6108] ioctl(4, LOOP_SET_FD, 3 [pid 6109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6108] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6107] close(3 [pid 6105] close(3 [pid 6109] <... openat resumed>) = 3 [pid 6108] ioctl(4, LOOP_CLR_FD [pid 6109] write(3, "1000", 4 [pid 6107] <... close resumed>) = 0 [pid 6105] <... close resumed>) = 0 [pid 6109] <... write resumed>) = 4 [pid 6108] <... ioctl resumed>) = 0 [pid 6107] close(4 [pid 6105] close(4 [pid 6109] close(3 [pid 6107] <... close resumed>) = 0 [pid 6105] <... close resumed>) = 0 [pid 6105] mkdir("./file1", 0777 [pid 6109] <... close resumed>) = 0 [pid 6108] ioctl(4, LOOP_SET_FD, 3 [pid 6109] symlink("/dev/binderfs", "./binderfs" [pid 6108] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6107] mkdir("./file1", 0777 [pid 6106] <... ioctl resumed>) = 0 [pid 6105] <... mkdir resumed>) = 0 [pid 6106] close(3) = 0 [pid 6106] close(4 [pid 6109] <... symlink resumed>) = 0 [pid 6108] close(4 [pid 6106] <... close resumed>) = 0 [pid 6106] mkdir("./file1", 0777 [pid 6107] <... mkdir resumed>) = 0 [pid 6108] <... close resumed>) = 0 [pid 6107] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6105] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6108] close(3 [pid 6106] <... mkdir resumed>) = 0 [pid 6109] write(1, "executing program\n", 18 [pid 6108] <... close resumed>) = 0 [pid 6106] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""executing program [pid 6109] <... write resumed>) = 18 [pid 6109] memfd_create("syzkaller", 0 [pid 6108] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6105] <... mount resumed>) = 0 [ 114.519406][ T6105] loop2: detected capacity change from 0 to 1024 [ 114.528392][ T6106] loop4: detected capacity change from 0 to 1024 [ 114.540691][ T6107] loop3: detected capacity change from 0 to 1024 [pid 6109] <... memfd_create resumed>) = 3 [pid 6108] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6108] sync( [pid 6109] <... mmap resumed>) = 0x7ff1eb400000 [pid 6105] <... openat resumed>) = 3 [pid 6107] <... mount resumed>) = 0 [pid 6106] <... mount resumed>) = 0 [pid 6106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6106] chdir("./file1" [pid 6107] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6106] <... chdir resumed>) = 0 [pid 6107] <... openat resumed>) = 3 [pid 6107] chdir("./file1" [pid 6106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6107] <... chdir resumed>) = 0 [pid 6106] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6107] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6106] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6107] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6107] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6105] chdir("./file1") = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6105] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6106] <... link resumed>) = 0 [pid 6107] <... link resumed>) = 0 [pid 6106] sync( [pid 6107] sync( [pid 6109] <... write resumed>) = 524288 [pid 6108] <... sync resumed>) = 0 [pid 6109] munmap(0x7ff1eb400000, 138412032 [pid 6108] exit_group(0 [pid 6105] <... link resumed>) = 0 [pid 6109] <... munmap resumed>) = 0 [pid 6108] <... exit_group resumed>) = ? [pid 6105] sync( [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6108] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6109] <... openat resumed>) = 4 [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6109] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6106] <... sync resumed>) = 0 [pid 6105] <... sync resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 6105] exit_group(0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6105] <... exit_group resumed>) = ? [pid 5829] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6106] exit_group(0 [pid 5829] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6106] <... exit_group resumed>) = ? [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6105] +++ exited with 0 +++ [pid 6107] <... sync resumed>) = 0 [pid 6106] +++ exited with 0 +++ [pid 5829] newfstatat(AT_FDCWD, "./53/binderfs", [pid 6107] exit_group(0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6107] <... exit_group resumed>) = ? [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6106, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] unlink("./53/binderfs" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... unlink resumed>) = 0 [pid 6107] +++ exited with 0 +++ [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6107, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] close(3 [pid 5832] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./53" [pid 6109] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6109] close(3 [pid 5832] newfstatat(3, "", [pid 5831] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(3, [pid 5831] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] newfstatat(3, "", [pid 5829] mkdir("./54", 0777 [pid 6109] <... close resumed>) = 0 [pid 5832] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6109] close(4) = 0 [pid 5831] newfstatat(3, "", [pid 5830] getdents64(3, [pid 6109] mkdir("./file1", 0777 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6109] <... mkdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6109] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3) = 0 [ 114.665422][ T6109] loop0: detected capacity change from 0 to 1024 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6110 attached [pid 5832] <... umount2 resumed>) = 0 [pid 6110] set_robust_list(0x5555934ed660, 24 [pid 6109] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6110] <... set_robust_list resumed>) = 0 [pid 6109] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6110] chdir("./54" [pid 6109] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6109] chdir("./file1" [pid 5830] newfstatat(AT_FDCWD, "./55/file1", [pid 6109] <... chdir resumed>) = 0 [pid 6110] <... chdir resumed>) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6110 [pid 6110] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6109] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6110] <... prctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6110] setpgid(0, 0 [pid 6109] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./48/file1", [pid 5830] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6110] <... setpgid resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./52/file1", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 5832] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(4, "", [pid 6110] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6110] write(3, "1000", 4 [pid 6109] <... link resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] newfstatat(4, "", [pid 6110] <... write resumed>) = 4 [pid 6109] sync( [pid 6110] close(3 [pid 5832] rmdir("./52/file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 6110] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6110] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] close(4 [pid 5832] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6110] <... symlink resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 6110] write(1, "executing program\n", 18 [pid 5832] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] rmdir("./55/file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./52/binderfs") = 0 [pid 5831] close(4 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./48/file1" [pid 5830] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, executing program [pid 6110] <... write resumed>) = 18 [pid 6109] <... sync resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3) = 0 [pid 5832] rmdir("./52") = 0 [pid 5832] mkdir("./53", 0777) = 0 [pid 6110] memfd_create("syzkaller", 0 [pid 6109] exit_group(0 [pid 5831] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(AT_FDCWD, "./55/binderfs", [pid 6110] <... memfd_create resumed>) = 3 [pid 6109] <... exit_group resumed>) = ? [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6109] +++ exited with 0 +++ [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./48/binderfs", [pid 5830] unlink("./55/binderfs" [pid 5832] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 6110] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6109, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 6110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] unlink("./48/binderfs" [pid 5830] getdents64(3, [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5831] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] rmdir("./48" [pid 5830] rmdir("./55" [pid 5828] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6111 attached ) = -1 EINVAL (Invalid argument) [pid 6111] set_robust_list(0x5555934ed660, 24 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... rmdir resumed>) = 0 [pid 6111] <... set_robust_list resumed>) = 0 [pid 6111] chdir("./53" [pid 5831] mkdir("./49", 0777 [pid 5830] mkdir("./56", 0777 [pid 5828] <... openat resumed>) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6111 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6111] <... chdir resumed>) = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6111] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... openat resumed>) = 3 [pid 5828] getdents64(3, [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] <... openat resumed>) = 3 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] close(3 [pid 5828] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... close resumed>) = 0 executing program [pid 6111] write(1, "executing program\n", 18) = 18 [pid 6111] memfd_create("syzkaller", 0 [pid 6110] <... write resumed>) = 524288 [pid 6111] <... memfd_create resumed>) = 3 [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6110] munmap(0x7ff1eb400000, 138412032 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 6110] <... munmap resumed>) = 0 [pid 6110] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... umount2 resumed>) = 0 [pid 6110] <... openat resumed>) = 4 [pid 6110] ioctl(4, LOOP_SET_FD, 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6111] <... write resumed>) = 524288 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6112 attached [pid 5828] newfstatat(AT_FDCWD, "./52/file1", ./strace-static-x86_64: Process 6113 attached [pid 6110] <... ioctl resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6112] set_robust_list(0x5555934ed660, 24 [pid 6110] close(3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6113 [pid 5828] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6112] <... set_robust_list resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6112] chdir("./56" [pid 6110] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6110] close(4 [pid 5828] newfstatat(4, "", [pid 6110] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6110] mkdir("./file1", 0777 [pid 5828] getdents64(4, [pid 6113] set_robust_list(0x5555934ed660, 24 [pid 6112] <... chdir resumed>) = 0 [pid 6111] munmap(0x7ff1eb400000, 138412032 [pid 6110] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6113] <... set_robust_list resumed>) = 0 [pid 6113] chdir("./49" [pid 6111] <... munmap resumed>) = 0 [pid 6110] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6112] setpgid(0, 0 [pid 6111] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] close(4 [pid 6113] <... chdir resumed>) = 0 [pid 6111] <... openat resumed>) = 4 [pid 5828] <... close resumed>) = 0 [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] rmdir("./52/file1" [pid 6112] <... setpgid resumed>) = 0 [pid 6112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6113] <... prctl resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6113] setpgid(0, 0) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6111] ioctl(4, LOOP_SET_FD, 3 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] newfstatat(AT_FDCWD, "./52/binderfs", [pid 6112] <... openat resumed>) = 3 [pid 6112] write(3, "1000", 4) = 4 [pid 6112] close(3) = 0 [pid 6112] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6113] <... openat resumed>) = 3 [pid 6112] <... symlink resumed>) = 0 [pid 5828] unlink("./52/binderfs" [pid 6112] write(1, "executing program\n", 18 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 6112] <... write resumed>) = 18 [pid 6112] memfd_create("syzkaller", 0) = 3 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6111] <... ioctl resumed>) = 0 [pid 6113] write(3, "1000", 4 [pid 6112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... close resumed>) = 0 [pid 6111] close(3 [pid 6113] <... write resumed>) = 4 [pid 6111] <... close resumed>) = 0 [pid 6110] <... mount resumed>) = 0 [pid 5828] rmdir("./52" [pid 6113] close(3 [pid 6110] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6113] <... close resumed>) = 0 [pid 6111] close(4 [pid 6110] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 6113] symlink("/dev/binderfs", "./binderfs" [pid 6110] chdir("./file1" [pid 5828] mkdir("./53", 0777executing program [pid 6113] <... symlink resumed>) = 0 [pid 6111] <... close resumed>) = 0 [pid 6110] <... chdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6113] write(1, "executing program\n", 18 [pid 6110] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6113] <... write resumed>) = 18 [pid 6113] memfd_create("syzkaller", 0 [pid 6111] mkdir("./file1", 0777 [pid 6110] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... openat resumed>) = 3 [pid 6111] <... mkdir resumed>) = 0 [pid 6110] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [ 114.891925][ T6110] loop1: detected capacity change from 0 to 1024 [ 114.923512][ T6111] loop4: detected capacity change from 0 to 1024 [pid 6111] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6113] <... memfd_create resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] <... ioctl resumed>) = 0 [pid 6112] <... write resumed>) = 524288 [pid 5828] close(3 [pid 6112] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... close resumed>) = 0 [pid 6113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6112] <... munmap resumed>) = 0 [pid 6110] <... link resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6110] sync( [pid 6112] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6114 attached ) = 4 [pid 6114] set_robust_list(0x5555934ed660, 24) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6114 [pid 6111] <... mount resumed>) = 0 [pid 6114] chdir("./53" [pid 6112] ioctl(4, LOOP_SET_FD, 3 [pid 6111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6114] <... chdir resumed>) = 0 [pid 6111] <... openat resumed>) = 3 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6113] <... write resumed>) = 524288 [pid 6111] chdir("./file1" [pid 6114] <... prctl resumed>) = 0 [pid 6111] <... chdir resumed>) = 0 [pid 6114] setpgid(0, 0 [pid 6111] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6114] <... setpgid resumed>) = 0 [pid 6111] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6111] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6114] <... openat resumed>) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6113] munmap(0x7ff1eb400000, 138412032 [pid 6114] close(3) = 0 [pid 6113] <... munmap resumed>) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs" [pid 6112] <... ioctl resumed>) = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6112] close(3 [pid 6113] <... openat resumed>) = 4 [pid 6112] <... close resumed>) = 0 [pid 6114] <... symlink resumed>) = 0 [pid 6113] ioctl(4, LOOP_SET_FD, 3 [pid 6112] close(4 [pid 6114] write(1, "executing program\n", 18 [pid 6112] <... close resumed>) = 0 [ 114.996588][ T6112] loop2: detected capacity change from 0 to 1024 [pid 6111] <... link resumed>) = 0 [pid 6112] mkdir("./file1", 0777 [pid 6111] sync( [pid 6110] <... sync resumed>) = 0 [pid 6112] <... mkdir resumed>) = 0 [pid 6112] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""executing program [pid 6114] <... write resumed>) = 18 [pid 6114] memfd_create("syzkaller", 0) = 3 [pid 6110] exit_group(0 [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6113] <... ioctl resumed>) = 0 [pid 6110] <... exit_group resumed>) = ? [pid 6114] <... mmap resumed>) = 0x7ff1eb400000 [pid 6112] <... mount resumed>) = 0 [pid 6112] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6113] close(3 [pid 6110] +++ exited with 0 +++ [pid 6111] <... sync resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6110, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6112] chdir("./file1" [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6113] <... close resumed>) = 0 [pid 6112] <... chdir resumed>) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6111] exit_group(0 [pid 6113] close(4) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6112] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6111] <... exit_group resumed>) = ? [pid 6112] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6111] +++ exited with 0 +++ [pid 6113] mkdir("./file1", 0777 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6113] <... mkdir resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6113] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(3, "", [pid 6114] <... write resumed>) = 524288 [pid 5832] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5832] <... openat resumed>) = 3 [ 115.041689][ T6113] loop3: detected capacity change from 0 to 1024 [pid 5832] newfstatat(3, "", [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 6112] <... link resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6112] sync( [pid 5832] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6114] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6114] ioctl(4, LOOP_SET_FD, 3 [pid 6113] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6113] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./54/file1", [pid 6113] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6113] chdir("./file1" [pid 5829] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6113] <... chdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6113] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... openat resumed>) = 4 [pid 6113] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6113] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... umount2 resumed>) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./54/file1") = 0 [pid 6114] <... ioctl resumed>) = 0 [pid 5829] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./54/binderfs", [pid 6114] close(3 [pid 6113] <... link resumed>) = 0 [pid 6112] <... sync resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6114] <... close resumed>) = 0 [ 115.123731][ T6114] loop0: detected capacity change from 0 to 1024 [pid 6114] close(4 [pid 6113] sync( [pid 6112] exit_group(0 [pid 5832] newfstatat(AT_FDCWD, "./53/file1", [pid 5829] unlink("./54/binderfs") = 0 [pid 6114] <... close resumed>) = 0 [pid 6114] mkdir("./file1", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6114] <... mkdir resumed>) = 0 [pid 6112] <... exit_group resumed>) = ? [pid 5832] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 6114] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] close(3 [pid 5832] <... openat resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5829] rmdir("./54" [pid 6112] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5829] <... rmdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6112, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] mkdir("./55", 0777) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./53/file1" [pid 5830] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./53/binderfs") = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 5832] getdents64(3, [pid 5829] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] close(3 [pid 5830] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./53") = 0 ./strace-static-x86_64: Process 6115 attached [pid 5830] <... openat resumed>) = 3 [pid 6114] <... mount resumed>) = 0 [pid 5832] mkdir("./54", 0777 [pid 5830] newfstatat(3, "", [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6115 [pid 6115] set_robust_list(0x5555934ed660, 24 [pid 6114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6115] <... set_robust_list resumed>) = 0 [pid 5830] getdents64(3, [pid 6115] chdir("./55" [pid 6114] <... openat resumed>) = 3 [pid 6115] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6115] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6114] chdir("./file1" [pid 5832] <... openat resumed>) = 3 [pid 6115] <... prctl resumed>) = 0 [pid 6114] <... chdir resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6115] setpgid(0, 0 [pid 6114] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... ioctl resumed>) = 0 [pid 6115] <... setpgid resumed>) = 0 [pid 6114] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6113] <... sync resumed>) = 0 [pid 5832] close(3 [pid 6115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... close resumed>) = 0 [pid 6113] exit_group(0 [pid 6115] <... openat resumed>) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6116 attached [pid 6115] write(3, "1000", 4) = 4 [pid 6113] <... exit_group resumed>) = ? [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6116 [pid 6115] close(3) = 0 [pid 6115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6113] +++ exited with 0 +++ [pid 6116] set_robust_list(0x5555934ed660, 24 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6116] <... set_robust_list resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6116] chdir("./54" [pid 6115] write(1, "executing program\n", 18 [pid 6114] <... link resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6116] <... chdir resumed>) = 0 [pid 6115] <... write resumed>) = 18 [pid 5831] <... openat resumed>) = 3 [pid 6116] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6115] memfd_create("syzkaller", 0 [pid 6114] sync( [pid 5831] newfstatat(3, "", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6116] <... prctl resumed>) = 0 [pid 6115] <... memfd_create resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6116] setpgid(0, 0 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] getdents64(3, [pid 5830] newfstatat(AT_FDCWD, "./56/file1", [pid 6116] <... setpgid resumed>) = 0 [pid 6115] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6116] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6116] write(3, "1000", 4) = 4 [pid 6116] close(3 [pid 5830] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6116] <... close resumed>) = 0 [pid 6116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] <... sync resumed>) = 0 [pid 6115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288executing program [pid 6116] write(1, "executing program\n", 18) = 18 [pid 6116] memfd_create("syzkaller", 0) = 3 [pid 6116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6114] exit_group(0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6114] <... exit_group resumed>) = ? [pid 6115] <... write resumed>) = 524288 [pid 6116] <... write resumed>) = 524288 [pid 6114] +++ exited with 0 +++ [pid 5831] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(AT_FDCWD, "./49/file1", [pid 5830] getdents64(4, [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6116] munmap(0x7ff1eb400000, 138412032 [pid 6115] munmap(0x7ff1eb400000, 138412032 [pid 5830] getdents64(4, [pid 6116] <... munmap resumed>) = 0 [pid 6115] <... munmap resumed>) = 0 [pid 5831] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6116] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6115] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6116] <... openat resumed>) = 4 [pid 6115] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] close(4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6116] ioctl(4, LOOP_SET_FD, 3 [pid 6115] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] rmdir("./56/file1" [pid 5828] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 5828] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... close resumed>) = 0 [pid 5828] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./49/file1" [pid 5830] newfstatat(AT_FDCWD, "./56/binderfs", [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./56/binderfs" [pid 5831] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5831] unlink("./49/binderfs" [pid 5830] getdents64(3, [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5831] close(3) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] rmdir("./49") = 0 [pid 5830] rmdir("./56" [pid 5831] mkdir("./50", 0777 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./57", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 5828] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6117 attached [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6116] <... ioctl resumed>) = 0 [pid 6115] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./53/file1", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6117] set_robust_list(0x5555934ed660, 24 [pid 6116] close(3 [pid 6115] close(3 [pid 5831] <... ioctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6117] <... set_robust_list resumed>) = 0 [pid 6116] <... close resumed>) = 0 [pid 6115] <... close resumed>) = 0 [pid 5831] close(3 [pid 5828] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6116] close(4 [pid 6117] chdir("./57" [pid 6116] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6117 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6117] <... chdir resumed>) = 0 [pid 6116] mkdir("./file1", 0777 [pid 6115] close(4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6116] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6117] <... prctl resumed>) = 0 [pid 6115] <... close resumed>) = 0 [pid 6117] setpgid(0, 0 [pid 6115] mkdir("./file1", 0777 [pid 6117] <... setpgid resumed>) = 0 [pid 6115] <... mkdir resumed>) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... openat resumed>) = 4 [pid 6116] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""./strace-static-x86_64: Process 6118 attached [pid 6117] <... openat resumed>) = 3 [pid 6115] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] newfstatat(4, "", [pid 6117] write(3, "1000", 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 115.337835][ T6115] loop1: detected capacity change from 0 to 1024 [ 115.344807][ T6116] loop4: detected capacity change from 0 to 1024 [pid 6117] <... write resumed>) = 4 [pid 6117] close(3) = 0 [pid 5828] getdents64(4, [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6118 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] write(1, "executing program\n", 18executing program ) = 18 [pid 6117] memfd_create("syzkaller", 0 [pid 6118] set_robust_list(0x5555934ed660, 24 [pid 6117] <... memfd_create resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6118] <... set_robust_list resumed>) = 0 [pid 6116] <... mount resumed>) = 0 [pid 6115] <... mount resumed>) = 0 [pid 5828] getdents64(4, [pid 6118] chdir("./50" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6118] <... chdir resumed>) = 0 [pid 5828] close(4 [pid 6118] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6115] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6118] <... prctl resumed>) = 0 [pid 6117] <... write resumed>) = 524288 [pid 6116] <... openat resumed>) = 3 [pid 6115] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 6115] chdir("./file1" [pid 6116] chdir("./file1" [pid 6115] <... chdir resumed>) = 0 [pid 6116] <... chdir resumed>) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6116] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6115] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6116] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6115] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6116] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] rmdir("./53/file1" [pid 6117] munmap(0x7ff1eb400000, 138412032 [pid 6118] setpgid(0, 0 [pid 6115] <... link resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6118] <... setpgid resumed>) = 0 [pid 6115] sync( [pid 5828] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6117] <... munmap resumed>) = 0 [pid 6116] <... link resumed>) = 0 [pid 6118] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6118] write(3, "1000", 4) = 4 [pid 6116] sync( [pid 5828] newfstatat(AT_FDCWD, "./53/binderfs", [pid 6118] close(3 [pid 6117] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6118] <... close resumed>) = 0 [pid 6117] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6118] symlink("/dev/binderfs", "./binderfs" [pid 5828] unlink("./53/binderfs" [pid 6117] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6117] ioctl(4, LOOP_CLR_FD) = 0 executing program [pid 6118] <... symlink resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6118] write(1, "executing program\n", 18 [pid 6117] ioctl(4, LOOP_SET_FD, 3 [pid 5828] getdents64(3, [pid 6118] <... write resumed>) = 18 [pid 6117] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6118] memfd_create("syzkaller", 0 [pid 5828] close(3 [pid 6118] <... memfd_create resumed>) = 3 [pid 6117] close(4 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6117] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6118] <... mmap resumed>) = 0x7ff1eb400000 [pid 6117] close(3 [pid 5828] rmdir("./53" [pid 6117] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./54", 0777 [pid 6116] <... sync resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6116] exit_group(0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6116] <... exit_group resumed>) = ? [pid 5828] <... openat resumed>) = 3 [pid 6116] +++ exited with 0 +++ [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6116, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6115] <... sync resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6115] exit_group(0 [pid 5828] close(3 [pid 5832] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 6115] <... exit_group resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6115] +++ exited with 0 +++ [pid 5832] getdents64(3, [pid 6117] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6115, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6117] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... close resumed>) = 0 [pid 6117] sync( [pid 5832] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5832] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6119 attached [pid 6118] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6117] <... sync resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./55/file1", [pid 5832] newfstatat(AT_FDCWD, "./54/file1", [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6119 [pid 6117] exit_group(0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6117] <... exit_group resumed>) = ? [pid 5832] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6119] set_robust_list(0x5555934ed660, 24 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6119] <... set_robust_list resumed>) = 0 [pid 6118] munmap(0x7ff1eb400000, 138412032 [pid 6117] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6118] <... munmap resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 4 [pid 6118] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] getdents64(4, [pid 5829] newfstatat(4, "", [pid 6119] chdir("./54" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5829] getdents64(4, [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6119] <... chdir resumed>) = 0 [pid 5832] close(4 [pid 5830] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] getdents64(4, [pid 5832] rmdir("./54/file1" [pid 5830] newfstatat(3, "", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6118] <... openat resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6119] <... prctl resumed>) = 0 [pid 6118] ioctl(4, LOOP_SET_FD, 3 [pid 5832] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5829] close(4 [pid 6119] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6119] <... setpgid resumed>) = 0 [pid 5830] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6119] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./57/binderfs", [pid 6119] write(3, "1000", 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 6119] <... write resumed>) = 4 [pid 5830] unlink("./57/binderfs" [pid 6119] close(3 [pid 5832] newfstatat(AT_FDCWD, "./54/binderfs", [pid 5830] <... unlink resumed>) = 0 [pid 5829] rmdir("./55/file1" [pid 6119] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 6119] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6119] <... symlink resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./57" [pid 6119] write(1, "executing program\n", 18 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5832] unlink("./54/binderfs" [pid 5829] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6118] <... ioctl resumed>) = 0 [pid 6119] <... write resumed>) = 18 [pid 6119] memfd_create("syzkaller", 0 [pid 6118] close(3 [pid 5832] <... unlink resumed>) = 0 [pid 5830] mkdir("./58", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6119] <... memfd_create resumed>) = 3 [pid 6118] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5829] newfstatat(AT_FDCWD, "./55/binderfs", [pid 6118] close(4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6118] <... close resumed>) = 0 [pid 5832] close(3 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... close resumed>) = 0 [pid 5829] unlink("./55/binderfs" [pid 6118] mkdir("./file1", 0777 [pid 5832] rmdir("./54" [pid 6119] <... mmap resumed>) = 0x7ff1eb400000 [pid 6118] <... mkdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6118] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] getdents64(3, [pid 6119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] mkdir("./55", 0777 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] rmdir("./55" [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] mkdir("./56", 0777 [pid 6118] <... mount resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 115.619483][ T6118] loop3: detected capacity change from 0 to 1024 [pid 5832] close(3./strace-static-x86_64: Process 6120 attached [pid 6118] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6120] set_robust_list(0x5555934ed660, 24 [pid 6119] <... write resumed>) = 524288 [pid 6118] <... openat resumed>) = 3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6121 attached [pid 6120] <... set_robust_list resumed>) = 0 [pid 6118] chdir("./file1" [pid 5829] <... ioctl resumed>) = 0 [pid 6118] <... chdir resumed>) = 0 [pid 5829] close(3 [pid 6120] chdir("./58" [pid 6118] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... close resumed>) = 0 [pid 6120] <... chdir resumed>) = 0 [pid 6118] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6121] set_robust_list(0x5555934ed660, 24 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6118] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6121 ./strace-static-x86_64: Process 6122 attached [pid 6121] <... set_robust_list resumed>) = 0 [pid 6120] <... prctl resumed>) = 0 [pid 6119] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6120 [pid 6121] chdir("./55" [pid 6120] setpgid(0, 0 [pid 6119] <... munmap resumed>) = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6120] <... setpgid resumed>) = 0 [pid 6119] <... openat resumed>) = 4 [pid 6122] set_robust_list(0x5555934ed660, 24 [pid 6121] <... chdir resumed>) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6119] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6122 [pid 6122] <... set_robust_list resumed>) = 0 [pid 6121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6120] <... openat resumed>) = 3 [pid 6122] chdir("./56" [pid 6121] <... prctl resumed>) = 0 [pid 6120] write(3, "1000", 4 [pid 6121] setpgid(0, 0 [pid 6120] <... write resumed>) = 4 [pid 6122] <... chdir resumed>) = 0 [pid 6121] <... setpgid resumed>) = 0 [pid 6120] close(3 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6120] <... close resumed>) = 0 [pid 6118] <... link resumed>) = 0 [pid 6122] <... prctl resumed>) = 0 [pid 6120] symlink("/dev/binderfs", "./binderfs" [pid 6118] sync( [pid 6122] setpgid(0, 0 [pid 6120] <... symlink resumed>) = 0 [pid 6122] <... setpgid resumed>) = 0 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6120] write(1, "executing program\n", 18executing program [pid 6122] <... openat resumed>) = 3 [pid 6120] <... write resumed>) = 18 [pid 6122] write(3, "1000", 4 [pid 6120] memfd_create("syzkaller", 0 [pid 6122] <... write resumed>) = 4 [pid 6122] close(3 [pid 6121] <... openat resumed>) = 3 [pid 6120] <... memfd_create resumed>) = 3 [pid 6119] <... ioctl resumed>) = 0 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6122] <... close resumed>) = 0 [pid 6120] <... mmap resumed>) = 0x7ff1eb400000 [pid 6122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6121] write(3, "1000", 4 [pid 6120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6122] write(1, "executing program\n", 18 [pid 6121] <... write resumed>) = 4 [pid 6119] close(3) = 0 executing program [pid 6122] <... write resumed>) = 18 [pid 6121] close(3 [pid 6119] close(4 [pid 6122] memfd_create("syzkaller", 0 [pid 6121] <... close resumed>) = 0 [pid 6119] <... close resumed>) = 0 [pid 6121] symlink("/dev/binderfs", "./binderfs" [pid 6119] mkdir("./file1", 0777 [ 115.715242][ T6119] loop0: detected capacity change from 0 to 1024 executing program [pid 6122] <... memfd_create resumed>) = 3 [pid 6121] <... symlink resumed>) = 0 [pid 6119] <... mkdir resumed>) = 0 [pid 6118] <... sync resumed>) = 0 [pid 6119] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6121] write(1, "executing program\n", 18 [pid 6118] exit_group(0 [pid 6122] <... mmap resumed>) = 0x7ff1eb400000 [pid 6121] <... write resumed>) = 18 [pid 6118] <... exit_group resumed>) = ? [pid 6121] memfd_create("syzkaller", 0 [pid 6120] <... write resumed>) = 524288 [pid 6118] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6118, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6121] <... memfd_create resumed>) = 3 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6120] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5831] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6119] <... mount resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6119] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 6120] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6119] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6120] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(3, [pid 6119] chdir("./file1") = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6119] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6122] <... write resumed>) = 524288 [pid 6120] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6122] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6120] close(3 [pid 5831] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6120] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6120] close(4 [pid 5831] newfstatat(AT_FDCWD, "./50/file1", [pid 6122] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6121] <... write resumed>) = 524288 [pid 6119] <... link resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6120] <... close resumed>) = 0 [pid 6122] <... openat resumed>) = 4 [pid 6120] mkdir("./file1", 0777 [pid 6119] sync( [pid 6122] ioctl(4, LOOP_SET_FD, 3 [pid 6121] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6120] <... mkdir resumed>) = 0 [pid 5831] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 115.813001][ T6120] loop2: detected capacity change from 0 to 1024 [ 115.852028][ T6122] loop1: detected capacity change from 0 to 1024 [pid 6121] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5831] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6121] ioctl(4, LOOP_SET_FD, 3 [pid 6120] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6122] <... ioctl resumed>) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6122] close(3 [pid 5831] close(4 [pid 6122] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6122] close(4) = 0 [pid 5831] rmdir("./50/file1" [pid 6122] mkdir("./file1", 0777) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6122] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6121] <... ioctl resumed>) = 0 [pid 5831] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6121] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6121] <... close resumed>) = 0 [pid 6121] close(4) = 0 [pid 6121] mkdir("./file1", 0777 [pid 5831] newfstatat(AT_FDCWD, "./50/binderfs", [pid 6121] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6121] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] unlink("./50/binderfs") = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6120] <... mount resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./50" [pid 6122] <... mount resumed>) = 0 [pid 6122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 6122] chdir("./file1" [pid 6120] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] mkdir("./51", 0777 [pid 6122] <... chdir resumed>) = 0 [pid 6119] <... sync resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6120] <... openat resumed>) = 3 [pid 6119] exit_group(0 [pid 6122] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6119] <... exit_group resumed>) = ? [pid 6120] chdir("./file1" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6122] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6120] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6120] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 115.864471][ T6121] loop4: detected capacity change from 0 to 1024 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 6120] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6120] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6122] <... link resumed>) = 0 [pid 6119] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6123 attached [pid 6122] sync( [pid 5828] <... restart_syscall resumed>) = 0 [pid 6123] set_robust_list(0x5555934ed660, 24) = 0 [pid 5828] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6123 [pid 6123] chdir("./51" [pid 6120] <... link resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6121] <... mount resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6123] <... chdir resumed>) = 0 [pid 6120] sync( [pid 5828] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6121] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6121] chdir("./file1") = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6121] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6123] write(3, "1000", 4 [pid 6122] <... sync resumed>) = 0 [pid 6123] <... write resumed>) = 4 [pid 6123] close(3) = 0 [pid 6122] exit_group(0) = ? [pid 6122] +++ exited with 0 +++ [pid 6123] symlink("/dev/binderfs", "./binderfs" [pid 6120] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6123] <... symlink resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6120] exit_group(0) = ? [pid 6121] <... link resumed>) = 0 [pid 6121] sync( [pid 6120] +++ exited with 0 +++ [pid 5829] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6120, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6123] write(1, "executing program\n", 18 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./54/file1", [pid 6123] <... write resumed>) = 18 [pid 5830] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6123] memfd_create("syzkaller", 0 [pid 5830] newfstatat(3, "", [pid 5829] newfstatat(3, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6123] <... memfd_create resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6121] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6123] <... mmap resumed>) = 0x7ff1eb400000 [pid 6121] exit_group(0 [pid 5830] getdents64(3, [pid 5829] getdents64(3, [pid 5828] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6121] <... exit_group resumed>) = ? [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6121] +++ exited with 0 +++ [pid 5830] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... openat resumed>) = 4 [pid 6123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... umount2 resumed>) = 0 [pid 6123] <... write resumed>) = 524288 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6121, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5829] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(4, "", [pid 5830] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./58/file1") = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 5832] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5828] close(4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./58/binderfs" [pid 5832] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 5832] newfstatat(3, "", [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] rmdir("./54/file1" [pid 5830] close(3) = 0 [pid 5830] rmdir("./58" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] mkdir("./59", 0777 [pid 5828] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6123] munmap(0x7ff1eb400000, 138412032 [pid 5832] getdents64(3, [pid 5828] newfstatat(AT_FDCWD, "./54/binderfs", [pid 6123] <... munmap resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... umount2 resumed>) = 0 [pid 5828] unlink("./54/binderfs" [pid 5830] <... openat resumed>) = 3 [pid 5828] <... unlink resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6123] <... openat resumed>) = 4 [pid 5828] getdents64(3, [pid 5830] <... ioctl resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5828] close(3 [pid 5829] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 6123] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./54") = 0 [pid 5829] newfstatat(AT_FDCWD, "./56/file1", [pid 5828] mkdir("./55", 0777 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6124 attached [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6124] set_robust_list(0x5555934ed660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6124 [pid 6124] <... set_robust_list resumed>) = 0 [pid 6124] chdir("./59") = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6124] setpgid(0, 0) = 0 [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6124] write(3, "1000", 4) = 4 [pid 5829] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6123] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6124] close(3 [pid 5829] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... openat resumed>) = 3 [pid 6124] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 6124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6123] close(3 [pid 5829] newfstatat(4, "", [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6123] <... close resumed>) = 0 executing program [pid 6124] write(1, "executing program\n", 18 [pid 6123] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6123] <... close resumed>) = 0 [pid 5832] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(4, [pid 6123] mkdir("./file1", 0777 [pid 5828] close(3 [pid 6124] <... write resumed>) = 18 [pid 6123] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... close resumed>) = 0 [pid 6123] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] newfstatat(AT_FDCWD, "./55/file1", [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] getdents64(4, ./strace-static-x86_64: Process 6125 attached [pid 6124] memfd_create("syzkaller", 0 [pid 6123] <... mount resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6125] set_robust_list(0x5555934ed660, 24 [pid 6123] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6125 [pid 6125] <... set_robust_list resumed>) = 0 [pid 6123] <... openat resumed>) = 3 [pid 6125] chdir("./55" [pid 6124] <... memfd_create resumed>) = 3 [pid 6123] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 6125] <... chdir resumed>) = 0 [pid 6123] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./56/file1" [pid 6125] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6123] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6125] <... prctl resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [ 116.092697][ T6123] loop3: detected capacity change from 0 to 1024 [pid 6125] setpgid(0, 0 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6123] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(4, "", [pid 6125] <... setpgid resumed>) = 0 [pid 6124] <... mmap resumed>) = 0x7ff1eb400000 [pid 6123] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] getdents64(4, [pid 5829] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6125] <... openat resumed>) = 3 [pid 6125] write(3, "1000", 4 [pid 5829] unlink("./56/binderfs") = 0 [pid 6123] <... link resumed>) = 0 [pid 6125] <... write resumed>) = 4 [pid 6123] sync( [pid 5832] getdents64(4, [pid 5829] getdents64(3, [pid 6125] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6125] <... close resumed>) = 0 [pid 5832] close(4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6125] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5832] <... close resumed>) = 0 [pid 5829] close(3 [pid 6125] write(1, "executing program\n", 18 [pid 5832] rmdir("./55/file1" [pid 6125] <... write resumed>) = 18 [pid 5829] <... close resumed>) = 0 [pid 6125] memfd_create("syzkaller", 0 [pid 6123] <... sync resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] rmdir("./56" [pid 6123] exit_group(0 [pid 6125] <... memfd_create resumed>) = 3 [pid 6123] <... exit_group resumed>) = ? [pid 5832] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6124] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mkdir("./57", 0777 [pid 6124] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6123] +++ exited with 0 +++ [pid 5832] newfstatat(AT_FDCWD, "./55/binderfs", [pid 5829] <... mkdir resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] unlink("./55/binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(3 [pid 6125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6124] <... openat resumed>) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3 [pid 5831] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 6125] <... write resumed>) = 524288 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6126 attached [pid 5832] getdents64(3, [pid 5831] newfstatat(3, "", [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6126 [pid 6126] set_robust_list(0x5555934ed660, 24 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6126] <... set_robust_list resumed>) = 0 [pid 5832] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 6126] chdir("./57" [pid 5832] rmdir("./55" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 6126] <... chdir resumed>) = 0 [pid 6125] munmap(0x7ff1eb400000, 138412032 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6125] <... munmap resumed>) = 0 [pid 5832] mkdir("./56", 0777 [pid 6126] <... prctl resumed>) = 0 [pid 6126] setpgid(0, 0 [pid 5832] <... mkdir resumed>) = 0 [pid 6126] <... setpgid resumed>) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6126] write(3, "1000", 4 [pid 6125] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6126] <... write resumed>) = 4 [ 116.217736][ T6124] loop2: detected capacity change from 0 to 1024 [pid 6125] ioctl(4, LOOP_SET_FD, 3 [pid 6124] <... ioctl resumed>) = 0 [pid 6124] close(3) = 0 [pid 6124] close(4 [pid 6126] close(3 [pid 6124] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6124] mkdir("./file1", 0777) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6126] <... close resumed>) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... ioctl resumed>) = 0 [pid 6126] <... symlink resumed>) = 0 [pid 5832] close(3 [pid 6124] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""executing program [pid 6126] write(1, "executing program\n", 18 [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6126] <... write resumed>) = 18 [pid 6126] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6127 attached ) = 3 [pid 6125] <... ioctl resumed>) = 0 [pid 6126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6125] close(3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6127 [pid 6127] set_robust_list(0x5555934ed660, 24 [pid 6126] <... mmap resumed>) = 0x7ff1eb400000 [pid 6127] <... set_robust_list resumed>) = 0 [pid 6125] <... close resumed>) = 0 [pid 6127] chdir("./56" [pid 6125] close(4 [pid 5831] <... umount2 resumed>) = 0 [pid 6127] <... chdir resumed>) = 0 [pid 6126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6125] <... close resumed>) = 0 [pid 6124] <... mount resumed>) = 0 [pid 5831] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6127] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6127] <... prctl resumed>) = 0 [pid 6125] mkdir("./file1", 0777 [pid 6124] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6127] setpgid(0, 0 [pid 6125] <... mkdir resumed>) = 0 [pid 6124] chdir("./file1" [pid 5831] newfstatat(AT_FDCWD, "./51/file1", [pid 6124] <... chdir resumed>) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6127] <... setpgid resumed>) = 0 [pid 6125] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6124] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6124] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 116.258829][ T6125] loop0: detected capacity change from 0 to 1024 [pid 6127] <... openat resumed>) = 3 [pid 6126] <... write resumed>) = 524288 [pid 6127] write(3, "1000", 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 6127] <... write resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6127] close(3 [pid 6126] munmap(0x7ff1eb400000, 138412032 [pid 6127] <... close resumed>) = 0 [pid 6124] <... link resumed>) = 0 [pid 5831] getdents64(4, [pid 6126] <... munmap resumed>) = 0 [pid 6127] symlink("/dev/binderfs", "./binderfs" [pid 6126] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6127] <... symlink resumed>) = 0 [pid 6126] <... openat resumed>) = 4 [pid 6125] <... mount resumed>) = 0 [pid 6124] sync( [pid 5831] close(4 executing program [pid 6126] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... close resumed>) = 0 [pid 6125] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6127] write(1, "executing program\n", 18) = 18 [pid 6125] <... openat resumed>) = 3 [pid 5831] rmdir("./51/file1") = 0 [pid 6127] memfd_create("syzkaller", 0 [pid 6125] chdir("./file1" [pid 5831] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6127] <... memfd_create resumed>) = 3 [pid 6125] <... chdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./51/binderfs", [pid 6127] <... mmap resumed>) = 0x7ff1eb400000 [pid 6125] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6125] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] unlink("./51/binderfs" [pid 6124] <... sync resumed>) = 0 [pid 6124] exit_group(0 [pid 5831] <... unlink resumed>) = 0 [pid 6124] <... exit_group resumed>) = ? [pid 5831] getdents64(3, [pid 6124] +++ exited with 0 +++ [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./51") = 0 [pid 5831] mkdir("./52", 0777 [pid 6127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6126] <... ioctl resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3) = 0 [pid 6126] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6125] <... link resumed>) = 0 ./strace-static-x86_64: Process 6128 attached [pid 6125] sync( [pid 6126] <... close resumed>) = 0 [pid 6126] close(4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6128 [ 116.353772][ T6126] loop1: detected capacity change from 0 to 1024 [pid 6128] set_robust_list(0x5555934ed660, 24 [pid 6126] <... close resumed>) = 0 [pid 6126] mkdir("./file1", 0777 [pid 6128] <... set_robust_list resumed>) = 0 [pid 6127] <... write resumed>) = 524288 [pid 6126] <... mkdir resumed>) = 0 [pid 6128] chdir("./52" [pid 5830] <... umount2 resumed>) = 0 [pid 6127] munmap(0x7ff1eb400000, 138412032 [pid 6126] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6128] <... chdir resumed>) = 0 [pid 6128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6128] setpgid(0, 0) = 0 [pid 6128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6127] <... munmap resumed>) = 0 [pid 6128] <... openat resumed>) = 3 [pid 5830] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6128] write(3, "1000", 4 [pid 5830] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6128] <... write resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6128] close(3 [pid 5830] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6128] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6128] symlink("/dev/binderfs", "./binderfs" [pid 6127] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] newfstatat(4, "", [pid 6128] <... symlink resumed>) = 0 [pid 6127] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 6127] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 executing program [pid 6128] write(1, "executing program\n", 18 [pid 5830] getdents64(4, [pid 6128] <... write resumed>) = 18 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6128] memfd_create("syzkaller", 0 [pid 5830] close(4 [pid 6128] <... memfd_create resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 6128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] rmdir("./59/file1" [pid 6128] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./59/binderfs") = 0 [pid 6128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] getdents64(3, [pid 6128] <... write resumed>) = 524288 [pid 6126] <... mount resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 6127] <... ioctl resumed>) = 0 [pid 6126] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6125] <... sync resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6127] close(3 [pid 6126] <... openat resumed>) = 3 [pid 6125] exit_group(0 [pid 5830] rmdir("./59" [pid 6127] <... close resumed>) = 0 [pid 6126] chdir("./file1" [pid 6125] <... exit_group resumed>) = ? [pid 5830] <... rmdir resumed>) = 0 [pid 6126] <... chdir resumed>) = 0 [pid 6127] close(4) = 0 [pid 6126] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6125] +++ exited with 0 +++ [pid 5830] mkdir("./60", 0777 [pid 6127] mkdir("./file1", 0777 [pid 6126] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... mkdir resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6125, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6126] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6127] <... mkdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6127] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... restart_syscall resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... ioctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 5828] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 6128] munmap(0x7ff1eb400000, 138412032 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6129 attached [pid 6128] <... munmap resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6129 [pid 6128] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6129] set_robust_list(0x5555934ed660, 24) = 0 [ 116.446151][ T6127] loop4: detected capacity change from 0 to 1024 [pid 6129] chdir("./60" [pid 6128] ioctl(4, LOOP_SET_FD, 3 [pid 6127] <... mount resumed>) = 0 [pid 6126] <... link resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", [pid 6126] sync( [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6129] <... chdir resumed>) = 0 [pid 6127] chdir("./file1" [pid 5828] getdents64(3, [pid 6129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6129] setpgid(0, 0 [pid 6127] <... chdir resumed>) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 executing program [pid 6129] <... setpgid resumed>) = 0 [pid 6127] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6127] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6129] <... openat resumed>) = 3 [pid 6129] write(3, "1000", 4) = 4 [pid 6129] close(3) = 0 [pid 6129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6129] write(1, "executing program\n", 18) = 18 [pid 6129] memfd_create("syzkaller", 0) = 3 [pid 6129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] <... umount2 resumed>) = 0 [pid 6128] <... ioctl resumed>) = 0 [pid 5828] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6128] close(3 [pid 5828] newfstatat(AT_FDCWD, "./55/file1", [pid 6128] <... close resumed>) = 0 [pid 6128] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6128] <... close resumed>) = 0 [pid 6128] mkdir("./file1", 0777) = 0 [pid 5828] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6127] <... link resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6127] sync( [pid 5828] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6128] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6129] <... write resumed>) = 524288 [pid 6126] <... sync resumed>) = 0 [pid 5828] getdents64(4, [pid 6126] exit_group(0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [ 116.522786][ T6128] loop3: detected capacity change from 0 to 1024 [pid 6126] <... exit_group resumed>) = ? [pid 5828] getdents64(4, [pid 6126] +++ exited with 0 +++ [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6128] <... mount resumed>) = 0 [pid 5828] close(4 [pid 6128] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6126, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] <... close resumed>) = 0 [pid 6128] <... openat resumed>) = 3 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] rmdir("./55/file1" [pid 6128] chdir("./file1") = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6128] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6129] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6129] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6129] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6129] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6129] ioctl(4, LOOP_CLR_FD [pid 5828] newfstatat(AT_FDCWD, "./55/binderfs", [pid 6129] <... ioctl resumed>) = 0 [pid 6128] <... link resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6128] sync( [pid 5828] unlink("./55/binderfs" [pid 6129] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... unlink resumed>) = 0 [pid 6129] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6129] close(4) = 0 [pid 6129] close(3 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./55") = 0 [pid 6129] <... close resumed>) = 0 [pid 5828] mkdir("./56", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6130 attached [pid 6128] <... sync resumed>) = 0 [pid 6127] <... sync resumed>) = 0 [pid 6128] exit_group(0 [pid 6127] exit_group(0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6130 [pid 6129] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6130] set_robust_list(0x5555934ed660, 24 [pid 6127] <... exit_group resumed>) = ? [pid 6130] <... set_robust_list resumed>) = 0 [pid 6129] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6128] <... exit_group resumed>) = ? [pid 6127] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = 0 [pid 6130] chdir("./56" [pid 6129] sync( [pid 6128] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6127, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5829] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6130] <... chdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6128, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6130] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6130] <... prctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6130] setpgid(0, 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] getdents64(4, [pid 6130] <... setpgid resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 6130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] newfstatat(3, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./57/file1" [pid 5832] getdents64(3, [pid 5831] getdents64(3, [pid 5829] <... rmdir resumed>) = 0 [pid 6130] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./57/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./57") = 0 [pid 5829] mkdir("./58", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6130] write(3, "1000", 4) = 4 [pid 6130] close(3 [pid 6129] <... sync resumed>) = 0 [pid 6129] exit_group(0./strace-static-x86_64: Process 6131 attached [pid 6130] <... close resumed>) = 0 [pid 6130] symlink("/dev/binderfs", "./binderfs" [pid 6129] <... exit_group resumed>) = ? [pid 6130] <... symlink resumed>) = 0 [pid 6129] +++ exited with 0 +++ [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6131 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6129, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6131] set_robust_list(0x5555934ed660, 24 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6131] <... set_robust_list resumed>) = 0 [pid 6131] chdir("./58") = 0 [pid 6131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6131] setpgid(0, 0) = 0 [pid 6131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... restart_syscall resumed>) = 0 [pid 6131] <... openat resumed>) = 3 executing program [pid 6130] write(1, "executing program\n", 18 [pid 6131] write(3, "1000", 4 [pid 5830] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6130] <... write resumed>) = 18 [pid 6131] <... write resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6131] close(3 [pid 5830] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6130] memfd_create("syzkaller", 0executing program [pid 6131] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6131] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6131] <... symlink resumed>) = 0 [pid 5830] unlink("./60/binderfs") = 0 [pid 6130] <... memfd_create resumed>) = 3 [pid 6131] write(1, "executing program\n", 18) = 18 [pid 6131] memfd_create("syzkaller", 0) = 3 [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] getdents64(3, [pid 6131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6130] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6131] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] close(3 [pid 6130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./60") = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5832] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] mkdir("./61", 0777 [pid 6130] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5832] newfstatat(4, "", [pid 5831] newfstatat(AT_FDCWD, "./52/file1", [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] close(3 [pid 5832] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6132 attached [pid 5832] getdents64(4, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6130] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(4 [pid 6132] set_robust_list(0x5555934ed660, 24 [pid 5832] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6132] <... set_robust_list resumed>) = 0 [pid 5832] rmdir("./56/file1" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6132 [pid 6130] <... munmap resumed>) = 0 [pid 6132] chdir("./61" [pid 6131] <... write resumed>) = 524288 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 6132] <... chdir resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 6130] <... openat resumed>) = 4 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6130] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(4, [pid 6132] <... prctl resumed>) = 0 [pid 6130] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6130] ioctl(4, LOOP_CLR_FD [pid 6132] setpgid(0, 0 [pid 6130] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6132] <... setpgid resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./56/binderfs", [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./56/binderfs") = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6130] ioctl(4, LOOP_SET_FD, 3 [pid 6131] munmap(0x7ff1eb400000, 138412032 [pid 6130] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] getdents64(3, [pid 6132] <... openat resumed>) = 3 [pid 6131] <... munmap resumed>) = 0 [pid 6130] close(4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 6130] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6130] close(3 [pid 5832] close(3 [pid 5831] close(4 [pid 6132] write(3, "1000", 4 [pid 6131] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 6132] <... write resumed>) = 4 [pid 6131] <... openat resumed>) = 4 [pid 6132] close(3 [pid 6131] ioctl(4, LOOP_SET_FD, 3 [pid 6132] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./52/file1" [pid 6132] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... rmdir resumed>) = 0 [pid 6132] <... symlink resumed>) = 0 executing program [pid 6132] write(1, "executing program\n", 18 [pid 5832] rmdir("./56" [pid 5831] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6132] <... write resumed>) = 18 [pid 6132] memfd_create("syzkaller", 0) = 3 [pid 6130] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6130] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] newfstatat(AT_FDCWD, "./52/binderfs", [pid 6130] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5832] mkdir("./57", 0777 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6130] sync( [pid 5831] unlink("./52/binderfs" [pid 6131] <... ioctl resumed>) = 0 [pid 6131] close(3 [pid 5832] <... mkdir resumed>) = 0 [pid 6131] <... close resumed>) = 0 [pid 6131] close(4) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] close(3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6132] <... write resumed>) = 524288 [pid 5831] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 6132] munmap(0x7ff1eb400000, 138412032 [pid 6131] mkdir("./file1", 0777 [pid 5832] close(3 [pid 5831] rmdir("./52" [pid 6132] <... munmap resumed>) = 0 [pid 6131] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6131] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6132] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6130] <... sync resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] mkdir("./53", 0777 [pid 6132] <... openat resumed>) = 4 [pid 6130] exit_group(0 [pid 5831] <... mkdir resumed>) = 0 [ 116.781083][ T6131] loop1: detected capacity change from 0 to 1024 [pid 6132] ioctl(4, LOOP_SET_FD, 3 [pid 6130] <... exit_group resumed>) = ? [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6130] +++ exited with 0 +++ [pid 5831] <... openat resumed>) = 3 [pid 6131] <... mount resumed>) = 0 [pid 6131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6131] chdir("./file1") = 0 [pid 6131] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6131] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6130, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 6133 attached [pid 5831] close(3 [pid 6133] set_robust_list(0x5555934ed660, 24 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6133] <... set_robust_list resumed>) = 0 [pid 6133] chdir("./57" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6134 ./strace-static-x86_64: Process 6134 attached [pid 6133] <... chdir resumed>) = 0 [pid 6132] <... ioctl resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6133 [pid 6133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] set_robust_list(0x5555934ed660, 24 [pid 6132] close(3 [pid 6133] setpgid(0, 0 [pid 6132] <... close resumed>) = 0 [pid 6134] <... set_robust_list resumed>) = 0 [pid 6133] <... setpgid resumed>) = 0 [pid 6132] close(4 [pid 6134] chdir("./53" [pid 6133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 6134] <... chdir resumed>) = 0 [pid 6133] <... openat resumed>) = 3 [pid 6132] <... close resumed>) = 0 [pid 6131] <... link resumed>) = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6133] write(3, "1000", 4 [pid 6132] mkdir("./file1", 0777 [pid 6131] sync( [pid 6134] <... prctl resumed>) = 0 [pid 6133] <... write resumed>) = 4 [pid 6133] close(3) = 0 [pid 5828] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6133] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6134] setpgid(0, 0 [pid 6133] <... symlink resumed>) = 0 [pid 6132] <... mkdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6134] <... setpgid resumed>) = 0 [pid 6133] write(1, "executing program\n", 18 [pid 5828] newfstatat(3, "", [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6133] <... write resumed>) = 18 [pid 6132] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6133] memfd_create("syzkaller", 0 [pid 5828] getdents64(3, [pid 6133] <... memfd_create resumed>) = 3 [pid 6134] <... openat resumed>) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6133] <... mmap resumed>) = 0x7ff1eb400000 [pid 6134] write(3, "1000", 4 [pid 5828] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6134] <... write resumed>) = 4 [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6134] close(3 [pid 5828] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./56/binderfs" [pid 6132] <... mount resumed>) = 0 [pid 6132] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] <... unlink resumed>) = 0 [pid 6134] <... close resumed>) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs" [pid 6132] <... openat resumed>) = 3 [ 116.844784][ T6132] loop2: detected capacity change from 0 to 1024 [pid 5828] getdents64(3, executing program [pid 6134] <... symlink resumed>) = 0 [pid 6132] chdir("./file1" [pid 6131] <... sync resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6134] write(1, "executing program\n", 18 [pid 5828] close(3 [pid 6132] <... chdir resumed>) = 0 [pid 6134] <... write resumed>) = 18 [pid 6131] exit_group(0 [pid 6134] memfd_create("syzkaller", 0 [pid 6133] <... write resumed>) = 524288 [pid 6132] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6131] <... exit_group resumed>) = ? [pid 5828] <... close resumed>) = 0 [pid 6134] <... memfd_create resumed>) = 3 [pid 6134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6132] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6131] +++ exited with 0 +++ [pid 5828] rmdir("./56" [pid 6134] <... mmap resumed>) = 0x7ff1eb400000 [pid 6133] munmap(0x7ff1eb400000, 138412032 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6131, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] <... rmdir resumed>) = 0 [pid 6133] <... munmap resumed>) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6132] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] mkdir("./57", 0777 [pid 6133] <... openat resumed>) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3 [pid 6134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6134] <... write resumed>) = 524288 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6134] munmap(0x7ff1eb400000, 138412032 [pid 6132] <... link resumed>) = 0 [pid 5829] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 6134] <... munmap resumed>) = 0 [pid 6132] sync( [pid 5828] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... close resumed>) = 0 [pid 5829] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6134] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6135 [pid 6134] <... openat resumed>) = 4 [pid 6134] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6135 attached [pid 6135] set_robust_list(0x5555934ed660, 24 [pid 5829] <... umount2 resumed>) = 0 [pid 6135] <... set_robust_list resumed>) = 0 [pid 6133] <... ioctl resumed>) = 0 [pid 5829] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6135] chdir("./57" [pid 6133] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6135] <... chdir resumed>) = 0 [pid 6133] <... close resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./58/file1", [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6133] close(4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 116.933694][ T6133] loop4: detected capacity change from 0 to 1024 [pid 6135] <... prctl resumed>) = 0 [pid 6133] <... close resumed>) = 0 [pid 5829] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6135] setpgid(0, 0 [pid 6134] <... ioctl resumed>) = 0 [pid 6133] mkdir("./file1", 0777 [pid 6135] <... setpgid resumed>) = 0 [pid 6133] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6135] <... openat resumed>) = 3 [pid 6133] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6135] write(3, "1000", 4 [pid 5829] getdents64(4, [pid 6135] <... write resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6135] close(3 [pid 5829] getdents64(4, [pid 6135] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 executing program [pid 6135] symlink("/dev/binderfs", "./binderfs" [pid 5829] close(4 [pid 6135] <... symlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6135] write(1, "executing program\n", 18 [pid 5829] rmdir("./58/file1" [pid 6135] <... write resumed>) = 18 [pid 6135] memfd_create("syzkaller", 0) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5829] <... rmdir resumed>) = 0 [pid 6135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6134] close(3 [pid 6135] <... write resumed>) = 524288 [pid 6133] <... mount resumed>) = 0 [pid 6132] <... sync resumed>) = 0 [pid 6134] <... close resumed>) = 0 [pid 5829] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6134] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6134] <... close resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./58/binderfs", [pid 6134] mkdir("./file1", 0777 [pid 6132] exit_group(0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6135] munmap(0x7ff1eb400000, 138412032 [pid 6134] <... mkdir resumed>) = 0 [pid 6133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6132] <... exit_group resumed>) = ? [pid 6134] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] unlink("./58/binderfs" [pid 6135] <... munmap resumed>) = 0 [pid 6133] <... openat resumed>) = 3 [pid 6132] +++ exited with 0 +++ [pid 5829] <... unlink resumed>) = 0 [pid 6133] chdir("./file1" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6132, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 116.979631][ T6134] loop3: detected capacity change from 0 to 1024 [pid 5829] getdents64(3, [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6133] <... chdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6135] <... openat resumed>) = 4 [pid 6133] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] close(3 [pid 6135] ioctl(4, LOOP_SET_FD, 3 [pid 6133] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 6133] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./58") = 0 [pid 5830] <... openat resumed>) = 3 [pid 6134] <... mount resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 6134] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] mkdir("./59", 0777 [pid 6134] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 5829] <... mkdir resumed>) = 0 [pid 6134] chdir("./file1") = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6134] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6134] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 6133] <... link resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] close(3) = 0 [pid 6133] sync( [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6136 attached [pid 6136] set_robust_list(0x5555934ed660, 24) = 0 [pid 5830] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6136] chdir("./59" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6136] <... chdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./61/file1", [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6136 [pid 6134] <... link resumed>) = 0 [pid 6136] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6136] <... prctl resumed>) = 0 [pid 6135] <... ioctl resumed>) = 0 [pid 5830] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6136] setpgid(0, 0 [pid 6135] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6135] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6135] close(4 [pid 6134] sync( [pid 5830] <... openat resumed>) = 4 [pid 6136] <... setpgid resumed>) = 0 [pid 6135] <... close resumed>) = 0 [pid 6136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6135] mkdir("./file1", 0777 [pid 5830] newfstatat(4, "", [pid 6136] <... openat resumed>) = 3 [pid 6135] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6136] write(3, "1000", 4 [pid 5830] getdents64(4, [pid 6136] <... write resumed>) = 4 [pid 6136] close(3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6136] <... close resumed>) = 0 [pid 6135] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] getdents64(4, [pid 6134] <... sync resumed>) = 0 [ 117.042592][ T6135] loop0: detected capacity change from 0 to 1024 [pid 6133] <... sync resumed>) = 0 executing program [pid 6136] symlink("/dev/binderfs", "./binderfs" [pid 6135] <... mount resumed>) = 0 [pid 6134] exit_group(0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6136] <... symlink resumed>) = 0 [pid 6135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6136] write(1, "executing program\n", 18 [pid 6135] <... openat resumed>) = 3 [pid 5830] close(4 [pid 6136] <... write resumed>) = 18 [pid 6134] <... exit_group resumed>) = ? [pid 6136] memfd_create("syzkaller", 0 [pid 6135] chdir("./file1" [pid 5830] <... close resumed>) = 0 [pid 6133] exit_group(0 [pid 6135] <... chdir resumed>) = 0 [pid 5830] rmdir("./61/file1" [pid 6134] +++ exited with 0 +++ [pid 5830] <... rmdir resumed>) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6136] <... memfd_create resumed>) = 3 [pid 6135] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6135] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6133] <... exit_group resumed>) = ? [pid 6136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6133] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6133, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5832] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(3, "", [pid 5830] unlink("./61/binderfs" [pid 5831] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(3, "", [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 6135] <... link resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 6135] sync( [pid 5831] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./61") = 0 [pid 5830] mkdir("./62", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 6136] <... write resumed>) = 524288 [pid 6136] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = 0 [pid 6136] <... openat resumed>) = 4 [pid 6135] <... sync resumed>) = 0 [pid 5832] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 6135] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 6135] <... exit_group resumed>) = ? [pid 5832] newfstatat(AT_FDCWD, "./57/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6136] ioctl(4, LOOP_SET_FD, 3 [pid 6135] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./53/file1", [pid 5832] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6135, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] newfstatat(4, "", [pid 5831] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6137 attached [pid 5832] getdents64(4, [pid 5831] getdents64(4, [pid 5828] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6137 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6137] set_robust_list(0x5555934ed660, 24 [pid 5832] getdents64(4, [pid 5828] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 5828] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(3, "", [pid 5831] close(4) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] rmdir("./53/file1" [pid 5828] getdents64(3, [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6136] <... ioctl resumed>) = 0 [pid 6137] <... set_robust_list resumed>) = 0 [pid 5832] close(4 [pid 5831] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5828] <... umount2 resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6137] chdir("./62" [pid 6136] close(3 [pid 5832] <... close resumed>) = 0 [pid 5831] unlink("./53/binderfs" [pid 5832] rmdir("./57/file1" [pid 6137] <... chdir resumed>) = 0 [pid 6136] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5828] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6136] close(4 [pid 6137] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6136] <... close resumed>) = 0 [pid 5832] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6137] <... prctl resumed>) = 0 [pid 6136] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(AT_FDCWD, "./57/file1", [pid 6137] setpgid(0, 0 [pid 6136] <... mkdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./57/binderfs", [pid 5831] close(3 [pid 6137] <... setpgid resumed>) = 0 [pid 6136] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] rmdir("./53" [pid 5828] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6137] <... openat resumed>) = 3 [pid 6137] write(3, "1000", 4 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6137] <... write resumed>) = 4 [pid 5831] mkdir("./54", 0777 [pid 5828] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6137] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6137] <... close resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 5832] unlink("./57/binderfs" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 117.186177][ T6136] loop1: detected capacity change from 0 to 1024 [pid 6137] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] getdents64(4, [pid 6137] <... symlink resumed>) = 0 [pid 5832] getdents64(3, [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6137] write(1, "executing program\n", 18 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5828] getdents64(4, executing program [pid 6137] <... write resumed>) = 18 [pid 5832] close(3 [pid 5831] close(3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] close(4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... close resumed>) = 0 ./strace-static-x86_64: Process 6138 attached [pid 6137] memfd_create("syzkaller", 0 [pid 5832] rmdir("./57" [pid 5828] rmdir("./57/file1" [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6138] set_robust_list(0x5555934ed660, 24 [pid 6137] <... memfd_create resumed>) = 3 [pid 5832] mkdir("./58", 0777 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6138 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6136] <... mount resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./57/binderfs", [pid 6136] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6136] chdir("./file1") = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... mkdir resumed>) = 0 [pid 6138] <... set_robust_list resumed>) = 0 [pid 6137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] unlink("./57/binderfs" [pid 6136] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6137] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... unlink resumed>) = 0 [pid 6138] chdir("./54" [pid 6136] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] getdents64(3, [pid 6138] <... chdir resumed>) = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6138] <... prctl resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 5832] close(3 [pid 6138] setpgid(0, 0 [pid 5832] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6138] <... setpgid resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] rmdir("./57"./strace-static-x86_64: Process 6139 attached [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... rmdir resumed>) = 0 [pid 6138] <... openat resumed>) = 3 [pid 6136] <... link resumed>) = 0 [pid 5828] mkdir("./58", 0777 [pid 6139] set_robust_list(0x5555934ed660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6139 [pid 5828] <... mkdir resumed>) = 0 [pid 6139] <... set_robust_list resumed>) = 0 [pid 6136] sync( [pid 6139] chdir("./58" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6138] close(3 [pid 6139] <... chdir resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6139] setpgid(0, 0 [pid 6138] <... close resumed>) = 0 [pid 5828] close(3 [pid 6138] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... close resumed>) = 0 [pid 6139] <... setpgid resumed>) = 0 [pid 6139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6137] <... write resumed>) = 524288 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6138] <... symlink resumed>) = 0 [pid 6139] write(3, "1000", 4) = 4 [pid 6139] close(3) = 0 [pid 6139] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6139] write(1, "executing program\n", 18) = 18 [pid 6139] memfd_create("syzkaller", 0) = 3 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 ./strace-static-x86_64: Process 6140 attached [pid 6138] write(1, "executing program\n", 18 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6136] <... sync resumed>) = 0 executing program [pid 6140] set_robust_list(0x5555934ed660, 24 [pid 6138] <... write resumed>) = 18 [pid 6137] munmap(0x7ff1eb400000, 138412032 [pid 6136] exit_group(0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6140 [pid 6136] <... exit_group resumed>) = ? [pid 6136] +++ exited with 0 +++ [pid 6140] <... set_robust_list resumed>) = 0 [pid 6138] memfd_create("syzkaller", 0 [pid 6137] <... munmap resumed>) = 0 [pid 6140] chdir("./58" [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6136, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6140] <... chdir resumed>) = 0 [pid 6138] <... memfd_create resumed>) = 3 [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6137] <... openat resumed>) = 4 [pid 6140] <... prctl resumed>) = 0 [pid 6138] <... mmap resumed>) = 0x7ff1eb400000 [pid 6137] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6140] setpgid(0, 0 [pid 6139] <... write resumed>) = 524288 [pid 6140] <... setpgid resumed>) = 0 [pid 5829] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6139] munmap(0x7ff1eb400000, 138412032 [pid 6140] <... openat resumed>) = 3 [pid 6138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6140] write(3, "1000", 4 [pid 6139] <... munmap resumed>) = 0 [pid 6140] <... write resumed>) = 4 [pid 6140] close(3 [pid 5829] <... umount2 resumed>) = 0 [pid 6140] <... close resumed>) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6140] symlink("/dev/binderfs", "./binderfs" [pid 6137] <... ioctl resumed>) = 0 [pid 6137] close(3 [pid 6140] <... symlink resumed>) = 0 [pid 6139] <... openat resumed>) = 4 [pid 6139] ioctl(4, LOOP_SET_FD, 3executing program [pid 6140] write(1, "executing program\n", 18 [pid 6137] <... close resumed>) = 0 [pid 5829] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6140] <... write resumed>) = 18 [pid 6139] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6138] <... write resumed>) = 524288 [pid 6137] close(4 [pid 6140] memfd_create("syzkaller", 0 [pid 6138] munmap(0x7ff1eb400000, 138412032 [pid 6137] <... close resumed>) = 0 [pid 6140] <... memfd_create resumed>) = 3 [pid 6139] ioctl(4, LOOP_CLR_FD [pid 6138] <... munmap resumed>) = 0 [pid 6137] mkdir("./file1", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6139] <... ioctl resumed>) = 0 [pid 6137] <... mkdir resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./59/file1", [pid 6138] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6137] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6139] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6139] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6138] <... openat resumed>) = 4 [pid 5829] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6139] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6139] <... close resumed>) = 0 [ 117.354206][ T6137] loop2: detected capacity change from 0 to 1024 [pid 6138] ioctl(4, LOOP_SET_FD, 3 [pid 5829] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6140] <... mmap resumed>) = 0x7ff1eb400000 [pid 6139] close(3 [pid 6140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6139] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 6139] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5829] newfstatat(4, "", [pid 6139] sync( [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 6137] <... mount resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] close(4 [pid 6137] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 6137] chdir("./file1" [pid 5829] rmdir("./59/file1" [pid 6137] <... chdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6137] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6137] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./59/binderfs") = 0 [pid 6137] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] getdents64(3, [pid 6140] <... write resumed>) = 524288 [pid 6139] <... sync resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6139] exit_group(0) = ? [pid 5829] close(3 [pid 6139] +++ exited with 0 +++ [pid 5829] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6139, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] rmdir("./59" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6138] <... ioctl resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6138] close(3 [pid 5832] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6138] <... close resumed>) = 0 [pid 5829] mkdir("./60", 0777 [pid 6140] munmap(0x7ff1eb400000, 138412032 [pid 6138] close(4 [pid 5832] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... mkdir resumed>) = 0 [pid 6138] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 6140] <... munmap resumed>) = 0 [pid 6138] mkdir("./file1", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6138] <... mkdir resumed>) = 0 [pid 5832] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6140] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6138] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6140] <... openat resumed>) = 4 [ 117.416688][ T6138] loop3: detected capacity change from 0 to 1024 [pid 5832] newfstatat(AT_FDCWD, "./58/binderfs", [pid 6140] ioctl(4, LOOP_SET_FD, 3 [pid 6137] <... link resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5832] unlink("./58/binderfs") = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 6137] sync( [pid 5832] rmdir("./58" [pid 5829] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] mkdir("./59", 0777./strace-static-x86_64: Process 6141 attached ) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6141] set_robust_list(0x5555934ed660, 24 [pid 5832] <... openat resumed>) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6141 [pid 6141] <... set_robust_list resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6141] chdir("./60" [pid 5832] close(3 [pid 6141] <... chdir resumed>) = 0 [pid 6140] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6140] close(3 [pid 6141] <... prctl resumed>) = 0 [pid 6140] <... close resumed>) = 0 [pid 6141] setpgid(0, 0 [pid 6140] close(4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6141] <... setpgid resumed>) = 0 [pid 6140] <... close resumed>) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6140] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 6142 attached [pid 6141] <... openat resumed>) = 3 [pid 6140] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6138] <... mount resumed>) = 0 [pid 6142] set_robust_list(0x5555934ed660, 24 [pid 6141] write(3, "1000", 4 [pid 6142] <... set_robust_list resumed>) = 0 [pid 6141] <... write resumed>) = 4 [pid 6138] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6142 [pid 6141] close(3 [pid 6138] <... openat resumed>) = 3 [pid 6141] <... close resumed>) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] write(1, "executing program\n", 18 [pid 6138] chdir("./file1" [pid 6142] chdir("./59"executing program [ 117.478956][ T6140] loop0: detected capacity change from 0 to 1024 ) = 0 [pid 6141] <... write resumed>) = 18 [pid 6138] <... chdir resumed>) = 0 [pid 6142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] memfd_create("syzkaller", 0 [pid 6138] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6142] setpgid(0, 0 [pid 6138] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6142] <... setpgid resumed>) = 0 [pid 6141] <... memfd_create resumed>) = 3 [pid 6138] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6142] <... openat resumed>) = 3 [pid 6142] write(3, "1000", 4 [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6142] <... write resumed>) = 4 [pid 6142] close(3) = 0 [pid 6140] <... mount resumed>) = 0 [pid 6142] symlink("/dev/binderfs", "./binderfs" [pid 6140] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6142] <... symlink resumed>) = 0 [pid 6140] <... openat resumed>) = 3 [pid 6142] write(1, "executing program\n", 18 executing program [pid 6140] chdir("./file1" [pid 6142] <... write resumed>) = 18 [pid 6141] <... write resumed>) = 524288 [pid 6140] <... chdir resumed>) = 0 [pid 6137] <... sync resumed>) = 0 [pid 6142] memfd_create("syzkaller", 0 [pid 6137] exit_group(0 [pid 6142] <... memfd_create resumed>) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6140] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6137] <... exit_group resumed>) = ? [pid 6142] <... mmap resumed>) = 0x7ff1eb400000 [pid 6141] munmap(0x7ff1eb400000, 138412032 [pid 6140] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6138] <... link resumed>) = 0 [pid 6137] +++ exited with 0 +++ [pid 6140] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6138] sync( [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6137, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6141] <... munmap resumed>) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... restart_syscall resumed>) = 0 [pid 6141] <... openat resumed>) = 4 [pid 6141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6142] <... write resumed>) = 524288 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6140] <... link resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6142] munmap(0x7ff1eb400000, 138412032 [pid 6140] sync( [pid 5830] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6142] <... munmap resumed>) = 0 [pid 6138] <... sync resumed>) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6141] close(3 [pid 6140] <... sync resumed>) = 0 [pid 6138] exit_group(0) = ? [pid 6142] <... openat resumed>) = 4 [pid 6138] +++ exited with 0 +++ [pid 6142] ioctl(4, LOOP_SET_FD, 3 [pid 6140] exit_group(0 [pid 6141] <... close resumed>) = 0 [pid 6141] close(4 [pid 6140] <... exit_group resumed>) = ? [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6141] <... close resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6141] mkdir("./file1", 0777 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6141] <... mkdir resumed>) = 0 [pid 6140] +++ exited with 0 +++ [pid 5831] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6141] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] newfstatat(3, "", [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6142] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6142] close(3 [pid 6141] <... mount resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./62/file1", [pid 5828] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6142] <... close resumed>) = 0 [pid 6141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 117.610161][ T6141] loop1: detected capacity change from 0 to 1024 [ 117.644300][ T6142] loop4: detected capacity change from 0 to 1024 [pid 6142] close(4 [pid 6141] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 6142] <... close resumed>) = 0 [pid 6141] chdir("./file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6142] mkdir("./file1", 0777 [pid 6141] <... chdir resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6141] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6141] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] getdents64(3, [pid 6141] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6142] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(4, "", [pid 5828] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./54/file1") = 0 [pid 5831] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./54/binderfs", [pid 6142] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6141] <... link resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6142] <... mount resumed>) = 0 [pid 6141] sync( [pid 5831] unlink("./54/binderfs" [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6142] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(4, [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6142] <... openat resumed>) = 3 [pid 6141] <... sync resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] close(4 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./54") = 0 [pid 5831] mkdir("./55", 0777 [pid 6142] chdir("./file1" [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6142] <... chdir resumed>) = 0 [pid 6141] exit_group(0 [pid 5830] rmdir("./62/file1" [pid 5828] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6141] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3 [pid 6141] +++ exited with 0 +++ [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6142] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6143 ./strace-static-x86_64: Process 6143 attached [pid 6143] set_robust_list(0x5555934ed660, 24) = 0 [pid 6143] chdir("./55" [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] newfstatat(AT_FDCWD, "./58/file1", [pid 6142] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6142] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] newfstatat(AT_FDCWD, "./62/binderfs", [pid 5829] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6143] <... chdir resumed>) = 0 [pid 6143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6143] setpgid(0, 0) = 0 [pid 6143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] unlink("./62/binderfs" [pid 5829] newfstatat(3, "", [pid 6143] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6143] write(3, "1000", 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(4, "", [pid 6143] <... write resumed>) = 4 [pid 5830] getdents64(3, [pid 5829] getdents64(3, [pid 6143] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6143] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6143] symlink("/dev/binderfs", "./binderfs" [pid 5828] getdents64(4, [pid 6143] <... symlink resumed>) = 0 executing program [pid 5830] close(3 [pid 5829] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6143] write(1, "executing program\n", 18 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6143] <... write resumed>) = 18 [pid 5830] <... close resumed>) = 0 [pid 5828] getdents64(4, [pid 5830] rmdir("./62" [pid 6143] memfd_create("syzkaller", 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6143] <... memfd_create resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] close(4 [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... close resumed>) = 0 [pid 6143] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] rmdir("./58/file1" [pid 6142] <... link resumed>) = 0 [pid 5830] mkdir("./63", 0777 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6142] sync( [pid 5830] <... mkdir resumed>) = 0 [pid 5829] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] newfstatat(AT_FDCWD, "./60/file1", [pid 5828] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... openat resumed>) = 3 [pid 5829] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... openat resumed>) = 4 [pid 6142] <... sync resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5828] unlink("./58/binderfs" [pid 6142] exit_group(0 [pid 5830] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6142] <... exit_group resumed>) = ? [pid 5829] getdents64(4, [pid 5828] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6142] +++ exited with 0 +++ [pid 5828] close(3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6142, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] <... close resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] getdents64(4, [pid 5828] rmdir("./58" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5830] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6143] <... write resumed>) = 524288 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 6143] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5829] rmdir("./60/file1" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6143] <... munmap resumed>) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6143] <... openat resumed>) = 4 [pid 5828] mkdir("./59", 0777 [pid 6143] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6144 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6144 attached [pid 5832] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./60/binderfs", [pid 5828] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] newfstatat(AT_FDCWD, "./59/file1", [pid 5829] unlink("./60/binderfs" [pid 5828] <... ioctl resumed>) = 0 [pid 6144] set_robust_list(0x5555934ed660, 24 [pid 5828] close(3 [pid 6144] <... set_robust_list resumed>) = 0 [pid 6144] chdir("./63" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6144] <... chdir resumed>) = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 6145 attached [pid 6144] setpgid(0, 0 [pid 5832] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6144] <... setpgid resumed>) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... openat resumed>) = 4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6145 [pid 5832] newfstatat(4, "", [pid 5829] close(3 [pid 6144] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./60" [pid 5832] getdents64(4, [pid 6145] set_robust_list(0x5555934ed660, 24 [pid 6144] write(3, "1000", 4 executing program [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... rmdir resumed>) = 0 [pid 6145] <... set_robust_list resumed>) = 0 [pid 5832] getdents64(4, [pid 5829] mkdir("./61", 0777 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6144] <... write resumed>) = 4 [pid 6144] close(3 [pid 6143] <... ioctl resumed>) = 0 [pid 6144] <... close resumed>) = 0 [pid 6144] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... mkdir resumed>) = 0 [pid 5832] close(4 [pid 6145] chdir("./59" [pid 6144] <... symlink resumed>) = 0 [pid 6143] close(3 [pid 5832] <... close resumed>) = 0 [pid 6144] write(1, "executing program\n", 18 [pid 6143] <... close resumed>) = 0 [pid 6144] <... write resumed>) = 18 [pid 6143] close(4 [pid 5832] rmdir("./59/file1" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6144] memfd_create("syzkaller", 0 [pid 6143] <... close resumed>) = 0 [pid 6144] <... memfd_create resumed>) = 3 [pid 6143] mkdir("./file1", 0777 [pid 5832] <... rmdir resumed>) = 0 [pid 6145] <... chdir resumed>) = 0 [pid 6143] <... mkdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6145] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6145] <... prctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... ioctl resumed>) = 0 [pid 6145] setpgid(0, 0 [pid 6144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] newfstatat(AT_FDCWD, "./59/binderfs", [pid 5829] close(3 [pid 6145] <... setpgid resumed>) = 0 [pid 6144] <... mmap resumed>) = 0x7ff1eb400000 [pid 6145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6143] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 6145] <... openat resumed>) = 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6146 attached [pid 6145] write(3, "1000", 4) = 4 [ 117.838519][ T6143] loop3: detected capacity change from 0 to 1024 [pid 6145] close(3 [pid 5832] unlink("./59/binderfs" [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6146 [pid 6146] set_robust_list(0x5555934ed660, 24 [pid 6145] <... close resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 6146] <... set_robust_list resumed>) = 0 [pid 6145] symlink("/dev/binderfs", "./binderfs" [pid 6146] chdir("./61" [pid 6145] <... symlink resumed>) = 0 [pid 5832] getdents64(3, [pid 6146] <... chdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6146] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] close(3 [pid 6146] <... prctl resumed>) = 0 executing program [pid 5832] <... close resumed>) = 0 [pid 6146] setpgid(0, 0 [pid 6145] write(1, "executing program\n", 18 [pid 5832] rmdir("./59" [pid 6145] <... write resumed>) = 18 [pid 6146] <... setpgid resumed>) = 0 [pid 6146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6145] memfd_create("syzkaller", 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6146] <... openat resumed>) = 3 [pid 6146] write(3, "1000", 4 [pid 6145] <... memfd_create resumed>) = 3 [pid 6146] <... write resumed>) = 4 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6146] close(3 [pid 6145] <... mmap resumed>) = 0x7ff1eb400000 [pid 6146] <... close resumed>) = 0 [pid 6145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] mkdir("./60", 0777 [pid 6146] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... mkdir resumed>) = 0 [pid 6146] <... symlink resumed>) = 0 executing program [pid 6146] write(1, "executing program\n", 18 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6146] <... write resumed>) = 18 [pid 6146] memfd_create("syzkaller", 0 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 6146] <... memfd_create resumed>) = 3 [pid 5832] close(3) = 0 [pid 6146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6143] <... mount resumed>) = 0 [pid 6143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6143] chdir("./file1"./strace-static-x86_64: Process 6147 attached ) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6147 [pid 6147] set_robust_list(0x5555934ed660, 24 [pid 6145] <... write resumed>) = 524288 [pid 6147] <... set_robust_list resumed>) = 0 [pid 6147] chdir("./60" [pid 6146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6147] <... chdir resumed>) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6144] <... write resumed>) = 524288 [pid 6143] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6143] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6147] <... prctl resumed>) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6146] <... write resumed>) = 524288 [pid 6145] munmap(0x7ff1eb400000, 138412032 [pid 6146] munmap(0x7ff1eb400000, 138412032 [pid 6145] <... munmap resumed>) = 0 [pid 6146] <... munmap resumed>) = 0 [pid 6144] munmap(0x7ff1eb400000, 138412032 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6146] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6145] <... openat resumed>) = 4 [pid 6147] write(3, "1000", 4 [pid 6146] <... openat resumed>) = 4 [pid 6145] ioctl(4, LOOP_SET_FD, 3 [pid 6144] <... munmap resumed>) = 0 [pid 6146] ioctl(4, LOOP_SET_FD, 3 [pid 6145] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6147] <... write resumed>) = 4 [pid 6145] ioctl(4, LOOP_CLR_FD [pid 6147] close(3 [pid 6145] <... ioctl resumed>) = 0 [pid 6147] <... close resumed>) = 0 [pid 6144] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6143] <... link resumed>) = 0 [pid 6144] <... openat resumed>) = 4 [pid 6143] sync( [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6147] write(1, "executing program\n", 18 [pid 6145] ioctl(4, LOOP_SET_FD, 3 [pid 6147] <... write resumed>) = 18 [pid 6145] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6144] ioctl(4, LOOP_SET_FD, 3 [pid 6147] memfd_create("syzkaller", 0 [pid 6145] close(4 [pid 6147] <... memfd_create resumed>) = 3 [pid 6145] <... close resumed>) = 0 [pid 6147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6145] close(3 [pid 6147] <... mmap resumed>) = 0x7ff1eb400000 [pid 6145] <... close resumed>) = 0 [pid 6147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6146] <... ioctl resumed>) = 0 [pid 6144] <... ioctl resumed>) = 0 [pid 6146] close(3 [pid 6145] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6146] <... close resumed>) = 0 [pid 6145] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6146] close(4 [pid 6145] sync( [pid 6146] <... close resumed>) = 0 [pid 6146] mkdir("./file1", 0777) = 0 [pid 6146] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6143] <... sync resumed>) = 0 [pid 6143] exit_group(0 [pid 6144] close(3 [pid 6143] <... exit_group resumed>) = ? [pid 6144] <... close resumed>) = 0 [ 117.974039][ T6146] loop1: detected capacity change from 0 to 1024 [ 117.990676][ T6144] loop2: detected capacity change from 0 to 1024 [pid 6143] +++ exited with 0 +++ [pid 6144] close(4) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6143, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6144] mkdir("./file1", 0777 [pid 6147] <... write resumed>) = 524288 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6147] munmap(0x7ff1eb400000, 138412032 [pid 6146] <... mount resumed>) = 0 [pid 6144] <... mkdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6147] <... munmap resumed>) = 0 [pid 6146] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6145] <... sync resumed>) = 0 [pid 6145] exit_group(0 [pid 6146] <... openat resumed>) = 3 [pid 6145] <... exit_group resumed>) = ? [pid 5831] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6146] chdir("./file1" [pid 6145] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6145, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] <... openat resumed>) = 3 [pid 6147] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6146] <... chdir resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6147] <... openat resumed>) = 4 [pid 6146] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6144] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6147] ioctl(4, LOOP_SET_FD, 3 [pid 6146] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6147] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6147] ioctl(4, LOOP_CLR_FD [pid 6146] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6147] <... ioctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6147] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6147] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6147] close(4 [pid 5828] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6147] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6147] close(3 [pid 5828] newfstatat(AT_FDCWD, "./59/binderfs", [pid 5831] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./59/binderfs" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... unlink resumed>) = 0 [pid 5831] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6144] <... mount resumed>) = 0 [pid 5828] getdents64(3, [pid 6144] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 6147] <... close resumed>) = 0 [pid 6144] <... openat resumed>) = 3 [pid 5828] rmdir("./59" [pid 6144] chdir("./file1") = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6144] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6144] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] mkdir("./60", 0777 [pid 6147] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5828] <... mkdir resumed>) = 0 [pid 6147] sync( [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6146] <... link resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6146] sync( [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6148 attached [pid 6148] set_robust_list(0x5555934ed660, 24) = 0 [pid 6148] chdir("./60" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6148 [pid 6148] <... chdir resumed>) = 0 [pid 6148] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... umount2 resumed>) = 0 [pid 6148] <... prctl resumed>) = 0 [pid 6148] setpgid(0, 0 [pid 6144] <... link resumed>) = 0 [pid 5831] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6144] sync( [pid 6148] <... setpgid resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./55/file1", [pid 6148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6148] <... openat resumed>) = 3 [pid 6148] write(3, "1000", 4) = 4 [pid 6148] close(3) = 0 [pid 6148] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6148] <... symlink resumed>) = 0 executing program [pid 6148] write(1, "executing program\n", 18) = 18 [pid 6148] memfd_create("syzkaller", 0) = 3 [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6147] <... sync resumed>) = 0 [pid 6146] <... sync resumed>) = 0 [pid 6144] <... sync resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6147] exit_group(0 [pid 6146] exit_group(0 [pid 6144] exit_group(0 [pid 5831] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6146] <... exit_group resumed>) = ? [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6148] <... mmap resumed>) = 0x7ff1eb400000 [pid 6147] <... exit_group resumed>) = ? [pid 6144] <... exit_group resumed>) = ? [pid 5831] getdents64(4, [pid 6148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6147] +++ exited with 0 +++ [pid 6144] +++ exited with 0 +++ [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6146] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6144, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6146, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5832] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5829] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5832] newfstatat(3, "", [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./55/file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 5830] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] getdents64(3, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./60/binderfs" [pid 6148] <... write resumed>) = 524288 [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./55/binderfs", [pid 5830] <... umount2 resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./55/binderfs" [pid 6148] munmap(0x7ff1eb400000, 138412032 [pid 5832] getdents64(3, [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 6148] <... munmap resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3 [pid 5830] newfstatat(AT_FDCWD, "./63/file1", [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6148] <... openat resumed>) = 4 [pid 5832] rmdir("./60" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6148] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 5829] newfstatat(AT_FDCWD, "./61/file1", [pid 5830] newfstatat(4, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] mkdir("./61", 0777 [pid 5831] rmdir("./55" [pid 5830] getdents64(4, [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] mkdir("./56", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... mkdir resumed>) = 0 [pid 5830] close(4 [pid 5829] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5832] <... openat resumed>) = 3 [pid 5830] rmdir("./63/file1" [pid 5831] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... rmdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5831] close(3 [pid 5829] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(4./strace-static-x86_64: Process 6149 attached [pid 5830] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5829] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6149 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] rmdir("./61/file1" [pid 6149] set_robust_list(0x5555934ed660, 24 [pid 5830] unlink("./63/binderfs" [pid 5829] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6150 attached [pid 6149] <... set_robust_list resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6150 [pid 5830] getdents64(3, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6150] set_robust_list(0x5555934ed660, 24 [pid 6149] chdir("./56" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] newfstatat(AT_FDCWD, "./61/binderfs", [pid 6149] <... chdir resumed>) = 0 [pid 5830] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6149] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... close resumed>) = 0 [pid 6149] <... prctl resumed>) = 0 [pid 6150] <... set_robust_list resumed>) = 0 [pid 6149] setpgid(0, 0 [pid 5830] rmdir("./63" [pid 5829] unlink("./61/binderfs" [pid 6150] chdir("./61" [pid 6149] <... setpgid resumed>) = 0 [pid 6148] <... ioctl resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6150] <... chdir resumed>) = 0 [pid 6149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6148] close(3 [pid 6150] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6148] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 6150] <... prctl resumed>) = 0 [pid 6148] close(4 [pid 5830] mkdir("./64", 0777 [pid 6150] setpgid(0, 0 [pid 6148] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6150] <... setpgid resumed>) = 0 [pid 6148] mkdir("./file1", 0777 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] close(3 [pid 6150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6148] <... mkdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./61" [pid 6150] <... openat resumed>) = 3 [pid 5829] <... rmdir resumed>) = 0 [pid 6148] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6150] write(3, "1000", 4 [pid 6149] <... openat resumed>) = 3 [pid 5829] mkdir("./62", 0777 [pid 6150] <... write resumed>) = 4 [pid 5829] <... mkdir resumed>) = 0 [pid 6150] close(3) = 0 [pid 6150] symlink("/dev/binderfs", "./binderfs" [pid 6149] write(3, "1000", 4 [pid 6150] <... symlink resumed>) = 0 [pid 6149] <... write resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 6149] close(3) = 0 [pid 6149] symlink("/dev/binderfs", "./binderfs" [pid 5830] ioctl(3, LOOP_CLR_FDexecuting program [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6150] write(1, "executing program\n", 18 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6150] <... write resumed>) = 18 [ 118.212364][ T6148] loop0: detected capacity change from 0 to 1024 [pid 6149] <... symlink resumed>) = 0 [pid 5830] close(3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6150] memfd_create("syzkaller", 0 [pid 6149] write(1, "executing program\n", 18 [pid 5830] <... close resumed>) = 0 executing program [pid 6150] <... memfd_create resumed>) = 3 [pid 5829] <... ioctl resumed>) = 0 [pid 6149] <... write resumed>) = 18 [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] close(3 [pid 6150] <... mmap resumed>) = 0x7ff1eb400000 [pid 6149] memfd_create("syzkaller", 0 [pid 5829] <... close resumed>) = 0 [pid 6150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6149] <... memfd_create resumed>) = 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 ./strace-static-x86_64: Process 6151 attached [pid 6151] set_robust_list(0x5555934ed660, 24) = 0 [pid 6151] chdir("./62") = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6151 [pid 6151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6151] setpgid(0, 0) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6152 attached [pid 6152] set_robust_list(0x5555934ed660, 24 [pid 6151] <... openat resumed>) = 3 [pid 6149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6152] <... set_robust_list resumed>) = 0 [pid 6152] chdir("./64" [pid 6151] write(3, "1000", 4) = 4 [pid 6151] close(3 [pid 6152] <... chdir resumed>) = 0 [pid 6151] <... close resumed>) = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6151] symlink("/dev/binderfs", "./binderfs" [pid 6152] <... prctl resumed>) = 0 [pid 6151] <... symlink resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6152 [pid 6152] setpgid(0, 0 [pid 6150] <... write resumed>) = 524288 executing program [pid 6152] <... setpgid resumed>) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6151] write(1, "executing program\n", 18) = 18 [pid 6151] memfd_create("syzkaller", 0 [pid 6152] write(3, "1000", 4 [pid 6151] <... memfd_create resumed>) = 3 [pid 6152] <... write resumed>) = 4 [pid 6151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6152] close(3 [pid 6151] <... mmap resumed>) = 0x7ff1eb400000 [pid 6152] <... close resumed>) = 0 [pid 6149] <... write resumed>) = 524288 [pid 6148] <... mount resumed>) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs" [pid 6150] munmap(0x7ff1eb400000, 138412032 [pid 6148] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6152] <... symlink resumed>) = 0 [pid 6150] <... munmap resumed>) = 0 [pid 6148] <... openat resumed>) = 3 executing program [pid 6152] write(1, "executing program\n", 18 [pid 6148] chdir("./file1" [pid 6152] <... write resumed>) = 18 [pid 6148] <... chdir resumed>) = 0 [pid 6152] memfd_create("syzkaller", 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6152] <... memfd_create resumed>) = 3 [pid 6151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6150] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6148] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6150] <... openat resumed>) = 4 [pid 6152] <... mmap resumed>) = 0x7ff1eb400000 [pid 6150] ioctl(4, LOOP_SET_FD, 3 [pid 6152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6151] <... write resumed>) = 524288 [pid 6152] <... write resumed>) = 524288 [pid 6149] munmap(0x7ff1eb400000, 138412032 [pid 6148] <... link resumed>) = 0 [pid 6149] <... munmap resumed>) = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6151] munmap(0x7ff1eb400000, 138412032 [pid 6148] sync( [pid 6151] <... munmap resumed>) = 0 [pid 6149] <... openat resumed>) = 4 [pid 6151] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6149] ioctl(4, LOOP_SET_FD, 3 [pid 6151] <... openat resumed>) = 4 [pid 6151] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6151] ioctl(4, LOOP_CLR_FD) = 0 [pid 6150] <... ioctl resumed>) = 0 [pid 6150] close(3) = 0 [pid 6152] munmap(0x7ff1eb400000, 138412032 [pid 6151] ioctl(4, LOOP_SET_FD, 3 [pid 6150] close(4 [pid 6152] <... munmap resumed>) = 0 [pid 6151] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6151] close(4) = 0 [pid 6151] close(3 [pid 6150] <... close resumed>) = 0 [pid 6150] mkdir("./file1", 0777) = 0 [pid 6152] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 118.330225][ T6150] loop4: detected capacity change from 0 to 1024 [ 118.367776][ T6149] loop3: detected capacity change from 0 to 1024 [pid 6152] ioctl(4, LOOP_SET_FD, 3 [pid 6151] <... close resumed>) = 0 [pid 6150] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6151] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6151] sync( [pid 6152] <... ioctl resumed>) = 0 [pid 6150] <... mount resumed>) = 0 [pid 6149] <... ioctl resumed>) = 0 [pid 6148] <... sync resumed>) = 0 [pid 6150] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6148] exit_group(0 [pid 6150] chdir("./file1" [pid 6152] close(3 [pid 6151] <... sync resumed>) = 0 [pid 6150] <... chdir resumed>) = 0 [pid 6151] exit_group(0 [pid 6150] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6149] close(3 [pid 6148] <... exit_group resumed>) = ? [pid 6151] <... exit_group resumed>) = ? [pid 6150] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6150] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6148] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6148, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6152] <... close resumed>) = 0 [pid 6149] <... close resumed>) = 0 [pid 6152] close(4 [pid 6151] +++ exited with 0 +++ [pid 6149] close(4 [pid 6152] <... close resumed>) = 0 [pid 6149] <... close resumed>) = 0 [pid 6152] mkdir("./file1", 0777) = 0 [pid 6149] mkdir("./file1", 0777 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6151, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] <... restart_syscall resumed>) = 0 [pid 6152] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6149] <... mkdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [ 118.383307][ T6152] loop2: detected capacity change from 0 to 1024 [pid 6149] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] newfstatat(3, "", [pid 5829] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6150] <... link resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5828] getdents64(3, [pid 6150] sync( [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] getdents64(3, [pid 5828] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./62/binderfs" [pid 6152] <... mount resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 6152] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6152] <... openat resumed>) = 3 [pid 5829] close(3 [pid 6152] chdir("./file1" [pid 5829] <... close resumed>) = 0 [pid 6152] <... chdir resumed>) = 0 [pid 5829] rmdir("./62" [pid 6152] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... rmdir resumed>) = 0 [pid 6152] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] mkdir("./63", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6152] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6153 attached [pid 6149] <... mount resumed>) = 0 [pid 6153] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6153 [pid 6153] <... set_robust_list resumed>) = 0 [pid 6153] chdir("./63" [pid 6149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6153] <... chdir resumed>) = 0 [pid 6153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6153] setpgid(0, 0) = 0 [pid 6153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6149] <... openat resumed>) = 3 [pid 6153] <... openat resumed>) = 3 [pid 6152] <... link resumed>) = 0 [pid 6149] chdir("./file1" [pid 6153] write(3, "1000", 4) = 4 [pid 6153] close(3) = 0 [pid 6153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6152] sync( [pid 6149] <... chdir resumed>) = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6153] write(1, "executing program\n", 18 [pid 6149] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 6149] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... umount2 resumed>) = 0 [pid 6153] <... write resumed>) = 18 [pid 6153] memfd_create("syzkaller", 0) = 3 [pid 5828] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./60/file1", [pid 6150] <... sync resumed>) = 0 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6153] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6150] exit_group(0 [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 6149] <... link resumed>) = 0 [pid 6150] <... exit_group resumed>) = ? [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 6150] +++ exited with 0 +++ [pid 6149] sync( [pid 5828] rmdir("./60/file1") = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6150, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6152] <... sync resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6153] <... write resumed>) = 524288 [pid 6152] exit_group(0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./60/binderfs" [pid 5832] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... unlink resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 6152] <... exit_group resumed>) = ? [pid 5832] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6152] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 5828] close(3 [pid 5832] newfstatat(3, "", [pid 5828] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] rmdir("./60" [pid 5832] getdents64(3, [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... rmdir resumed>) = 0 [pid 5832] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] mkdir("./61", 0777) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6153] munmap(0x7ff1eb400000, 138412032 [pid 5830] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] close(3 [pid 6153] <... munmap resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6154 attached [pid 6149] <... sync resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 6153] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6153] <... openat resumed>) = 4 [pid 5832] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 6149] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6154] set_robust_list(0x5555934ed660, 24 [pid 6153] ioctl(4, LOOP_SET_FD, 3 [pid 6149] <... exit_group resumed>) = ? [pid 5832] newfstatat(AT_FDCWD, "./61/file1", [pid 5830] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6154] <... set_robust_list resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6154 [pid 6154] chdir("./61" [pid 6149] +++ exited with 0 +++ [pid 5832] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6149, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6154] <... chdir resumed>) = 0 [pid 6153] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6154] setpgid(0, 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6154] <... setpgid resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 6154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] newfstatat(4, "", [pid 5830] <... umount2 resumed>) = 0 [pid 6154] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 6154] write(3, "1000", 4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6154] <... write resumed>) = 4 [pid 5832] getdents64(4, [pid 5830] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6154] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6154] <... close resumed>) = 0 [pid 5832] close(4 [pid 5830] newfstatat(AT_FDCWD, "./64/file1", executing program [pid 6154] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... close resumed>) = 0 [pid 5831] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6154] <... symlink resumed>) = 0 [pid 5832] rmdir("./61/file1" [pid 5831] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6154] write(1, "executing program\n", 18 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(3, "", [pid 6154] <... write resumed>) = 18 [pid 5832] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 5832] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5830] newfstatat(4, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6154] memfd_create("syzkaller", 0 [pid 5832] unlink("./61/binderfs" [pid 5830] getdents64(4, [pid 6154] <... memfd_create resumed>) = 3 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6154] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] getdents64(4, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(3, [pid 5832] close(3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... close resumed>) = 0 [pid 5831] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(4 [pid 6153] close(3 [pid 5832] rmdir("./61" [pid 5830] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] rmdir("./64/file1" [pid 6153] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6153] close(4) = 0 [pid 5832] mkdir("./62", 0777 [pid 6153] mkdir("./file1", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6153] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./64/binderfs", [pid 6153] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] unlink("./64/binderfs") = 0 [pid 5832] close(3) = 0 [pid 5830] getdents64(3, [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6155 attached [pid 5830] close(3) = 0 [pid 5830] rmdir("./64") = 0 [pid 6155] set_robust_list(0x5555934ed660, 24 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] mkdir("./65", 0777 [pid 6155] <... set_robust_list resumed>) = 0 [pid 5831] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [ 118.601968][ T6153] loop1: detected capacity change from 0 to 1024 [pid 6155] chdir("./62") = 0 [pid 6154] <... write resumed>) = 524288 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6155] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] newfstatat(AT_FDCWD, "./56/file1", [pid 6155] <... prctl resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6155 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6155] setpgid(0, 0) = 0 [pid 6155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 6155] <... openat resumed>) = 3 [pid 6155] write(3, "1000", 4) = 4 [pid 6155] close(3) = 0 [pid 6154] munmap(0x7ff1eb400000, 138412032 [pid 6155] symlink("/dev/binderfs", "./binderfs" [pid 6154] <... munmap resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6155] <... symlink resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... ioctl resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5830] close(3executing program [pid 6155] write(1, "executing program\n", 18 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 6155] <... write resumed>) = 18 [pid 6154] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6155] memfd_create("syzkaller", 0 [pid 5831] getdents64(4, [pid 6154] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6156 attached [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6156] set_robust_list(0x5555934ed660, 24 [pid 6155] <... memfd_create resumed>) = 3 [pid 5831] getdents64(4, [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6156 [pid 6156] <... set_robust_list resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6156] chdir("./65" [pid 6155] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] close(4 [pid 6155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6153] <... mount resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./56/file1" [pid 6153] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 6153] <... openat resumed>) = 3 [pid 6153] chdir("./file1") = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6156] <... chdir resumed>) = 0 [pid 6153] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6153] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] newfstatat(AT_FDCWD, "./56/binderfs", [pid 6156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6156] setpgid(0, 0 [pid 5831] unlink("./56/binderfs" [pid 6156] <... setpgid resumed>) = 0 [pid 6156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./56" [pid 6156] <... openat resumed>) = 3 [pid 5831] <... rmdir resumed>) = 0 [pid 6156] write(3, "1000", 4 [pid 6155] <... write resumed>) = 524288 [pid 5831] mkdir("./57", 0777 [pid 6156] <... write resumed>) = 4 [pid 6156] close(3) = 0 [pid 6156] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... mkdir resumed>) = 0 executing program [pid 6156] <... symlink resumed>) = 0 [pid 6153] <... link resumed>) = 0 [pid 6156] write(1, "executing program\n", 18) = 18 [pid 6154] <... ioctl resumed>) = 0 [pid 6153] sync( [pid 6154] close(3 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6156] memfd_create("syzkaller", 0) = 3 [pid 6154] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6154] close(4) = 0 [ 118.679191][ T6154] loop0: detected capacity change from 0 to 1024 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6156] <... mmap resumed>) = 0x7ff1eb400000 [pid 6154] mkdir("./file1", 0777 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 6154] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6157 attached [pid 6155] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6154] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6155] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6157 [pid 6155] ioctl(4, LOOP_SET_FD, 3 [pid 6157] set_robust_list(0x5555934ed660, 24 [pid 6153] <... sync resumed>) = 0 [pid 6153] exit_group(0 [pid 6157] <... set_robust_list resumed>) = 0 [pid 6153] <... exit_group resumed>) = ? [pid 6157] chdir("./57") = 0 [pid 6154] <... mount resumed>) = 0 [pid 6153] +++ exited with 0 +++ [pid 6154] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6154] chdir("./file1") = 0 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6153, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6154] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6154] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6157] <... prctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6157] setpgid(0, 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 6157] <... setpgid resumed>) = 0 [pid 6156] <... write resumed>) = 524288 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6156] munmap(0x7ff1eb400000, 138412032 [pid 6157] <... openat resumed>) = 3 [pid 6156] <... munmap resumed>) = 0 [pid 6157] write(3, "1000", 4) = 4 [pid 6157] close(3) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs" [pid 6156] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6155] <... ioctl resumed>) = 0 [pid 6155] close(3) = 0 [pid 6157] <... symlink resumed>) = 0 [pid 6156] <... openat resumed>) = 4 [pid 6155] close(4executing program [pid 6157] write(1, "executing program\n", 18 [pid 6154] <... link resumed>) = 0 [pid 6156] ioctl(4, LOOP_SET_FD, 3 [pid 6157] <... write resumed>) = 18 [pid 6156] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6155] <... close resumed>) = 0 [pid 6154] sync( [pid 6155] mkdir("./file1", 0777 [pid 6156] ioctl(4, LOOP_CLR_FD [pid 6157] memfd_create("syzkaller", 0 [pid 6155] <... mkdir resumed>) = 0 [pid 6157] <... memfd_create resumed>) = 3 [pid 6155] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6156] <... ioctl resumed>) = 0 [pid 6157] <... mmap resumed>) = 0x7ff1eb400000 [ 118.747824][ T6155] loop4: detected capacity change from 0 to 1024 [pid 5829] <... umount2 resumed>) = 0 [pid 6157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6155] <... mount resumed>) = 0 [pid 6155] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6156] ioctl(4, LOOP_SET_FD, 3 [pid 6155] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6155] chdir("./file1" [pid 5829] newfstatat(AT_FDCWD, "./63/file1", [pid 6156] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6155] <... chdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6155] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6155] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6156] close(4 [pid 5829] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6155] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... openat resumed>) = 4 [pid 6154] <... sync resumed>) = 0 [pid 6157] <... write resumed>) = 524288 [pid 6154] exit_group(0 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6154] <... exit_group resumed>) = ? [pid 5829] getdents64(4, [pid 6156] <... close resumed>) = 0 [pid 6154] +++ exited with 0 +++ [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6154, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] close(4) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] rmdir("./63/file1") = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6156] close(3 [pid 5829] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5828] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6155] <... link resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6155] sync( [pid 5829] unlink("./63/binderfs") = 0 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5828] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] close(3 [pid 5828] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./63") = 0 [pid 6155] <... sync resumed>) = 0 [pid 5829] mkdir("./64", 0777 [pid 6157] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... mkdir resumed>) = 0 [pid 6156] <... close resumed>) = 0 [pid 6155] exit_group(0) = ? [pid 6157] <... munmap resumed>) = 0 [pid 6155] +++ exited with 0 +++ [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6157] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6156] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6155, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] <... openat resumed>) = 3 [pid 6157] <... openat resumed>) = 4 [pid 6156] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6157] ioctl(4, LOOP_SET_FD, 3 [pid 6156] sync( [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5828] <... umount2 resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6158 attached [pid 5832] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", [pid 6158] set_robust_list(0x5555934ed660, 24 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6158] <... set_robust_list resumed>) = 0 [pid 6158] chdir("./64" [pid 5828] getdents64(4, [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6158 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6158] <... chdir resumed>) = 0 [pid 5828] close(4 [pid 6158] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... close resumed>) = 0 [pid 6158] <... prctl resumed>) = 0 [pid 5828] rmdir("./61/file1" [pid 6156] <... sync resumed>) = 0 [pid 6158] setpgid(0, 0 [pid 6156] exit_group(0 [pid 5828] <... rmdir resumed>) = 0 [pid 6158] <... setpgid resumed>) = 0 [pid 6157] <... ioctl resumed>) = 0 [pid 6156] <... exit_group resumed>) = ? [pid 5828] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6157] close(3) = 0 [pid 6156] +++ exited with 0 +++ [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5832] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(3, "", [pid 5828] unlink("./61/binderfs" [pid 6158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6157] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6156, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] <... unlink resumed>) = 0 [pid 6157] <... close resumed>) = 0 [pid 6158] <... openat resumed>) = 3 [pid 6157] mkdir("./file1", 0777 [pid 5832] getdents64(3, [pid 6158] write(3, "1000", 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] getdents64(3, [pid 6158] <... write resumed>) = 4 [pid 6157] <... mkdir resumed>) = 0 [pid 5832] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6158] close(3 [pid 6157] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] close(3 [pid 6158] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6158] symlink("/dev/binderfs", "./binderfs" [pid 5828] rmdir("./61" [pid 6158] <... symlink resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [ 118.880109][ T6157] loop3: detected capacity change from 0 to 1024 executing program [pid 6158] write(1, "executing program\n", 18 [pid 5828] mkdir("./62", 0777 [pid 5830] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 6158] <... write resumed>) = 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6158] memfd_create("syzkaller", 0 [pid 5830] getdents64(3, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6158] <... memfd_create resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] <... openat resumed>) = 3 [pid 5830] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6158] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] newfstatat(AT_FDCWD, "./65/binderfs", [pid 5828] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] close(3 [pid 5830] unlink("./65/binderfs") = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6159 attached [pid 5830] close(3) = 0 [pid 5830] rmdir("./65" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6159 [pid 5830] <... rmdir resumed>) = 0 [pid 6157] <... mount resumed>) = 0 [pid 5830] mkdir("./66", 0777 [pid 6159] set_robust_list(0x5555934ed660, 24) = 0 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6157] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6159] chdir("./62" [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6157] chdir("./file1" [pid 5830] close(3 [pid 6157] <... chdir resumed>) = 0 [pid 5832] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 6159] <... chdir resumed>) = 0 [pid 6158] <... write resumed>) = 524288 [pid 6157] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6157] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6160 attached [pid 6159] <... prctl resumed>) = 0 [pid 6157] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6159] setpgid(0, 0 [pid 5832] newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6159] <... setpgid resumed>) = 0 [pid 5832] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6160] set_robust_list(0x5555934ed660, 24 [pid 5832] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6160] <... set_robust_list resumed>) = 0 [pid 6159] <... openat resumed>) = 3 [pid 5832] close(4 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6160 [pid 6160] chdir("./66" [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./62/file1" [pid 6158] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... rmdir resumed>) = 0 [pid 6159] write(3, "1000", 4 [pid 6158] <... munmap resumed>) = 0 [pid 5832] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6160] <... chdir resumed>) = 0 [pid 6159] <... write resumed>) = 4 [pid 6157] <... link resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6157] sync( [pid 6159] close(3 [pid 6160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6159] <... close resumed>) = 0 [pid 6160] setpgid(0, 0 [pid 6158] <... openat resumed>) = 4 [pid 5832] newfstatat(AT_FDCWD, "./62/binderfs", [pid 6160] <... setpgid resumed>) = 0 [pid 6158] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6158] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] unlink("./62/binderfs" [pid 6160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6159] symlink("/dev/binderfs", "./binderfs" [pid 6158] ioctl(4, LOOP_CLR_FD [pid 5832] <... unlink resumed>) = 0 [pid 6158] <... ioctl resumed>) = 0 [pid 5832] getdents64(3, [pid 6159] <... symlink resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6160] <... openat resumed>) = 3 [pid 5832] close(3 [pid 6160] write(3, "1000", 4 [pid 5832] <... close resumed>) = 0 [pid 6160] <... write resumed>) = 4 [pid 6159] write(1, "executing program\n", 18executing program [pid 5832] rmdir("./62" [pid 6160] close(3 [pid 6159] <... write resumed>) = 18 [pid 6160] <... close resumed>) = 0 [pid 6159] memfd_create("syzkaller", 0 [pid 6158] ioctl(4, LOOP_SET_FD, 3executing program [pid 6160] symlink("/dev/binderfs", "./binderfs" [pid 6158] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... rmdir resumed>) = 0 [pid 6158] close(4 [pid 6160] <... symlink resumed>) = 0 [pid 6159] <... memfd_create resumed>) = 3 [pid 6160] write(1, "executing program\n", 18 [pid 6159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6160] <... write resumed>) = 18 [pid 6159] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] mkdir("./63", 0777) = 0 [pid 6160] memfd_create("syzkaller", 0 [pid 6159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6160] <... memfd_create resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6159] <... write resumed>) = 524288 [pid 6158] <... close resumed>) = 0 [pid 6160] <... mmap resumed>) = 0x7ff1eb400000 [pid 6158] close(3) = 0 [pid 6157] <... sync resumed>) = 0 [pid 6157] exit_group(0 [pid 6158] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6159] munmap(0x7ff1eb400000, 138412032 [pid 6157] <... exit_group resumed>) = ? [pid 6158] sync( [pid 6157] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6157, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6159] <... munmap resumed>) = 0 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6160] <... write resumed>) = 524288 [pid 6160] munmap(0x7ff1eb400000, 138412032 [pid 6159] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 6158] <... sync resumed>) = 0 [pid 6160] <... munmap resumed>) = 0 [pid 6158] exit_group(0 [pid 6159] <... openat resumed>) = 4 [pid 6159] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6159] ioctl(4, LOOP_CLR_FD) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6158] <... exit_group resumed>) = ? [pid 5831] <... umount2 resumed>) = 0 [pid 6159] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6159] close(4) = 0 [pid 6158] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6158, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6160] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6161 attached [pid 5831] newfstatat(AT_FDCWD, "./57/file1", [pid 6161] set_robust_list(0x5555934ed660, 24 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6161] <... set_robust_list resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 6161] chdir("./63" [pid 5831] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6161] <... chdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6161] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6161 [pid 5831] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] getdents64(3, [pid 6161] <... prctl resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 6161] setpgid(0, 0 [pid 5831] newfstatat(4, "", [pid 6161] <... setpgid resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] getdents64(4, [pid 5829] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./64/binderfs", [pid 6159] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6161] <... openat resumed>) = 3 [pid 6159] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] unlink("./64/binderfs" [pid 6161] write(3, "1000", 4 [pid 5831] getdents64(4, [pid 5829] <... unlink resumed>) = 0 [pid 6161] <... write resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6161] close(3 [pid 5831] close(4) = 0 [pid 5829] getdents64(3, [pid 5831] rmdir("./57/file1" [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] rmdir("./64" [pid 6161] <... close resumed>) = 0 [pid 5831] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6161] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./57/binderfs", [pid 6161] <... symlink resumed>) = 0 [pid 6160] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6160] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 6160] <... close resumed>) = 0 [pid 6159] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6160] close(4 [pid 6159] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] mkdir("./65", 0777 [pid 6160] <... close resumed>) = 0 [pid 6159] sync( [pid 5829] <... mkdir resumed>) = 0 [pid 6160] mkdir("./file1", 0777executing program [pid 6161] write(1, "executing program\n", 18 [pid 5831] unlink("./57/binderfs" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6161] <... write resumed>) = 18 [pid 6160] <... mkdir resumed>) = 0 [pid 6161] memfd_create("syzkaller", 0 [pid 6160] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... unlink resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6161] <... memfd_create resumed>) = 3 [pid 6161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6161] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6162 attached [ 119.096090][ T6160] loop2: detected capacity change from 0 to 1024 [pid 5831] getdents64(3, [pid 6162] set_robust_list(0x5555934ed660, 24 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6162] <... set_robust_list resumed>) = 0 [pid 6162] chdir("./65") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6162 [pid 6162] <... openat resumed>) = 3 [pid 6162] write(3, "1000", 4 [pid 5831] close(3 [pid 6162] <... write resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 6162] close(3) = 0 [pid 5831] rmdir("./57" [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... rmdir resumed>) = 0 executing program [pid 5831] mkdir("./58", 0777 [pid 6162] write(1, "executing program\n", 18) = 18 [pid 6162] memfd_create("syzkaller", 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6162] <... memfd_create resumed>) = 3 [pid 6162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 6160] <... mount resumed>) = 0 [pid 5831] close(3 [pid 6160] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6160] chdir("./file1" [pid 5831] <... close resumed>) = 0 [pid 6160] <... chdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6160] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6160] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"./strace-static-x86_64: Process 6163 attached [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6163 [pid 6163] set_robust_list(0x5555934ed660, 24 [pid 6161] <... write resumed>) = 524288 [pid 6163] <... set_robust_list resumed>) = 0 [pid 6161] munmap(0x7ff1eb400000, 138412032 [pid 6163] chdir("./58" [pid 6161] <... munmap resumed>) = 0 [pid 6159] <... sync resumed>) = 0 [pid 6163] <... chdir resumed>) = 0 [pid 6161] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6161] <... openat resumed>) = 4 [pid 6159] exit_group(0) = ? [pid 6163] setpgid(0, 0 [pid 6161] ioctl(4, LOOP_SET_FD, 3 [pid 6160] <... link resumed>) = 0 [pid 6159] +++ exited with 0 +++ [pid 6160] sync( [pid 6162] <... write resumed>) = 524288 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6163] <... setpgid resumed>) = 0 [pid 6161] <... ioctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6161] close(3 [pid 6162] munmap(0x7ff1eb400000, 138412032 [pid 6161] <... close resumed>) = 0 [pid 5828] unlink("./62/binderfs" [pid 6163] <... openat resumed>) = 3 [pid 6161] close(4 [pid 6163] write(3, "1000", 4 [pid 6161] <... close resumed>) = 0 [pid 6163] <... write resumed>) = 4 [pid 6161] mkdir("./file1", 0777 [pid 6163] close(3) = 0 [pid 6162] <... munmap resumed>) = 0 [pid 6161] <... mkdir resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6163] symlink("/dev/binderfs", "./binderfs" [pid 6162] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6161] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6163] <... symlink resumed>) = 0 [pid 6162] <... openat resumed>) = 4 [pid 6160] <... sync resumed>) = 0 executing program [pid 5828] getdents64(3, [pid 6163] write(1, "executing program\n", 18 [pid 6162] ioctl(4, LOOP_SET_FD, 3 [pid 6160] exit_group(0) = ? [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6163] <... write resumed>) = 18 [pid 6163] memfd_create("syzkaller", 0 [pid 6160] +++ exited with 0 +++ [pid 5828] close(3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6160, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./62" [pid 5830] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6163] <... memfd_create resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] newfstatat(3, "", [pid 5828] mkdir("./63", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6163] <... mmap resumed>) = 0x7ff1eb400000 [pid 6162] <... ioctl resumed>) = 0 [pid 6163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6161] <... mount resumed>) = 0 [pid 5830] getdents64(3, [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6162] close(3 [pid 6161] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6162] <... close resumed>) = 0 [pid 6162] close(4) = 0 [pid 6161] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 6162] mkdir("./file1", 0777 [pid 6161] chdir("./file1" [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6161] <... chdir resumed>) = 0 [pid 6162] <... mkdir resumed>) = 0 [pid 6161] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] close(3 [pid 6161] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6161] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... close resumed>) = 0 [pid 6162] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [ 119.231122][ T6161] loop4: detected capacity change from 0 to 1024 [ 119.255707][ T6162] loop1: detected capacity change from 0 to 1024 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6164 attached [pid 6164] set_robust_list(0x5555934ed660, 24 [pid 6163] <... write resumed>) = 524288 [pid 5830] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6164 [pid 6164] <... set_robust_list resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6164] chdir("./63" [pid 5830] newfstatat(AT_FDCWD, "./66/file1", [pid 6164] <... chdir resumed>) = 0 [pid 6164] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6164] <... prctl resumed>) = 0 [pid 5830] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6164] setpgid(0, 0 [pid 6161] <... link resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6164] <... setpgid resumed>) = 0 [pid 6163] munmap(0x7ff1eb400000, 138412032 [pid 6161] sync( [pid 5830] <... openat resumed>) = 4 [pid 6164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6163] <... munmap resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 6164] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6164] write(3, "1000", 4 [pid 6163] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] getdents64(4, [pid 6164] <... write resumed>) = 4 [pid 6164] close(3 [pid 6163] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6164] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 6164] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6164] <... symlink resumed>) = 0 [pid 5830] close(4 [pid 6164] write(1, "executing program\n", 18 [pid 6163] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./66/file1"executing program [pid 6164] <... write resumed>) = 18 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6164] memfd_create("syzkaller", 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6162] <... mount resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./66/binderfs", [pid 6162] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6162] chdir("./file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6162] <... chdir resumed>) = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6164] <... memfd_create resumed>) = 3 [pid 5830] unlink("./66/binderfs" [pid 6162] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6163] <... ioctl resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 6164] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6163] close(3 [pid 6164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6163] <... close resumed>) = 0 [pid 5830] close(3 [pid 6163] close(4 [pid 5830] <... close resumed>) = 0 [pid 6163] <... close resumed>) = 0 [pid 5830] rmdir("./66" [pid 6163] mkdir("./file1", 0777) = 0 [pid 6162] <... link resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6163] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] mkdir("./67", 0777 [pid 6162] sync( [pid 5830] <... mkdir resumed>) = 0 [pid 6164] <... write resumed>) = 524288 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 119.354028][ T6163] loop3: detected capacity change from 0 to 1024 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6164] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 6164] <... munmap resumed>) = 0 [pid 6164] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6163] <... mount resumed>) = 0 [pid 6164] <... openat resumed>) = 4 [pid 6164] ioctl(4, LOOP_SET_FD, 3 [pid 6163] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./file1" [pid 6162] <... sync resumed>) = 0 [pid 6161] <... sync resumed>) = 0 [pid 6162] exit_group(0) = ? [pid 6163] <... chdir resumed>) = 0 [pid 6162] +++ exited with 0 +++ [pid 6161] exit_group(0./strace-static-x86_64: Process 6165 attached [pid 6163] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6161] <... exit_group resumed>) = ? [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6165 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6163] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6161] +++ exited with 0 +++ [pid 6165] set_robust_list(0x5555934ed660, 24 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6161, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6165] <... set_robust_list resumed>) = 0 [pid 6163] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6165] chdir("./67") = 0 [pid 6164] <... ioctl resumed>) = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... restart_syscall resumed>) = 0 [pid 6165] <... prctl resumed>) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 5832] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6165] <... openat resumed>) = 3 [pid 6164] close(3 [pid 6165] write(3, "1000", 4 [pid 6164] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 6165] <... write resumed>) = 4 [pid 6164] close(4 [pid 5832] newfstatat(3, "", [pid 6165] close(3 [pid 6164] <... close resumed>) = 0 [pid 6164] mkdir("./file1", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6165] <... close resumed>) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs" [pid 6164] <... mkdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5829] newfstatat(3, "", executing program [pid 6165] <... symlink resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6164] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6165] write(1, "executing program\n", 18 [pid 5829] getdents64(3, [pid 6165] <... write resumed>) = 18 [pid 6165] memfd_create("syzkaller", 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6163] <... link resumed>) = 0 [pid 5829] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6165] <... memfd_create resumed>) = 3 [pid 6163] sync( [pid 6165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [ 119.436405][ T6164] loop0: detected capacity change from 0 to 1024 [pid 6165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 6165] <... write resumed>) = 524288 [pid 5832] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6164] <... mount resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./63/file1", [pid 6165] munmap(0x7ff1eb400000, 138412032 [pid 6164] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6164] <... openat resumed>) = 3 [pid 6165] <... munmap resumed>) = 0 [pid 5832] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6164] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6164] <... chdir resumed>) = 0 [pid 6164] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6165] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6164] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6165] ioctl(4, LOOP_SET_FD, 3 [pid 6164] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(4, "", [pid 5829] newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./65/file1") = 0 [pid 5829] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5829] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] unlink("./65/binderfs" [pid 5832] close(4 [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./63/file1" [pid 5829] close(3) = 0 [pid 5829] rmdir("./65" [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./66", 0777) = 0 [pid 5832] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6166 attached [pid 6164] <... link resumed>) = 0 [pid 6163] <... sync resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./63/binderfs", [pid 6164] sync( [pid 6163] exit_group(0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6166 [pid 6163] <... exit_group resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./63/binderfs" [pid 6166] set_robust_list(0x5555934ed660, 24) = 0 [pid 6165] <... ioctl resumed>) = 0 [pid 6164] <... sync resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [ 119.543994][ T6165] loop2: detected capacity change from 0 to 1024 [pid 6166] chdir("./66" [pid 6165] close(3 [pid 6164] exit_group(0 [pid 6163] +++ exited with 0 +++ [pid 5832] getdents64(3, [pid 6165] <... close resumed>) = 0 [pid 6165] close(4 [pid 6164] <... exit_group resumed>) = ? [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6165] <... close resumed>) = 0 [pid 5832] close(3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6163, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 6166] <... chdir resumed>) = 0 [pid 6165] mkdir("./file1", 0777 [pid 5832] rmdir("./63" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... rmdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6166] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6165] <... mkdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6166] <... prctl resumed>) = 0 [pid 5831] getdents64(3, [pid 5832] mkdir("./64", 0777 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6166] setpgid(0, 0 [pid 6164] +++ exited with 0 +++ [pid 5832] <... mkdir resumed>) = 0 [pid 6166] <... setpgid resumed>) = 0 [pid 6165] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6164, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... restart_syscall resumed>) = 0 [pid 6166] <... openat resumed>) = 3 [pid 5828] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] newfstatat(3, "", [pid 6166] write(3, "1000", 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6166] <... write resumed>) = 4 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] getdents64(3, [pid 6166] close(3) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 6166] symlink("/dev/binderfs", "./binderfs" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6166] <... symlink resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 executing program [pid 6166] write(1, "executing program\n", 18) = 18 [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6166] memfd_create("syzkaller", 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5831] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6166] <... memfd_create resumed>) = 3 [pid 5831] newfstatat(AT_FDCWD, "./58/file1", [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6166] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, ./strace-static-x86_64: Process 6167 attached 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6167] set_robust_list(0x5555934ed660, 24 [pid 5831] close(4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6167 [pid 5831] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./63/file1", [pid 6167] <... set_robust_list resumed>) = 0 [pid 6167] chdir("./64" [pid 5831] rmdir("./58/file1" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6167] <... chdir resumed>) = 0 [pid 5828] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6167] setpgid(0, 0) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6167] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6167] write(3, "1000", 4) = 4 [pid 6165] <... mount resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6165] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] newfstatat(4, "", [pid 6167] close(3 [pid 6165] <... openat resumed>) = 3 [pid 6167] <... close resumed>) = 0 [pid 6165] chdir("./file1" [pid 6167] symlink("/dev/binderfs", "./binderfs" [pid 6165] <... chdir resumed>) = 0 [pid 6167] <... symlink resumed>) = 0 [pid 6165] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) executing program [pid 6165] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6167] write(1, "executing program\n", 18) = 18 [pid 6167] memfd_create("syzkaller", 0 [pid 6166] <... write resumed>) = 524288 [pid 6167] <... memfd_create resumed>) = 3 [pid 6165] <... link resumed>) = 0 [pid 6166] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6166] <... munmap resumed>) = 0 [pid 6165] sync( [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 6167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6166] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6166] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] getdents64(4, [pid 6166] ioctl(4, LOOP_SET_FD, 3 [pid 5831] unlink("./58/binderfs" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./63/file1") = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5828] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./58") = 0 [pid 5828] unlink("./63/binderfs") = 0 [pid 5831] mkdir("./59", 0777 [pid 6165] <... sync resumed>) = 0 [pid 6165] exit_group(0) = ? [pid 6165] +++ exited with 0 +++ [pid 5831] <... mkdir resumed>) = 0 [pid 5828] getdents64(3, [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6167] <... write resumed>) = 524288 [pid 5831] <... openat resumed>) = 3 [pid 5828] close(3 [pid 6167] munmap(0x7ff1eb400000, 138412032 [pid 5830] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 6167] <... munmap resumed>) = 0 [pid 6166] <... ioctl resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./63" [pid 5831] <... ioctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6166] close(3 [pid 5831] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 6166] <... close resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 6166] close(4 [pid 5831] <... close resumed>) = 0 [pid 5828] mkdir("./64", 0777 [pid 6166] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6167] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6166] mkdir("./file1", 0777 [pid 5830] getdents64(3, [pid 5828] <... mkdir resumed>) = 0 [pid 6167] <... openat resumed>) = 4 [pid 6167] ioctl(4, LOOP_SET_FD, 3 [pid 6166] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6168 ./strace-static-x86_64: Process 6168 attached [pid 6166] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... umount2 resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6168] set_robust_list(0x5555934ed660, 24 [pid 6167] <... ioctl resumed>) = 0 [pid 6168] <... set_robust_list resumed>) = 0 [pid 6166] <... mount resumed>) = 0 [pid 5830] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./67/file1", [pid 6168] chdir("./59" [pid 6167] close(3 [pid 6166] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] close(3 [ 119.725772][ T6166] loop1: detected capacity change from 0 to 1024 [ 119.764408][ T6167] loop4: detected capacity change from 0 to 1024 [pid 6168] <... chdir resumed>) = 0 [pid 6167] <... close resumed>) = 0 [pid 6166] <... openat resumed>) = 3 [pid 5830] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 6168] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6167] close(4 [pid 6166] chdir("./file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6168] <... prctl resumed>) = 0 [pid 6167] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6166] <... chdir resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6166] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] newfstatat(4, "", [pid 6168] setpgid(0, 0 [pid 6167] mkdir("./file1", 0777 [pid 6166] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6168] <... setpgid resumed>) = 0 [pid 6166] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] getdents64(4, [pid 6168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6167] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6168] <... openat resumed>) = 3 [pid 6168] write(3, "1000", 4 [pid 5830] close(4./strace-static-x86_64: Process 6169 attached [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6169 [pid 5830] <... close resumed>) = 0 [pid 6168] <... write resumed>) = 4 [pid 6168] close(3 [pid 5830] rmdir("./67/file1" [pid 6169] set_robust_list(0x5555934ed660, 24 [pid 6168] <... close resumed>) = 0 [pid 6167] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6166] <... link resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6168] symlink("/dev/binderfs", "./binderfs" [pid 6169] <... set_robust_list resumed>) = 0 [pid 6169] chdir("./64" [pid 6168] <... symlink resumed>) = 0 [pid 6166] sync( [pid 5830] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6169] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6169] setpgid(0, 0 [pid 5830] newfstatat(AT_FDCWD, "./67/binderfs", executing program [pid 6169] <... setpgid resumed>) = 0 [pid 6168] write(1, "executing program\n", 18 [pid 6167] <... mount resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./67/binderfs") = 0 [pid 6168] <... write resumed>) = 18 [pid 6167] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] getdents64(3, [pid 6169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6168] memfd_create("syzkaller", 0 [pid 6167] <... openat resumed>) = 3 [pid 6166] <... sync resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6168] <... memfd_create resumed>) = 3 [pid 6167] chdir("./file1" [pid 6166] exit_group(0 [pid 5830] close(3) = 0 [pid 6169] <... openat resumed>) = 3 [pid 6169] write(3, "1000", 4) = 4 [pid 6169] close(3) = 0 [pid 6169] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6169] write(1, "executing program\n", 18) = 18 [pid 6169] memfd_create("syzkaller", 0) = 3 [pid 6169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6167] <... chdir resumed>) = 0 [pid 6166] <... exit_group resumed>) = ? [pid 5830] rmdir("./67" [pid 6168] <... mmap resumed>) = 0x7ff1eb400000 [pid 6168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6167] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 6167] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6167] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6166] +++ exited with 0 +++ [pid 5830] mkdir("./68", 0777 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6166, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 6169] <... write resumed>) = 524288 [pid 6168] <... write resumed>) = 524288 [pid 6167] <... link resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6169] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6167] sync( [pid 6168] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6169] <... openat resumed>) = 4 [pid 6169] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6170 attached [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6170 [pid 6167] <... sync resumed>) = 0 [pid 6170] set_robust_list(0x5555934ed660, 24 [pid 6167] exit_group(0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6168] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6170] <... set_robust_list resumed>) = 0 [pid 6167] <... exit_group resumed>) = ? [pid 6168] <... openat resumed>) = 4 [pid 6168] ioctl(4, LOOP_SET_FD, 3 [pid 5829] newfstatat(AT_FDCWD, "./66/file1", [pid 6170] chdir("./68" [pid 6167] +++ exited with 0 +++ [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6167, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6170] <... chdir resumed>) = 0 [pid 5829] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6170] setpgid(0, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6170] <... setpgid resumed>) = 0 [pid 6169] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6169] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6169] <... close resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 6169] close(4) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... openat resumed>) = 4 [pid 6169] mkdir("./file1", 0777 [pid 5832] getdents64(3, [pid 5829] newfstatat(4, "", [pid 6169] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6169] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6170] <... openat resumed>) = 3 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./66/file1" [pid 6170] write(3, "1000", 4 [pid 5829] <... rmdir resumed>) = 0 [pid 6170] <... write resumed>) = 4 [pid 6170] close(3 [pid 5829] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6170] <... close resumed>) = 0 [pid 6170] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./66/binderfs", [pid 6170] <... symlink resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6170] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] unlink("./66/binderfs" [pid 6170] memfd_create("syzkaller", 0 [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./66") = 0 [pid 6170] <... memfd_create resumed>) = 3 [pid 6168] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5829] mkdir("./67", 0777 [pid 6170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6168] close(3 [pid 5829] <... mkdir resumed>) = 0 [ 119.924013][ T6169] loop0: detected capacity change from 0 to 1024 [ 119.941260][ T6168] loop3: detected capacity change from 0 to 1024 [pid 6170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6168] <... close resumed>) = 0 [pid 5832] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./64/file1", [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6168] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6168] <... close resumed>) = 0 [pid 5832] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6168] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5832] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6168] <... mkdir resumed>) = 0 [pid 5832] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6171 attached [pid 5832] newfstatat(4, "", [pid 6168] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6171] set_robust_list(0x5555934ed660, 24 [pid 6170] <... write resumed>) = 524288 [pid 6169] <... mount resumed>) = 0 [pid 5832] getdents64(4, [pid 6171] <... set_robust_list resumed>) = 0 [pid 6169] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6171 [pid 6171] chdir("./67" [pid 6170] munmap(0x7ff1eb400000, 138412032 [pid 6169] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 6171] <... chdir resumed>) = 0 [pid 6171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6171] setpgid(0, 0) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6169] chdir("./file1" [pid 5832] close(4 [pid 6170] <... munmap resumed>) = 0 [pid 6169] <... chdir resumed>) = 0 [pid 6168] <... mount resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] rmdir("./64/file1" [pid 6168] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 6171] <... openat resumed>) = 3 [pid 6170] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6169] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6168] chdir("./file1" [pid 5832] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./64/binderfs", [pid 6168] <... chdir resumed>) = 0 [pid 6171] write(3, "1000", 4 [pid 6170] <... openat resumed>) = 4 [pid 6169] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"executing program [pid 6168] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6170] ioctl(4, LOOP_SET_FD, 3 [pid 6171] <... write resumed>) = 4 [pid 6168] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6171] close(3) = 0 [pid 6171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6171] write(1, "executing program\n", 18) = 18 [pid 6171] memfd_create("syzkaller", 0) = 3 [pid 6171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6170] <... ioctl resumed>) = 0 [pid 6169] <... link resumed>) = 0 [pid 6168] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] unlink("./64/binderfs" [pid 6171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6170] close(3 [pid 6169] sync( [pid 5832] <... unlink resumed>) = 0 [pid 6170] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 6171] <... write resumed>) = 524288 [pid 6170] close(4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6170] <... close resumed>) = 0 [pid 5832] close(3 [pid 6170] mkdir("./file1", 0777 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./64" [pid 6170] <... mkdir resumed>) = 0 [pid 6168] <... link resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6168] sync( [pid 5832] mkdir("./65", 0777 [pid 6170] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... mkdir resumed>) = 0 [ 120.044168][ T6170] loop2: detected capacity change from 0 to 1024 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6171] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6172 attached [pid 6171] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6171] ioctl(4, LOOP_SET_FD, 3 [pid 6172] set_robust_list(0x5555934ed660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6172 [pid 6172] <... set_robust_list resumed>) = 0 [pid 6172] chdir("./65") = 0 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6170] <... mount resumed>) = 0 [pid 6170] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6172] <... openat resumed>) = 3 [pid 6170] <... openat resumed>) = 3 [pid 6170] chdir("./file1" [pid 6172] write(3, "1000", 4) = 4 [pid 6172] close(3 [pid 6170] <... chdir resumed>) = 0 [pid 6172] <... close resumed>) = 0 [pid 6171] <... ioctl resumed>) = 0 [pid 6170] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6169] <... sync resumed>) = 0 [pid 6168] <... sync resumed>) = 0 [pid 6169] exit_group(0 [pid 6168] exit_group(0) = ? [pid 6172] symlink("/dev/binderfs", "./binderfs" [pid 6170] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6172] <... symlink resumed>) = 0 [pid 6171] close(3 [pid 6170] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6169] <... exit_group resumed>) = ? [pid 6171] <... close resumed>) = 0 [pid 6171] close(4) = 0 [pid 6168] +++ exited with 0 +++ executing program [pid 6172] write(1, "executing program\n", 18 [ 120.122067][ T6171] loop1: detected capacity change from 0 to 1024 [pid 6171] mkdir("./file1", 0777 [pid 6172] <... write resumed>) = 18 [pid 6171] <... mkdir resumed>) = 0 [pid 6169] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6168, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6169, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6172] memfd_create("syzkaller", 0 [pid 6171] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6172] <... memfd_create resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... restart_syscall resumed>) = 0 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", [pid 5828] newfstatat(3, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6172] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6170] <... link resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6170] sync( [pid 5831] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./64/file1") = 0 [pid 6172] <... write resumed>) = 524288 [pid 6171] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6172] munmap(0x7ff1eb400000, 138412032 [pid 6171] <... openat resumed>) = 3 [pid 6171] chdir("./file1" [pid 6172] <... munmap resumed>) = 0 [pid 6171] <... chdir resumed>) = 0 [pid 5831] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./64/binderfs", [pid 6172] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6171] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./59/file1", [pid 5828] unlink("./64/binderfs" [pid 6171] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6172] <... openat resumed>) = 4 [pid 6171] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6170] <... sync resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 5831] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6172] ioctl(4, LOOP_SET_FD, 3 [pid 6170] exit_group(0 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] close(3 [pid 5831] getdents64(4, [pid 5828] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] rmdir("./64" [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./59/file1" [pid 5828] mkdir("./65", 0777 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5831] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./59/binderfs" [pid 5828] <... openat resumed>) = 3 [pid 5831] <... unlink resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] getdents64(3, [pid 5828] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6170] <... exit_group resumed>) = ? [pid 5831] close(3) = 0 [pid 5831] rmdir("./59") = 0 [pid 5831] mkdir("./60", 0777) = 0 [pid 6170] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6170, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6173 attached ./strace-static-x86_64: Process 6174 attached [pid 6173] set_robust_list(0x5555934ed660, 24) = 0 [pid 6173] chdir("./60") = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6173 [pid 6173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6174] set_robust_list(0x5555934ed660, 24 [pid 6173] setpgid(0, 0 [pid 6174] <... set_robust_list resumed>) = 0 [pid 6173] <... setpgid resumed>) = 0 [pid 6174] chdir("./65" [pid 6173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6174 [pid 5830] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6174] <... chdir resumed>) = 0 [pid 6174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6173] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 6174] setpgid(0, 0) = 0 [pid 6173] write(3, "1000", 4 [pid 6172] <... ioctl resumed>) = 0 [pid 6171] <... link resumed>) = 0 executing program executing program [pid 5830] newfstatat(3, "", [pid 6174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6173] <... write resumed>) = 4 [pid 6172] close(3 [pid 6171] sync( [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6174] <... openat resumed>) = 3 [pid 6173] close(3 [pid 6172] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 6173] <... close resumed>) = 0 [pid 6172] close(4 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6174] write(3, "1000", 4 [pid 6173] symlink("/dev/binderfs", "./binderfs" [pid 6172] <... close resumed>) = 0 [pid 5830] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6174] <... write resumed>) = 4 [pid 6173] <... symlink resumed>) = 0 [pid 6172] mkdir("./file1", 0777 [pid 6174] close(3) = 0 [pid 6174] symlink("/dev/binderfs", "./binderfs" [pid 6173] write(1, "executing program\n", 18 [pid 6174] <... symlink resumed>) = 0 [pid 6173] <... write resumed>) = 18 [pid 6172] <... mkdir resumed>) = 0 [pid 6174] write(1, "executing program\n", 18 [pid 6173] memfd_create("syzkaller", 0 [pid 6172] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6174] <... write resumed>) = 18 [pid 6173] <... memfd_create resumed>) = 3 [pid 6173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6173] <... mmap resumed>) = 0x7ff1eb400000 [ 120.269464][ T6172] loop4: detected capacity change from 0 to 1024 [pid 6171] <... sync resumed>) = 0 [pid 5830] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6171] exit_group(0 [pid 6174] memfd_create("syzkaller", 0 [pid 6171] <... exit_group resumed>) = ? [pid 6174] <... memfd_create resumed>) = 3 [pid 6174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6171] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6171, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] newfstatat(AT_FDCWD, "./68/file1", [pid 5829] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6174] <... write resumed>) = 524288 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6172] <... mount resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5829] newfstatat(3, "", [pid 6172] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] newfstatat(4, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6172] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 6172] chdir("./file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6172] <... chdir resumed>) = 0 [pid 5830] getdents64(4, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6172] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6172] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] getdents64(4, [pid 6172] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6174] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./68/file1" [pid 5829] <... umount2 resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6174] <... munmap resumed>) = 0 [pid 6174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6174] <... openat resumed>) = 4 [pid 6174] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./68/binderfs", [pid 5829] newfstatat(AT_FDCWD, "./67/file1", [pid 6173] <... write resumed>) = 524288 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./68/binderfs") = 0 [pid 6172] <... link resumed>) = 0 [pid 5829] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6172] sync( [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./67/file1" [pid 6174] <... ioctl resumed>) = 0 [pid 6173] munmap(0x7ff1eb400000, 138412032 [pid 5830] getdents64(3, [pid 5829] <... rmdir resumed>) = 0 [pid 6173] <... munmap resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6173] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] close(3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6174] close(3 [pid 5829] newfstatat(AT_FDCWD, "./67/binderfs", [pid 6174] <... close resumed>) = 0 [pid 6174] close(4 [pid 5830] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6174] <... close resumed>) = 0 [pid 5829] unlink("./67/binderfs" [pid 6174] mkdir("./file1", 0777 [pid 5830] rmdir("./68") = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6174] <... mkdir resumed>) = 0 [pid 6173] <... openat resumed>) = 4 [pid 5830] mkdir("./69", 0777 [pid 5829] getdents64(3, [pid 6174] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6173] ioctl(4, LOOP_SET_FD, 3 [pid 6172] <... sync resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6172] exit_group(0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] close(3 [pid 6172] <... exit_group resumed>) = ? [pid 5830] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 6172] +++ exited with 0 +++ [pid 5830] close(3) = 0 [pid 5829] rmdir("./67" [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] mkdir("./68", 0777 [pid 6174] <... mount resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5829] <... mkdir resumed>) = 0 [pid 6174] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 6174] chdir("./file1" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6174] <... chdir resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6174] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] getdents64(3, [pid 5829] <... ioctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] close(3 [pid 5832] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6174] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6175 attached ./strace-static-x86_64: Process 6176 attached [ 120.384127][ T6174] loop0: detected capacity change from 0 to 1024 [ 120.421177][ T6173] loop3: detected capacity change from 0 to 1024 [pid 6174] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6175] set_robust_list(0x5555934ed660, 24 [pid 6173] <... ioctl resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6176 [pid 6175] <... set_robust_list resumed>) = 0 [pid 6176] set_robust_list(0x5555934ed660, 24 [pid 6175] chdir("./69") = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6175 [pid 6176] <... set_robust_list resumed>) = 0 [pid 6175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6175] setpgid(0, 0) = 0 [pid 6173] close(3 [pid 6176] chdir("./68" [pid 6175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6173] <... close resumed>) = 0 [pid 6174] <... link resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6175] <... openat resumed>) = 3 [pid 6173] close(4 [pid 6175] write(3, "1000", 4 [pid 6173] <... close resumed>) = 0 [pid 6175] <... write resumed>) = 4 [pid 6173] mkdir("./file1", 0777 [pid 6176] <... chdir resumed>) = 0 [pid 6175] close(3 [pid 6174] sync( [pid 6173] <... mkdir resumed>) = 0 [pid 6175] <... close resumed>) = 0 [pid 6173] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6176] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6175] symlink("/dev/binderfs", "./binderfs" [pid 6176] <... prctl resumed>) = 0 [pid 6175] <... symlink resumed>) = 0 [pid 6176] setpgid(0, 0 [pid 5832] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6176] <... setpgid resumed>) = 0 executing program [pid 6175] write(1, "executing program\n", 18 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6175] <... write resumed>) = 18 [pid 5832] newfstatat(AT_FDCWD, "./65/file1", [pid 6176] <... openat resumed>) = 3 [pid 6175] memfd_create("syzkaller", 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6176] write(3, "1000", 4 [pid 6175] <... memfd_create resumed>) = 3 [pid 5832] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6176] <... write resumed>) = 4 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6176] close(3 [pid 6175] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6176] <... close resumed>) = 0 [pid 6175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... openat resumed>) = 4 [pid 6176] symlink("/dev/binderfs", "./binderfs" [pid 6173] <... mount resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6173] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] getdents64(4, [pid 6173] <... openat resumed>) = 3 [pid 6173] chdir("./file1") = 0 [pid 6173] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6173] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 executing program [pid 5832] getdents64(4, [pid 6176] <... symlink resumed>) = 0 [pid 6176] write(1, "executing program\n", 18 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6176] <... write resumed>) = 18 [pid 6176] memfd_create("syzkaller", 0 [pid 5832] close(4) = 0 [pid 6176] <... memfd_create resumed>) = 3 [pid 5832] rmdir("./65/file1" [pid 6176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6174] <... sync resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6176] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./65/binderfs", [pid 6176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6174] exit_group(0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6175] <... write resumed>) = 524288 [pid 6174] <... exit_group resumed>) = ? [pid 5832] unlink("./65/binderfs" [pid 6173] <... link resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 6173] sync( [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 6175] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... close resumed>) = 0 [pid 6175] <... munmap resumed>) = 0 [pid 5832] rmdir("./65") = 0 [pid 5832] mkdir("./66", 0777 [pid 6175] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6174] +++ exited with 0 +++ [pid 5832] <... mkdir resumed>) = 0 [pid 6175] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6174, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6175] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5828] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... ioctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6177 attached [pid 6177] set_robust_list(0x5555934ed660, 24 [pid 6176] <... write resumed>) = 524288 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6177 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", [pid 6177] <... set_robust_list resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6177] chdir("./66" [pid 5828] getdents64(3, [pid 6177] <... chdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6177] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6176] munmap(0x7ff1eb400000, 138412032 [pid 5828] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6177] <... prctl resumed>) = 0 [pid 6176] <... munmap resumed>) = 0 [pid 6173] <... sync resumed>) = 0 [pid 6176] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6173] exit_group(0) = ? [pid 6177] setpgid(0, 0 [pid 6176] <... openat resumed>) = 4 [pid 6173] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6173, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6177] <... setpgid resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6176] ioctl(4, LOOP_SET_FD, 3 [pid 6177] <... openat resumed>) = 3 [pid 6177] write(3, "1000", 4) = 4 [pid 6177] close(3) = 0 [pid 6177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6175] <... ioctl resumed>) = 0 executing program [pid 6177] write(1, "executing program\n", 18) = 18 [pid 6177] memfd_create("syzkaller", 0 [pid 6175] close(3 [pid 6177] <... memfd_create resumed>) = 3 [pid 6175] <... close resumed>) = 0 [pid 5831] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6175] close(4 [pid 6177] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6175] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6175] mkdir("./file1", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5828] <... umount2 resumed>) = 0 [pid 6175] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 6175] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6176] <... ioctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 120.558250][ T6175] loop2: detected capacity change from 0 to 1024 [ 120.596411][ T6176] loop1: detected capacity change from 0 to 1024 [pid 5828] newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6176] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6176] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6176] close(4 [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 6176] <... close resumed>) = 0 [pid 6176] mkdir("./file1", 0777 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6176] <... mkdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] getdents64(4, [pid 5831] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6176] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6177] <... write resumed>) = 524288 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 5828] close(4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 5828] rmdir("./65/file1" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./60/file1") = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./65/binderfs", [pid 6175] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./60/binderfs", [pid 6175] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6177] munmap(0x7ff1eb400000, 138412032 [pid 6175] <... openat resumed>) = 3 [pid 5831] unlink("./60/binderfs" [pid 5828] unlink("./65/binderfs" [pid 6177] <... munmap resumed>) = 0 [pid 6175] chdir("./file1" [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 6177] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 6177] <... openat resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 6177] ioctl(4, LOOP_SET_FD, 3 [pid 5831] rmdir("./60" [pid 6175] <... chdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] mkdir("./61", 0777) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] getdents64(3, [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6175] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6175] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6178 attached [pid 6178] set_robust_list(0x5555934ed660, 24 [pid 5828] close(3 [pid 6178] <... set_robust_list resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6178] chdir("./61" [pid 5828] rmdir("./65" [pid 6178] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6178 [pid 6178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6177] <... ioctl resumed>) = 0 [pid 6178] setpgid(0, 0 [pid 6176] <... mount resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6176] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] mkdir("./66", 0777 [pid 6178] <... setpgid resumed>) = 0 [pid 6177] close(3 [pid 6176] <... openat resumed>) = 3 [pid 5828] <... mkdir resumed>) = 0 [pid 6178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6177] <... close resumed>) = 0 [pid 6176] chdir("./file1" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6177] close(4) = 0 [pid 6178] <... openat resumed>) = 3 [pid 6177] mkdir("./file1", 0777 [pid 6178] write(3, "1000", 4 [pid 6177] <... mkdir resumed>) = 0 [pid 6178] <... write resumed>) = 4 [pid 6178] close(3) = 0 [pid 6178] symlink("/dev/binderfs", "./binderfs" [pid 6177] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6178] <... symlink resumed>) = 0 [pid 6178] write(1, "executing program\n", 18executing program ) = 18 [pid 6178] memfd_create("syzkaller", 0 [pid 6176] <... chdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6178] <... memfd_create resumed>) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6177] <... mount resumed>) = 0 [pid 6176] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6175] <... link resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6177] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6177] chdir("./file1") = 0 [pid 6177] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6178] <... mmap resumed>) = 0x7ff1eb400000 [pid 6177] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6177] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6176] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6175] sync( [pid 5828] <... ioctl resumed>) = 0 [ 120.676483][ T6177] loop4: detected capacity change from 0 to 1024 [pid 6176] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6179 attached , child_tidptr=0x5555934ed650) = 6179 [pid 6179] set_robust_list(0x5555934ed660, 24) = 0 [pid 6176] <... link resumed>) = 0 [pid 6179] chdir("./66" [pid 6176] sync( [pid 6179] <... chdir resumed>) = 0 [pid 6179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6179] setpgid(0, 0) = 0 [pid 6179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6177] <... link resumed>) = 0 [pid 6177] sync( [pid 6179] <... openat resumed>) = 3 [pid 6179] write(3, "1000", 4 [pid 6175] <... sync resumed>) = 0 [pid 6179] <... write resumed>) = 4 [pid 6178] <... write resumed>) = 524288 [pid 6177] <... sync resumed>) = 0 [pid 6176] <... sync resumed>) = 0 [pid 6179] close(3 [pid 6177] exit_group(0 [pid 6176] exit_group(0 [pid 6179] <... close resumed>) = 0 [pid 6177] <... exit_group resumed>) = ? [pid 6176] <... exit_group resumed>) = ? [pid 6179] symlink("/dev/binderfs", "./binderfs" [pid 6178] munmap(0x7ff1eb400000, 138412032 [pid 6175] exit_group(0 [pid 6179] <... symlink resumed>) = 0 [pid 6178] <... munmap resumed>) = 0 [pid 6177] +++ exited with 0 +++ [pid 6175] <... exit_group resumed>) = ? executing program [pid 6179] write(1, "executing program\n", 18 [pid 6176] +++ exited with 0 +++ [pid 6179] <... write resumed>) = 18 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6177, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=1 /* 0.01 s */} --- [pid 6179] memfd_create("syzkaller", 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6176, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6179] <... memfd_create resumed>) = 3 [pid 6178] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... restart_syscall resumed>) = 0 [pid 6179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6178] <... openat resumed>) = 4 [pid 6179] <... mmap resumed>) = 0x7ff1eb400000 [pid 6178] ioctl(4, LOOP_SET_FD, 3 [pid 5832] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6175] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6175, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] newfstatat(3, "", [pid 5832] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6179] <... write resumed>) = 524288 [pid 5832] newfstatat(3, "", [pid 6179] munmap(0x7ff1eb400000, 138412032 [pid 6178] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] getdents64(3, [pid 5832] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6179] <... munmap resumed>) = 0 [pid 6178] close(3 [pid 5830] <... openat resumed>) = 3 [pid 6178] <... close resumed>) = 0 [pid 6178] close(4 [pid 5830] newfstatat(3, "", [pid 6178] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6178] mkdir("./file1", 0777 [pid 5830] getdents64(3, [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6178] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... umount2 resumed>) = 0 [pid 5830] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6179] <... openat resumed>) = 4 [pid 6179] ioctl(4, LOOP_SET_FD, 3 [pid 6178] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5829] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./66/file1", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./68/file1", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] newfstatat(AT_FDCWD, "./69/file1", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 120.808047][ T6178] loop3: detected capacity change from 0 to 1024 [ 120.841659][ T6179] loop0: detected capacity change from 0 to 1024 [pid 5829] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", [pid 5830] openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6179] <... ioctl resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5830] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(4, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6179] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6179] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5830] getdents64(4, [pid 5829] getdents64(4, [pid 6179] close(4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5829] close(4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6179] <... close resumed>) = 0 [pid 5830] close(4 [pid 5829] <... close resumed>) = 0 [pid 6179] mkdir("./file1", 0777 [pid 5830] <... close resumed>) = 0 [pid 5829] rmdir("./68/file1" [pid 5830] rmdir("./69/file1" [pid 6179] <... mkdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6179] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... rmdir resumed>) = 0 [pid 5829] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./68/binderfs", [pid 5832] getdents64(4, [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./69/binderfs", [pid 5829] unlink("./68/binderfs" [pid 5832] close(4 [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./66/file1" [pid 5829] close(3 [pid 6178] <... mount resumed>) = 0 [pid 6178] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 6178] <... openat resumed>) = 3 [pid 5829] rmdir("./68" [pid 6178] chdir("./file1") = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./69/binderfs" [pid 6178] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] getdents64(3, [pid 5829] mkdir("./69", 0777 [pid 5832] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./69") = 0 [pid 5830] mkdir("./70", 0777 [pid 6179] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 6179] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6179] chdir("./file1" [pid 6178] <... link resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6179] <... chdir resumed>) = 0 [pid 6178] sync( [pid 5832] unlink("./66/binderfs" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... ioctl resumed>) = 0 [pid 6179] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] close(3 [pid 6179] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... ioctl resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] close(3 [pid 5829] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] close(3./strace-static-x86_64: Process 6180 attached ) = 0 [pid 6180] set_robust_list(0x5555934ed660, 24) = 0 [pid 6180] chdir("./70" [pid 5832] rmdir("./66" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6180 [pid 6180] <... chdir resumed>) = 0 [pid 6180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6180] setpgid(0, 0) = 0 [pid 6180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 6179] <... link resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6178] <... sync resumed>) = 0 [pid 5832] mkdir("./67", 0777./strace-static-x86_64: Process 6181 attached [pid 6179] sync( [pid 6178] exit_group(0 [pid 5832] <... mkdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6181 [pid 6181] set_robust_list(0x5555934ed660, 24 [pid 6178] <... exit_group resumed>) = ? [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6180] write(3, "1000", 4) = 4 [pid 6180] close(3) = 0 [pid 6180] symlink("/dev/binderfs", "./binderfs" [pid 6181] <... set_robust_list resumed>) = 0 [pid 6180] <... symlink resumed>) = 0 [pid 6178] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 6181] chdir("./69" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6178, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6181] <... chdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 6181] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6181] <... prctl resumed>) = 0 [pid 5832] close(3executing program [pid 6181] setpgid(0, 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6181] <... setpgid resumed>) = 0 [pid 6180] write(1, "executing program\n", 18) = 18 [pid 5831] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6180] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6182 attached [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6182 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6180] <... memfd_create resumed>) = 3 [pid 6182] set_robust_list(0x5555934ed660, 24 [pid 6181] <... openat resumed>) = 3 [pid 6180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6182] <... set_robust_list resumed>) = 0 [pid 6180] <... mmap resumed>) = 0x7ff1eb400000 [pid 6182] chdir("./67" [pid 6181] write(3, "1000", 4 [pid 5831] <... openat resumed>) = 3 [pid 6182] <... chdir resumed>) = 0 [pid 6181] <... write resumed>) = 4 [pid 5831] newfstatat(3, "", [pid 6182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6181] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6182] setpgid(0, 0 [pid 6181] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 6182] <... setpgid resumed>) = 0 [pid 6182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6181] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6182] <... openat resumed>) = 3 [pid 5831] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6182] write(3, "1000", 4 [pid 6181] <... symlink resumed>) = 0 [pid 6182] <... write resumed>) = 4 [pid 6179] <... sync resumed>) = 0 [pid 6182] close(3 [pid 6179] exit_group(0) = ? [pid 6182] <... close resumed>) = 0 [pid 6181] write(1, "executing program\n", 18 [pid 6179] +++ exited with 0 +++ executing program [pid 6182] symlink("/dev/binderfs", "./binderfs" [pid 6181] <... write resumed>) = 18 [pid 6180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6179, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6182] <... symlink resumed>) = 0 [pid 6181] memfd_create("syzkaller", 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6182] write(1, "executing program\n", 18 [pid 6181] <... memfd_create resumed>) = 3 executing program [pid 5828] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6182] <... write resumed>) = 18 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", [pid 6182] memfd_create("syzkaller", 0 [pid 6181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6182] <... memfd_create resumed>) = 3 [pid 6181] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = 0 [pid 6181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6180] <... write resumed>) = 524288 [pid 5831] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./61/file1", [pid 6180] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6180] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6180] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6180] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6180] ioctl(4, LOOP_SET_FD, 3 [pid 5828] newfstatat(AT_FDCWD, "./66/file1", [pid 6182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6181] <... write resumed>) = 524288 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6181] munmap(0x7ff1eb400000, 138412032 [pid 5831] getdents64(4, [pid 5828] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6181] <... munmap resumed>) = 0 [pid 5828] getdents64(4, [pid 5831] close(4) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, [pid 5831] rmdir("./61/file1" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./66/file1") = 0 [pid 6181] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./66/binderfs") = 0 [pid 6181] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./66" [pid 6181] ioctl(4, LOOP_SET_FD, 3 [pid 5831] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./67", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] unlink("./61/binderfs" [pid 6180] <... ioctl resumed>) = 0 [pid 6180] close(3) = 0 ./strace-static-x86_64: Process 6183 attached [pid 6180] close(4) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 6180] mkdir("./file1", 0777) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6183 [pid 6183] set_robust_list(0x5555934ed660, 24 [pid 5831] getdents64(3, [pid 6183] <... set_robust_list resumed>) = 0 [pid 6182] <... write resumed>) = 524288 [pid 6180] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6182] munmap(0x7ff1eb400000, 138412032 [pid 5831] close(3 [pid 6183] chdir("./67" [pid 5831] <... close resumed>) = 0 [pid 6183] <... chdir resumed>) = 0 [pid 6183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6183] setpgid(0, 0 [pid 6182] <... munmap resumed>) = 0 [pid 5831] rmdir("./61" [pid 6183] <... setpgid resumed>) = 0 [pid 6183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... rmdir resumed>) = 0 [pid 6183] <... openat resumed>) = 3 [pid 5831] mkdir("./62", 0777 [pid 6182] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 6183] write(3, "1000", 4 [pid 6182] <... openat resumed>) = 4 [pid 6183] <... write resumed>) = 4 [pid 6183] close(3 [pid 6182] ioctl(4, LOOP_SET_FD, 3 [pid 6183] <... close resumed>) = 0 [pid 6182] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6182] ioctl(4, LOOP_CLR_FD) = 0 [pid 6181] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6183] symlink("/dev/binderfs", "./binderfs" [pid 6180] <... mount resumed>) = 0 [pid 6183] <... symlink resumed>) = 0 [pid 6181] close(3 [pid 6180] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] ioctl(3, LOOP_CLR_FDexecuting program [pid 6183] write(1, "executing program\n", 18 [pid 6181] <... close resumed>) = 0 [pid 6180] <... openat resumed>) = 3 [pid 5831] <... ioctl resumed>) = 0 [pid 6183] <... write resumed>) = 18 [pid 6180] chdir("./file1" [pid 6183] memfd_create("syzkaller", 0 [pid 6180] <... chdir resumed>) = 0 [ 121.045580][ T6180] loop2: detected capacity change from 0 to 1024 [ 121.075280][ T6181] loop1: detected capacity change from 0 to 1024 [pid 6183] <... memfd_create resumed>) = 3 [pid 6180] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6180] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6183] <... mmap resumed>) = 0x7ff1eb400000 [pid 6180] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6181] close(4 [pid 5831] close(3 [pid 6181] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6182] ioctl(4, LOOP_SET_FD, 3 [pid 6181] mkdir("./file1", 0777 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6182] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6184 attached [pid 6182] close(4 [pid 6181] <... mkdir resumed>) = 0 [pid 6184] set_robust_list(0x5555934ed660, 24 [pid 6182] <... close resumed>) = 0 [pid 6181] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6184] <... set_robust_list resumed>) = 0 [pid 6184] chdir("./62") = 0 [pid 6184] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6183] <... write resumed>) = 524288 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6184 [pid 6180] <... link resumed>) = 0 [pid 6180] sync( [pid 6184] <... prctl resumed>) = 0 [pid 6184] setpgid(0, 0) = 0 [pid 6184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6183] munmap(0x7ff1eb400000, 138412032 [pid 6182] close(3 [pid 6184] <... openat resumed>) = 3 [pid 6183] <... munmap resumed>) = 0 [pid 6183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6182] <... close resumed>) = 0 [pid 6184] write(3, "1000", 4 [pid 6183] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6184] <... write resumed>) = 4 [pid 6183] ioctl(4, LOOP_CLR_FD) = 0 [pid 6184] close(3) = 0 [pid 6183] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6183] close(4 [pid 6184] symlink("/dev/binderfs", "./binderfs" [pid 6183] <... close resumed>) = 0 [pid 6182] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"executing program [pid 6184] <... symlink resumed>) = 0 [pid 6183] close(3 [pid 6182] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6184] write(1, "executing program\n", 18 [pid 6182] sync( [pid 6184] <... write resumed>) = 18 [pid 6184] memfd_create("syzkaller", 0) = 3 [pid 6183] <... close resumed>) = 0 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6183] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6183] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6183] sync( [pid 6181] <... mount resumed>) = 0 [pid 6181] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6184] <... write resumed>) = 524288 [pid 6184] munmap(0x7ff1eb400000, 138412032 [pid 6182] <... sync resumed>) = 0 [pid 6181] <... openat resumed>) = 3 [pid 6180] <... sync resumed>) = 0 [pid 6182] exit_group(0 [pid 6180] exit_group(0 [pid 6182] <... exit_group resumed>) = ? [pid 6183] <... sync resumed>) = 0 [pid 6180] <... exit_group resumed>) = ? [pid 6182] +++ exited with 0 +++ [pid 6180] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6182, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6183] exit_group(0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6180, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6184] <... munmap resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 6181] chdir("./file1" [pid 5830] <... restart_syscall resumed>) = 0 [pid 6183] <... exit_group resumed>) = ? [pid 6181] <... chdir resumed>) = 0 [pid 6183] +++ exited with 0 +++ [pid 6181] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6183, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6181] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6184] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6184] <... openat resumed>) = 4 [pid 6181] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(3, "", [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(3, [pid 5830] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6184] ioctl(4, LOOP_SET_FD, 3 [pid 5828] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(3, "", [pid 5832] unlink("./67/binderfs" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 5828] getdents64(3, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5832] close(3 [pid 5828] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./67" [pid 5828] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] unlink("./67/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./67") = 0 [pid 5828] mkdir("./68", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] mkdir("./68", 0777 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6185 attached ) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6185 [pid 6185] set_robust_list(0x5555934ed660, 24) = 0 [pid 5830] newfstatat(4, "", [pid 6185] chdir("./68" [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6185] <... chdir resumed>) = 0 [pid 5830] getdents64(4, [pid 6185] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6185] <... prctl resumed>) = 0 [pid 5830] getdents64(4, [pid 6185] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6185] <... setpgid resumed>) = 0 [pid 5830] close(4 [pid 6185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./70/file1" [pid 5832] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 6185] <... openat resumed>) = 3 [pid 6181] <... link resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6185] write(3, "1000", 4 [pid 6181] sync( [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] close(3 [pid 5830] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6185] <... write resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6185] close(3 [pid 5830] newfstatat(AT_FDCWD, "./70/binderfs", [pid 6185] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6185] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6186 attached ) = 0 [pid 6186] set_robust_list(0x5555934ed660, 24 [pid 5830] unlink("./70/binderfs" [pid 6185] write(1, "executing program\n", 18 [pid 5830] <... unlink resumed>) = 0 [pid 6186] <... set_robust_list resumed>) = 0 executing program [pid 6186] chdir("./68" [pid 6185] <... write resumed>) = 18 [pid 6184] <... ioctl resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6186 [pid 5830] getdents64(3, [pid 6186] <... chdir resumed>) = 0 [pid 6184] close(3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6186] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] close(3) = 0 [pid 5830] rmdir("./70") = 0 [pid 6186] <... prctl resumed>) = 0 [pid 6185] memfd_create("syzkaller", 0 [pid 6184] <... close resumed>) = 0 [pid 6186] setpgid(0, 0 [pid 6184] close(4 [pid 6186] <... setpgid resumed>) = 0 [pid 6186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6185] <... memfd_create resumed>) = 3 [pid 6184] <... close resumed>) = 0 [pid 5830] mkdir("./71", 0777 [pid 6184] mkdir("./file1", 0777 [pid 5830] <... mkdir resumed>) = 0 [pid 6186] <... openat resumed>) = 3 [pid 6185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6181] <... sync resumed>) = 0 [pid 6185] <... mmap resumed>) = 0x7ff1eb400000 [pid 6184] <... mkdir resumed>) = 0 [ 121.283278][ T6184] loop3: detected capacity change from 0 to 1024 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6181] exit_group(0 [pid 6186] write(3, "1000", 4) = 4 [pid 6181] <... exit_group resumed>) = ? [pid 6186] close(3) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6186] symlink("/dev/binderfs", "./binderfs" [pid 6184] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 6186] <... symlink resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6181] +++ exited with 0 +++ [pid 6186] write(1, "executing program\n", 18 [pid 6185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6181, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- executing program [pid 6186] <... write resumed>) = 18 [pid 5829] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6187 attached [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6187 [pid 6187] set_robust_list(0x5555934ed660, 24) = 0 [pid 6187] chdir("./71") = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6186] memfd_create("syzkaller", 0 [pid 6187] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6186] <... memfd_create resumed>) = 3 [pid 5829] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6187] <... prctl resumed>) = 0 [pid 6186] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6187] setpgid(0, 0) = 0 [pid 6187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... openat resumed>) = 3 [pid 6187] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 6187] write(3, "1000", 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6187] <... write resumed>) = 4 [pid 6187] close(3 [pid 5829] getdents64(3, [pid 6187] <... close resumed>) = 0 executing program [pid 6187] symlink("/dev/binderfs", "./binderfs" [pid 6186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6187] <... symlink resumed>) = 0 [pid 6185] <... write resumed>) = 524288 [pid 6184] <... mount resumed>) = 0 [pid 5829] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6187] write(1, "executing program\n", 18) = 18 [pid 6185] munmap(0x7ff1eb400000, 138412032 [pid 6187] memfd_create("syzkaller", 0 [pid 6184] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6187] <... memfd_create resumed>) = 3 [pid 6185] <... munmap resumed>) = 0 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6186] <... write resumed>) = 524288 [pid 6185] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6184] <... openat resumed>) = 3 [pid 6185] <... openat resumed>) = 4 [pid 6184] chdir("./file1" [pid 6187] <... mmap resumed>) = 0x7ff1eb400000 [pid 6185] ioctl(4, LOOP_SET_FD, 3 [pid 6187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6184] <... chdir resumed>) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6186] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6186] <... munmap resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6184] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] newfstatat(AT_FDCWD, "./69/file1", [pid 6185] <... ioctl resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6186] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6185] close(3) = 0 [pid 6185] close(4) = 0 [pid 6185] mkdir("./file1", 0777 [pid 6186] <... openat resumed>) = 4 [pid 6185] <... mkdir resumed>) = 0 [pid 5829] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6186] ioctl(4, LOOP_SET_FD, 3 [pid 6187] <... write resumed>) = 524288 [pid 6185] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6187] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6184] <... link resumed>) = 0 [pid 6184] sync( [pid 5829] openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6187] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6185] <... mount resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 6185] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6187] <... openat resumed>) = 4 [pid 6186] <... ioctl resumed>) = 0 [pid 6185] <... openat resumed>) = 3 [pid 5829] getdents64(4, [pid 6187] ioctl(4, LOOP_SET_FD, 3 [pid 6185] chdir("./file1" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6186] close(3 [pid 6185] <... chdir resumed>) = 0 [pid 6184] <... sync resumed>) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6185] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6186] <... close resumed>) = 0 [pid 5829] close(4 [pid 6186] close(4 [pid 6185] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... close resumed>) = 0 [pid 6185] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6186] <... close resumed>) = 0 [pid 5829] rmdir("./69/file1" [pid 6186] mkdir("./file1", 0777 [ 121.408377][ T6185] loop0: detected capacity change from 0 to 1024 [ 121.444707][ T6186] loop4: detected capacity change from 0 to 1024 [pid 6184] exit_group(0) = ? [pid 5829] <... rmdir resumed>) = 0 [pid 6186] <... mkdir resumed>) = 0 [pid 5829] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./69/binderfs", [pid 6187] <... ioctl resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6186] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] unlink("./69/binderfs") = 0 [pid 6184] +++ exited with 0 +++ [pid 5829] getdents64(3, [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6184, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./69") = 0 [pid 5829] mkdir("./70", 0777 [pid 6185] <... link resumed>) = 0 [pid 6185] sync( [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] <... ioctl resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5829] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 6186] <... mount resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6187] close(3 [pid 5831] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6187] <... close resumed>) = 0 [pid 6186] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 6187] close(4) = 0 [pid 6187] mkdir("./file1", 0777 [pid 6186] <... openat resumed>) = 3 [ 121.480393][ T6187] loop2: detected capacity change from 0 to 1024 [pid 6186] chdir("./file1" [pid 6185] <... sync resumed>) = 0 [pid 6186] <... chdir resumed>) = 0 [pid 6186] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6185] exit_group(0 [pid 6187] <... mkdir resumed>) = 0 [pid 6186] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6186] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6185] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6188 attached [pid 6185] +++ exited with 0 +++ [pid 6188] set_robust_list(0x5555934ed660, 24 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6185, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6188] <... set_robust_list resumed>) = 0 [pid 6187] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6188 [pid 6188] chdir("./70" [pid 5831] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6188] <... chdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6188] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] newfstatat(AT_FDCWD, "./62/file1", [pid 6188] <... prctl resumed>) = 0 [pid 6188] setpgid(0, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6188] <... setpgid resumed>) = 0 [pid 6186] <... link resumed>) = 0 [pid 5831] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6186] sync( [pid 5831] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6188] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 4 [pid 5828] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6188] write(3, "1000", 4 [pid 5831] newfstatat(4, "", [pid 6188] <... write resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6188] close(3 [pid 5831] getdents64(4, [pid 5828] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6188] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... openat resumed>) = 3 [pid 6188] symlink("/dev/binderfs", "./binderfs" [pid 5831] getdents64(4, [pid 5828] newfstatat(3, "", [pid 6188] <... symlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 executing program [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6188] write(1, "executing program\n", 18 [pid 6187] <... mount resumed>) = 0 [pid 5831] close(4 [pid 5828] getdents64(3, [pid 6188] <... write resumed>) = 18 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./62/file1" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6188] memfd_create("syzkaller", 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6188] <... memfd_create resumed>) = 3 [pid 6187] <... openat resumed>) = 3 [pid 5831] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./62/binderfs", [pid 6188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6187] chdir("./file1") = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6188] <... mmap resumed>) = 0x7ff1eb400000 [pid 6187] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6188] <... write resumed>) = 524288 [pid 5831] unlink("./62/binderfs") = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5831] close(3) = 0 [pid 6188] munmap(0x7ff1eb400000, 138412032 [pid 5831] rmdir("./62") = 0 [pid 6187] <... link resumed>) = 0 [pid 5831] mkdir("./63", 0777 [pid 6187] sync( [pid 5828] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... mkdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6186] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6186] exit_group(0 [pid 6188] <... munmap resumed>) = 0 [pid 6186] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6188] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 6186] +++ exited with 0 +++ [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./68/file1" [pid 6188] <... openat resumed>) = 4 [pid 5831] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 6188] ioctl(4, LOOP_SET_FD, 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6186, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./68/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./68") = 0 [pid 5828] mkdir("./69", 0777 [pid 5832] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6187] <... sync resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... openat resumed>) = 3 [pid 6187] exit_group(0 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 6187] <... exit_group resumed>) = ? [pid 5828] close(3./strace-static-x86_64: Process 6189 attached [pid 5832] newfstatat(3, "", [pid 6189] set_robust_list(0x5555934ed660, 24 [pid 6187] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6189 [pid 5828] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6187, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6190 attached [pid 6189] <... set_robust_list resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6189] chdir("./63" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6190] set_robust_list(0x5555934ed660, 24 [pid 6189] <... chdir resumed>) = 0 [pid 5832] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6190 [pid 6189] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6188] <... ioctl resumed>) = 0 [pid 6190] <... set_robust_list resumed>) = 0 [pid 6189] <... prctl resumed>) = 0 [pid 6190] chdir("./69" [pid 6189] setpgid(0, 0 [pid 6190] <... chdir resumed>) = 0 [pid 6189] <... setpgid resumed>) = 0 [pid 5830] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6190] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6190] <... prctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6190] setpgid(0, 0 [pid 6189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... openat resumed>) = 3 [pid 6190] <... setpgid resumed>) = 0 [pid 6189] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 6190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6189] write(3, "1000", 4 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6190] <... openat resumed>) = 3 [pid 6189] <... write resumed>) = 4 [pid 5830] getdents64(3, [pid 6190] write(3, "1000", 4 [pid 6189] close(3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6190] <... write resumed>) = 4 [pid 6189] <... close resumed>) = 0 [pid 6188] close(3 [pid 5830] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6190] close(3 [pid 6189] symlink("/dev/binderfs", "./binderfs" [pid 6188] <... close resumed>) = 0 [pid 5832] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6190] <... close resumed>) = 0 [pid 6190] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6190] write(1, "executing program\n", 18) = 18 [pid 6190] memfd_create("syzkaller", 0) = 3 [pid 6190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [ 121.658787][ T6188] loop1: detected capacity change from 0 to 1024 executing program [pid 6190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6189] <... symlink resumed>) = 0 [pid 6188] close(4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6189] write(1, "executing program\n", 18 [pid 6188] <... close resumed>) = 0 [pid 6189] <... write resumed>) = 18 [pid 6188] mkdir("./file1", 0777 [pid 5832] newfstatat(AT_FDCWD, "./68/file1", [pid 6189] memfd_create("syzkaller", 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6188] <... mkdir resumed>) = 0 [pid 6190] <... write resumed>) = 524288 [pid 6189] <... memfd_create resumed>) = 3 [pid 6188] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./68/file1" [pid 5830] newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 6190] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... close resumed>) = 0 [pid 6190] <... munmap resumed>) = 0 [pid 5832] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./71/file1" [pid 6189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6188] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... rmdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./68/binderfs", [pid 6190] <... openat resumed>) = 4 [pid 6188] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6190] ioctl(4, LOOP_SET_FD, 3 [pid 6188] <... openat resumed>) = 3 [pid 5832] unlink("./68/binderfs" [pid 6189] <... write resumed>) = 524288 [pid 6188] chdir("./file1" [pid 5832] <... unlink resumed>) = 0 [pid 6188] <... chdir resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6188] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./71/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./71" [pid 6188] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./72", 0777 [pid 5832] <... close resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] rmdir("./68" [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] mkdir("./69", 0777 [pid 6188] <... link resumed>) = 0 ./strace-static-x86_64: Process 6191 attached [pid 6191] set_robust_list(0x5555934ed660, 24 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6191 [pid 6191] <... set_robust_list resumed>) = 0 [pid 6191] chdir("./72") = 0 [pid 6188] sync( [pid 6191] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6189] munmap(0x7ff1eb400000, 138412032 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6190] <... ioctl resumed>) = 0 [pid 6189] <... munmap resumed>) = 0 [pid 6190] close(3 [pid 5832] <... openat resumed>) = 3 [pid 6189] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6191] <... prctl resumed>) = 0 [pid 6190] <... close resumed>) = 0 [pid 6191] setpgid(0, 0 [pid 6190] close(4 [pid 6189] <... openat resumed>) = 4 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6189] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... ioctl resumed>) = 0 [pid 6190] <... close resumed>) = 0 [pid 6190] mkdir("./file1", 0777 [pid 6191] <... setpgid resumed>) = 0 [pid 6190] <... mkdir resumed>) = 0 [ 121.782732][ T6190] loop0: detected capacity change from 0 to 1024 [pid 6191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] close(3 [pid 6191] <... openat resumed>) = 3 [pid 6190] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6191] write(3, "1000", 4) = 4 [pid 6191] close(3) = 0 [pid 6191] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6191] write(1, "executing program\n", 18) = 18 [pid 6191] memfd_create("syzkaller", 0) = 3 [pid 5832] <... close resumed>) = 0 [pid 6191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6190] <... mount resumed>) = 0 [pid 6190] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6190] chdir("./file1") = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6190] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6192 attached [pid 6188] <... sync resumed>) = 0 [pid 6189] <... ioctl resumed>) = 0 [pid 6188] exit_group(0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6192 [pid 6189] close(3) = 0 [pid 6188] <... exit_group resumed>) = ? [pid 6189] close(4 [pid 6192] set_robust_list(0x5555934ed660, 24) = 0 [pid 6189] <... close resumed>) = 0 [pid 6191] <... write resumed>) = 524288 [pid 6190] <... link resumed>) = 0 [pid 6190] sync( [pid 6192] chdir("./69" [pid 6189] mkdir("./file1", 0777 [pid 6188] +++ exited with 0 +++ [ 121.830626][ T6189] loop3: detected capacity change from 0 to 1024 [pid 6191] munmap(0x7ff1eb400000, 138412032 [pid 6192] <... chdir resumed>) = 0 [pid 6191] <... munmap resumed>) = 0 [pid 6189] <... mkdir resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6188, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6191] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6191] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6191] ioctl(4, LOOP_CLR_FD) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6192] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... restart_syscall resumed>) = 0 [pid 6192] <... prctl resumed>) = 0 [pid 6192] setpgid(0, 0) = 0 [pid 6191] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5829] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6189] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6191] close(4 [pid 5829] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6191] <... close resumed>) = 0 [pid 6191] close(3 [pid 6192] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 6191] <... close resumed>) = 0 [pid 6192] write(3, "1000", 4 [pid 5829] newfstatat(3, "", [pid 6192] <... write resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6191] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 5829] getdents64(3, [pid 6191] sync( [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6192] close(3 [pid 5829] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6192] <... close resumed>) = 0 [pid 6192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] <... umount2 resumed>) = 0 executing program [pid 6192] write(1, "executing program\n", 18) = 18 [pid 6192] memfd_create("syzkaller", 0 [pid 5829] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6192] <... memfd_create resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6189] <... mount resumed>) = 0 [pid 6192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] newfstatat(AT_FDCWD, "./70/file1", [pid 6189] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6190] <... sync resumed>) = 0 [pid 6189] <... openat resumed>) = 3 [pid 5829] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6190] exit_group(0 [pid 6189] chdir("./file1" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6192] <... mmap resumed>) = 0x7ff1eb400000 [pid 6189] <... chdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6189] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6190] <... exit_group resumed>) = ? [pid 6189] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] newfstatat(4, "", [pid 6190] +++ exited with 0 +++ [pid 6189] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6190, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] close(4 [pid 5828] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./70/file1" [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5829] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./70/binderfs", [pid 6192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./70/binderfs") = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6189] <... link resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6192] <... write resumed>) = 524288 [pid 6191] <... sync resumed>) = 0 [pid 6189] sync( [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5828] newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6191] exit_group(0 [pid 5829] rmdir("./70" [pid 5828] <... openat resumed>) = 4 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 5829] mkdir("./71", 0777 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6191] <... exit_group resumed>) = ? [pid 5829] <... mkdir resumed>) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./69/file1" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6192] munmap(0x7ff1eb400000, 138412032 [pid 6191] +++ exited with 0 +++ [pid 6189] <... sync resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6191, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6192] <... munmap resumed>) = 0 [pid 5830] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 ./strace-static-x86_64: Process 6193 attached [pid 6189] exit_group(0 [pid 5830] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5828] newfstatat(AT_FDCWD, "./69/binderfs", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./72/binderfs") = 0 [pid 5828] unlink("./69/binderfs" [pid 5830] getdents64(3, [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6193 [pid 5828] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(3, [pid 5830] close(3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] close(3 [pid 6192] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] rmdir("./72" [pid 5828] <... close resumed>) = 0 [pid 6189] <... exit_group resumed>) = ? [pid 6193] set_robust_list(0x5555934ed660, 24 [pid 6192] <... openat resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] rmdir("./69" [pid 6193] <... set_robust_list resumed>) = 0 [pid 6192] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... rmdir resumed>) = 0 [pid 6193] chdir("./71" [pid 6189] +++ exited with 0 +++ [pid 5830] mkdir("./73", 0777) = 0 [pid 5828] mkdir("./70", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6193] <... chdir resumed>) = 0 [pid 5830] close(3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6189, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6194 attached [pid 6193] setpgid(0, 0 [pid 5828] <... openat resumed>) = 3 [pid 6193] <... setpgid resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6194 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 6193] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 6194] set_robust_list(0x5555934ed660, 24 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6193] write(3, "1000", 4 [pid 5831] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6195 attached [pid 6194] <... set_robust_list resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6194] chdir("./73" [pid 5831] newfstatat(3, "", [pid 6194] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6193] <... write resumed>) = 4 [pid 6194] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6193] close(3 [pid 5831] getdents64(3, [pid 6195] set_robust_list(0x5555934ed660, 24 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6195 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6193] <... close resumed>) = 0 [pid 6195] <... set_robust_list resumed>) = 0 [pid 6194] <... prctl resumed>) = 0 [pid 6193] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6195] chdir("./70" [pid 6194] setpgid(0, 0 [pid 6195] <... chdir resumed>) = 0 [pid 6194] <... setpgid resumed>) = 0 [pid 6195] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 6195] <... prctl resumed>) = 0 [pid 6194] <... openat resumed>) = 3 [pid 6195] setpgid(0, 0 [pid 6193] <... symlink resumed>) = 0 [pid 6193] write(1, "executing program\n", 18 [pid 6195] <... setpgid resumed>) = 0 [pid 6194] write(3, "1000", 4 [pid 6193] <... write resumed>) = 18 [pid 6192] <... ioctl resumed>) = 0 [pid 6195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6193] memfd_create("syzkaller", 0 [pid 6192] close(3 [pid 6193] <... memfd_create resumed>) = 3 [pid 6192] <... close resumed>) = 0 [pid 6192] close(4 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6195] write(3, "1000", 4 [pid 6192] <... close resumed>) = 0 [pid 6193] <... mmap resumed>) = 0x7ff1eb400000 [pid 6195] <... write resumed>) = 4 [pid 6195] close(3 [pid 6194] <... write resumed>) = 4 [pid 6195] <... close resumed>) = 0 [pid 6194] close(3 [pid 6195] symlink("/dev/binderfs", "./binderfs" [pid 6194] <... close resumed>) = 0 executing program executing program [pid 6195] <... symlink resumed>) = 0 [pid 6194] symlink("/dev/binderfs", "./binderfs" [pid 6192] mkdir("./file1", 0777 [pid 6195] write(1, "executing program\n", 18 [pid 6194] <... symlink resumed>) = 0 [pid 6195] <... write resumed>) = 18 [pid 6194] write(1, "executing program\n", 18 [pid 6195] memfd_create("syzkaller", 0 [pid 6194] <... write resumed>) = 18 [pid 6195] <... memfd_create resumed>) = 3 [pid 6194] memfd_create("syzkaller", 0 [pid 6195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6194] <... memfd_create resumed>) = 3 [pid 6195] <... mmap resumed>) = 0x7ff1eb400000 [pid 6194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6192] <... mkdir resumed>) = 0 [pid 6193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [ 122.034318][ T6192] loop4: detected capacity change from 0 to 1024 [pid 6192] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 6193] <... write resumed>) = 524288 [pid 5831] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6195] <... write resumed>) = 524288 [pid 6193] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6193] <... munmap resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./63/file1", [pid 6193] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6194] <... write resumed>) = 524288 [pid 6193] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6193] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6195] munmap(0x7ff1eb400000, 138412032 [pid 5831] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6195] <... munmap resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 6195] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6194] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6195] <... openat resumed>) = 4 [pid 6194] <... munmap resumed>) = 0 [pid 5831] getdents64(4, [pid 6195] ioctl(4, LOOP_SET_FD, 3 [pid 6194] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6195] <... ioctl resumed>) = 0 [pid 6194] <... openat resumed>) = 4 [pid 6192] <... mount resumed>) = 0 [pid 5831] getdents64(4, [pid 6192] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 6192] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 6192] chdir("./file1" [pid 5831] rmdir("./63/file1") = 0 [pid 6192] <... chdir resumed>) = 0 [pid 5831] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./63/binderfs", [pid 6194] ioctl(4, LOOP_SET_FD, 3 [pid 6193] <... ioctl resumed>) = 0 [pid 6192] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6193] close(3 [pid 6192] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] unlink("./63/binderfs") = 0 [pid 5831] getdents64(3, [pid 6193] <... close resumed>) = 0 [pid 6192] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6193] close(4 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6193] <... close resumed>) = 0 [pid 5831] close(3 [pid 6193] mkdir("./file1", 0777 [pid 5831] <... close resumed>) = 0 [pid 6195] close(3) = 0 [pid 6195] close(4) = 0 [pid 6195] mkdir("./file1", 0777 [pid 6193] <... mkdir resumed>) = 0 [pid 5831] rmdir("./63" [pid 6193] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6195] <... mkdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6195] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] mkdir("./64", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6194] <... ioctl resumed>) = 0 [pid 6195] <... mount resumed>) = 0 [pid 6192] <... link resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6192] sync( [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6195] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6194] close(3 [pid 5831] <... ioctl resumed>) = 0 [ 122.117038][ T6193] loop1: detected capacity change from 0 to 1024 [ 122.131496][ T6195] loop0: detected capacity change from 0 to 1024 [ 122.147505][ T6194] loop2: detected capacity change from 0 to 1024 [pid 6195] <... openat resumed>) = 3 [pid 6194] <... close resumed>) = 0 [pid 6193] <... mount resumed>) = 0 [pid 5831] close(3 [pid 6193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 6193] <... openat resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6195] chdir("./file1") = 0 ./strace-static-x86_64: Process 6196 attached [pid 6195] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6193] chdir("./file1" [pid 6195] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6193] <... chdir resumed>) = 0 [pid 6195] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6193] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6196] set_robust_list(0x5555934ed660, 24 [pid 6194] close(4 [pid 6193] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6196 [pid 6196] <... set_robust_list resumed>) = 0 [pid 6194] <... close resumed>) = 0 [pid 6193] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6196] chdir("./64" [pid 6194] mkdir("./file1", 0777) = 0 [pid 6194] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6196] <... chdir resumed>) = 0 [pid 6195] <... link resumed>) = 0 [pid 6195] sync( [pid 6196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6196] setpgid(0, 0) = 0 [pid 6196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6193] <... link resumed>) = 0 [pid 6193] sync( [pid 6196] <... openat resumed>) = 3 [pid 6196] write(3, "1000", 4 [pid 6194] <... mount resumed>) = 0 [pid 6196] <... write resumed>) = 4 [pid 6196] close(3) = 0 [pid 6196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6194] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6194] chdir("./file1") = 0 [pid 6196] write(1, "executing program\n", 18 [pid 6194] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) executing program [pid 6194] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6192] <... sync resumed>) = 0 [pid 6196] <... write resumed>) = 18 [pid 6192] exit_group(0 [pid 6196] memfd_create("syzkaller", 0 [pid 6192] <... exit_group resumed>) = ? [pid 6196] <... memfd_create resumed>) = 3 [pid 6192] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6192, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6194] <... link resumed>) = 0 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6194] sync( [pid 6196] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 6196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6195] <... sync resumed>) = 0 [pid 6193] <... sync resumed>) = 0 [pid 6195] exit_group(0 [pid 6193] exit_group(0 [pid 6195] <... exit_group resumed>) = ? [pid 6195] +++ exited with 0 +++ [pid 6193] <... exit_group resumed>) = ? [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6195, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6194] <... sync resumed>) = 0 [pid 5828] getdents64(3, [pid 6194] exit_group(0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6194] <... exit_group resumed>) = ? [pid 6196] <... write resumed>) = 524288 [pid 6194] +++ exited with 0 +++ [pid 6193] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6194, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6193, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... umount2 resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(3, "", [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(4, "", [pid 5830] getdents64(3, [pid 5829] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6196] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] getdents64(4, [pid 5830] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6196] <... munmap resumed>) = 0 [pid 5828] getdents64(4, [pid 6196] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6196] <... openat resumed>) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3 [pid 5828] close(4) = 0 [pid 5828] rmdir("./70/file1") = 0 [pid 5832] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./70/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5832] openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] rmdir("./70" [pid 5832] <... openat resumed>) = 4 [pid 5828] <... rmdir resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] mkdir("./71", 0777 [pid 5832] getdents64(4, [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... umount2 resumed>) = 0 [pid 6196] <... ioctl resumed>) = 0 [pid 5832] getdents64(4, [pid 5830] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5832] close(4 [pid 5830] newfstatat(AT_FDCWD, "./73/file1", [pid 5829] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./69/file1" [pid 5830] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./71/file1", [pid 5828] <... ioctl resumed>) = 0 [pid 6196] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6196] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] close(3 [pid 6196] close(4 [pid 5830] <... openat resumed>) = 4 [pid 5829] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 6196] <... close resumed>) = 0 [pid 5832] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 6196] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6197 attached [pid 6196] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(AT_FDCWD, "./69/binderfs", [pid 5830] getdents64(4, [pid 5829] <... openat resumed>) = 4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] unlink("./69/binderfs" [pid 5830] getdents64(4, [pid 5829] newfstatat(4, "", [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6196] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] getdents64(3, [pid 5830] close(4 [pid 5829] getdents64(4, [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6197 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] close(3 [pid 5830] rmdir("./73/file1" [pid 5829] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] rmdir("./69" [pid 5830] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(4 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./71/file1" [pid 5830] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5829] <... rmdir resumed>) = 0 [pid 5832] mkdir("./70", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] unlink("./73/binderfs" [pid 5829] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./71/binderfs" [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] getdents64(3, [pid 5829] <... unlink resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [ 122.346420][ T6196] loop3: detected capacity change from 0 to 1024 [pid 5830] close(3 [pid 6197] set_robust_list(0x5555934ed660, 24 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] getdents64(3, [pid 6197] <... set_robust_list resumed>) = 0 [pid 6197] chdir("./71" [pid 5830] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] rmdir("./73" [pid 5829] close(3 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6197] <... chdir resumed>) = 0 [pid 6196] <... mount resumed>) = 0 [pid 6196] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] rmdir("./71" [pid 6197] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6196] <... openat resumed>) = 3 [pid 5832] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 6197] <... prctl resumed>) = 0 [pid 6196] chdir("./file1" [pid 6197] setpgid(0, 0 [pid 6196] <... chdir resumed>) = 0 [pid 5830] mkdir("./74", 0777 [pid 6197] <... setpgid resumed>) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6196] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... mkdir resumed>) = 0 [pid 5829] mkdir("./72", 0777 [pid 6196] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6197] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6197] write(3, "1000", 4 [pid 5829] <... openat resumed>) = 3 [pid 6197] <... write resumed>) = 4 [pid 6197] close(3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... ioctl resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5830] close(3 [pid 5829] <... close resumed>) = 0 [pid 6197] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6197] symlink("/dev/binderfs", "./binderfs" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6198 attached [pid 6197] <... symlink resumed>) = 0 executing program [pid 6197] write(1, "executing program\n", 18./strace-static-x86_64: Process 6199 attached ) = 18 [pid 6197] memfd_create("syzkaller", 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6198 [pid 6199] set_robust_list(0x5555934ed660, 24 [pid 6198] set_robust_list(0x5555934ed660, 24 [pid 6197] <... memfd_create resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 6199] <... set_robust_list resumed>) = 0 [pid 6198] <... set_robust_list resumed>) = 0 [pid 6199] chdir("./72" [pid 6198] chdir("./74" [pid 6197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6196] <... link resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6199 [pid 6199] <... chdir resumed>) = 0 [pid 6198] <... chdir resumed>) = 0 [pid 6199] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6198] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6199] <... prctl resumed>) = 0 [pid 6198] <... prctl resumed>) = 0 [pid 6198] setpgid(0, 0) = 0 [pid 6197] <... mmap resumed>) = 0x7ff1eb400000 [pid 6196] sync( [pid 6198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6199] setpgid(0, 0 [pid 6198] <... openat resumed>) = 3 [pid 6199] <... setpgid resumed>) = 0 [pid 6199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6198] write(3, "1000", 4 [pid 6199] <... openat resumed>) = 3 [pid 6198] <... write resumed>) = 4 [pid 6198] close(3) = 0 [pid 6198] symlink("/dev/binderfs", "./binderfs" [pid 6199] write(3, "1000", 4 [pid 6198] <... symlink resumed>) = 0 [pid 6199] <... write resumed>) = 4 [pid 6199] close(3 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6198] write(1, "executing program\n", 18 [pid 6197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288executing program ./strace-static-x86_64: Process 6200 attached [pid 6199] <... close resumed>) = 0 [pid 6198] <... write resumed>) = 18 [pid 6198] memfd_create("syzkaller", 0 executing program [pid 6199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6200 [pid 6198] <... memfd_create resumed>) = 3 [pid 6199] write(1, "executing program\n", 18 [pid 6198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6199] <... write resumed>) = 18 [pid 6198] <... mmap resumed>) = 0x7ff1eb400000 [pid 6199] memfd_create("syzkaller", 0 [pid 6200] set_robust_list(0x5555934ed660, 24 [pid 6198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6199] <... memfd_create resumed>) = 3 [pid 6200] <... set_robust_list resumed>) = 0 [pid 6200] chdir("./70" [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6200] <... chdir resumed>) = 0 [pid 6200] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6197] <... write resumed>) = 524288 [pid 6196] <... sync resumed>) = 0 [pid 6196] exit_group(0 [pid 6200] <... prctl resumed>) = 0 [pid 6200] setpgid(0, 0) = 0 [pid 6200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6200] <... openat resumed>) = 3 [pid 6198] <... write resumed>) = 524288 [pid 6196] <... exit_group resumed>) = ? [pid 6200] write(3, "1000", 4 [pid 6199] <... write resumed>) = 524288 [pid 6196] +++ exited with 0 +++ [pid 6200] <... write resumed>) = 4 [pid 6200] close(3) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6196, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6200] symlink("/dev/binderfs", "./binderfs" [pid 6197] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6200] <... symlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6197] <... munmap resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6200] write(1, "executing program\n", 18) = 18 [pid 6200] memfd_create("syzkaller", 0) = 3 [pid 6200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6198] munmap(0x7ff1eb400000, 138412032 [pid 6200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6198] <... munmap resumed>) = 0 [pid 6199] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6198] ioctl(4, LOOP_SET_FD, 3 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 6199] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6197] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6199] <... openat resumed>) = 4 [pid 6197] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(3, [pid 6199] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6200] <... write resumed>) = 524288 [pid 6200] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6199] <... ioctl resumed>) = 0 [pid 6198] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6198] close(3) = 0 [pid 6200] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6199] close(3 [pid 6198] close(4 [pid 6199] <... close resumed>) = 0 [pid 6198] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6200] <... openat resumed>) = 4 [pid 6199] close(4 [pid 6198] mkdir("./file1", 0777 [pid 6199] <... close resumed>) = 0 [pid 6198] <... mkdir resumed>) = 0 [pid 6200] ioctl(4, LOOP_SET_FD, 3 [pid 6199] mkdir("./file1", 0777 [ 122.539495][ T6198] loop2: detected capacity change from 0 to 1024 [ 122.548367][ T6199] loop1: detected capacity change from 0 to 1024 [ 122.548388][ T6197] loop0: detected capacity change from 0 to 1024 [pid 5831] newfstatat(AT_FDCWD, "./64/file1", [pid 6199] <... mkdir resumed>) = 0 [pid 6198] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6197] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6197] close(3) = 0 [pid 5831] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6199] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6197] close(4 [pid 5831] <... openat resumed>) = 4 [pid 6197] <... close resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 6197] mkdir("./file1", 0777) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6197] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6200] <... ioctl resumed>) = 0 [pid 5831] close(4 [pid 6200] close(3 [pid 5831] <... close resumed>) = 0 [pid 6200] <... close resumed>) = 0 [pid 6200] close(4) = 0 [pid 5831] rmdir("./64/file1" [pid 6200] mkdir("./file1", 0777) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6198] <... mount resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./64/binderfs") = 0 [pid 6200] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6198] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] getdents64(3, [pid 6198] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6198] chdir("./file1" [pid 6199] <... mount resumed>) = 0 [pid 6198] <... chdir resumed>) = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6199] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6198] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 122.586669][ T6200] loop4: detected capacity change from 0 to 1024 [pid 6199] <... openat resumed>) = 3 [pid 6198] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6197] <... mount resumed>) = 0 [pid 5831] close(3 [pid 6199] chdir("./file1" [pid 6197] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 6199] <... chdir resumed>) = 0 [pid 6197] <... openat resumed>) = 3 [pid 5831] rmdir("./64" [pid 6199] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] <... rmdir resumed>) = 0 [pid 6199] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6197] chdir("./file1" [pid 5831] mkdir("./65", 0777 [pid 6197] <... chdir resumed>) = 0 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 6197] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6197] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6199] <... link resumed>) = 0 [pid 6198] <... link resumed>) = 0 [pid 6198] sync( [pid 6199] sync( [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 6200] <... mount resumed>) = 0 [pid 6200] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6200] chdir("./file1") = 0 [pid 6200] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6200] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... close resumed>) = 0 [pid 6197] <... link resumed>) = 0 [pid 6200] <... link resumed>) = 0 [pid 6197] sync( [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6200] sync(./strace-static-x86_64: Process 6201 attached [pid 6201] set_robust_list(0x5555934ed660, 24 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6201 [pid 6201] <... set_robust_list resumed>) = 0 [pid 6201] chdir("./65") = 0 [pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6201] setpgid(0, 0) = 0 [pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6197] <... sync resumed>) = 0 [pid 6198] <... sync resumed>) = 0 [pid 6199] <... sync resumed>) = 0 [pid 6200] <... sync resumed>) = 0 [pid 6199] exit_group(0 [pid 6198] exit_group(0 [pid 6197] exit_group(0 [pid 6201] <... openat resumed>) = 3 [pid 6200] exit_group(0 [pid 6199] <... exit_group resumed>) = ? [pid 6198] <... exit_group resumed>) = ? [pid 6197] <... exit_group resumed>) = ? [pid 6201] write(3, "1000", 4 [pid 6200] <... exit_group resumed>) = ? [pid 6197] +++ exited with 0 +++ [pid 6201] <... write resumed>) = 4 [pid 6200] +++ exited with 0 +++ [pid 6198] +++ exited with 0 +++ [pid 6201] close(3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6197, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6201] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6200, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6198, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6201] symlink("/dev/binderfs", "./binderfs" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6201] <... symlink resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... restart_syscall resumed>) = 0 [pid 6201] write(1, "executing program\n", 18 [pid 6199] +++ exited with 0 +++ executing program [pid 5830] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6201] <... write resumed>) = 18 [pid 5830] <... openat resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6199, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6201] memfd_create("syzkaller", 0 [pid 5832] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", [pid 6201] <... memfd_create resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 6201] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... openat resumed>) = 3 [pid 5829] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(3, "", [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(3, [pid 5830] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] newfstatat(3, "", [pid 5832] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(3, "", [pid 5828] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] getdents64(3, [pid 5828] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 6201] <... write resumed>) = 524288 [pid 5828] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 4 [pid 5829] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(4, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./70/file1", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(AT_FDCWD, "./72/file1", [pid 5828] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(4, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./71/file1", [pid 5832] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] close(4 [pid 5829] openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 4 [pid 5830] <... close resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5830] rmdir("./74/file1" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5830] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5830] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5828] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] close(4 [pid 5830] unlink("./74/binderfs" [pid 5828] newfstatat(4, "", [pid 5832] <... close resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5832] rmdir("./70/file1" [pid 5829] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6201] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] getdents64(3, [pid 6201] <... munmap resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5828] getdents64(4, [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6201] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] close(3 [pid 5829] getdents64(4, [pid 5828] getdents64(4, [pid 6201] <... openat resumed>) = 4 [pid 5832] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6201] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./74" [pid 5829] getdents64(4, [pid 5828] close(4) = 0 [pid 5828] rmdir("./71/file1") = 0 [pid 5828] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(AT_FDCWD, "./70/binderfs", [pid 5830] <... rmdir resumed>) = 0 [pid 5829] close(4 [pid 5828] unlink("./71/binderfs" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5832] unlink("./70/binderfs" [pid 5829] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5832] <... unlink resumed>) = 0 [pid 5829] rmdir("./72/file1" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] mkdir("./75", 0777 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] close(3 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./71" [pid 5832] getdents64(3, [pid 5829] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... rmdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5828] mkdir("./72", 0777 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] unlink("./72/binderfs" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] rmdir("./70" [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] close(3 [pid 5829] getdents64(3, [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] close(3 [pid 5828] close(3./strace-static-x86_64: Process 6202 attached [pid 5832] mkdir("./71", 0777 [pid 5829] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5829] rmdir("./72" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6203 attached [pid 6202] set_robust_list(0x5555934ed660, 24 [pid 6201] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6202 [pid 5829] mkdir("./73", 0777 [pid 6203] set_robust_list(0x5555934ed660, 24 [pid 6202] <... set_robust_list resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6203 [pid 6203] <... set_robust_list resumed>) = 0 [pid 6202] chdir("./75" [pid 6201] close(3 [pid 5832] <... openat resumed>) = 3 [pid 6203] chdir("./72") = 0 [pid 6202] <... chdir resumed>) = 0 [pid 6201] <... close resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6203] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6202] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6201] close(4 [pid 5832] <... ioctl resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6203] <... prctl resumed>) = 0 [pid 6202] <... prctl resumed>) = 0 [pid 6201] <... close resumed>) = 0 [pid 5832] close(3 [pid 5829] <... openat resumed>) = 3 [pid 6203] setpgid(0, 0 [pid 6201] mkdir("./file1", 0777 [pid 5832] <... close resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6203] <... setpgid resumed>) = 0 [pid 6201] <... mkdir resumed>) = 0 [ 122.857055][ T6201] loop3: detected capacity change from 0 to 1024 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6204 attached [pid 6204] set_robust_list(0x5555934ed660, 24 [pid 6203] <... openat resumed>) = 3 [pid 6202] setpgid(0, 0 [pid 6201] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... ioctl resumed>) = 0 [pid 6203] write(3, "1000", 4 [pid 6202] <... setpgid resumed>) = 0 [pid 5829] close(3 [pid 6204] <... set_robust_list resumed>) = 0 [pid 6203] <... write resumed>) = 4 [pid 6202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6204 [pid 5829] <... close resumed>) = 0 [pid 6204] chdir("./71" [pid 6203] close(3 [pid 6202] <... openat resumed>) = 3 [pid 6204] <... chdir resumed>) = 0 [pid 6202] write(3, "1000", 4 [pid 6204] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6202] <... write resumed>) = 4 [pid 6203] <... close resumed>) = 0 [pid 6204] <... prctl resumed>) = 0 [pid 6202] close(3executing program [pid 6204] setpgid(0, 0 [pid 6203] symlink("/dev/binderfs", "./binderfs" [pid 6202] <... close resumed>) = 0 [pid 6204] <... setpgid resumed>) = 0 [pid 6203] <... symlink resumed>) = 0 [pid 6202] symlink("/dev/binderfs", "./binderfs" [pid 6203] write(1, "executing program\n", 18 [pid 6202] <... symlink resumed>) = 0 [pid 6203] <... write resumed>) = 18 [pid 6204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6203] memfd_create("syzkaller", 0 [pid 6202] write(1, "executing program\n", 18 [pid 6203] <... memfd_create resumed>) = 3 executing program [pid 6204] <... openat resumed>) = 3 [pid 6202] <... write resumed>) = 18 [pid 6203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6202] memfd_create("syzkaller", 0 [pid 6204] write(3, "1000", 4) = 4 [pid 6204] close(3 [pid 6203] <... mmap resumed>) = 0x7ff1eb400000 [pid 6202] <... memfd_create resumed>) = 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6204] <... close resumed>) = 0 [pid 6202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6204] symlink("/dev/binderfs", "./binderfs" [pid 6202] <... mmap resumed>) = 0x7ff1eb400000 ./strace-static-x86_64: Process 6205 attached [pid 6204] <... symlink resumed>) = 0 [pid 6202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288executing program [pid 6204] write(1, "executing program\n", 18) = 18 [pid 6204] memfd_create("syzkaller", 0 [pid 6205] set_robust_list(0x5555934ed660, 24 [pid 6204] <... memfd_create resumed>) = 3 [pid 6205] <... set_robust_list resumed>) = 0 [pid 6204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6205] chdir("./73" [pid 6204] <... mmap resumed>) = 0x7ff1eb400000 [pid 6205] <... chdir resumed>) = 0 [pid 6204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6205] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6202] <... write resumed>) = 524288 [pid 6201] <... mount resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6205 [pid 6205] <... prctl resumed>) = 0 [pid 6201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6205] setpgid(0, 0 [pid 6201] <... openat resumed>) = 3 [pid 6205] <... setpgid resumed>) = 0 [pid 6201] chdir("./file1" [pid 6205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6201] <... chdir resumed>) = 0 [pid 6201] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6205] <... openat resumed>) = 3 [pid 6201] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6205] write(3, "1000", 4 [pid 6201] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6205] <... write resumed>) = 4 [pid 6205] close(3 [pid 6203] <... write resumed>) = 524288 [pid 6205] <... close resumed>) = 0 [pid 6205] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6202] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6204] <... write resumed>) = 524288 [pid 6205] write(1, "executing program\n", 18) = 18 [pid 6201] <... link resumed>) = 0 [pid 6205] memfd_create("syzkaller", 0 [pid 6201] sync( [pid 6205] <... memfd_create resumed>) = 3 [pid 6202] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6202] <... openat resumed>) = 4 [pid 6205] <... mmap resumed>) = 0x7ff1eb400000 [pid 6204] munmap(0x7ff1eb400000, 138412032 [pid 6203] munmap(0x7ff1eb400000, 138412032 [pid 6202] ioctl(4, LOOP_SET_FD, 3 [pid 6204] <... munmap resumed>) = 0 [pid 6203] <... munmap resumed>) = 0 [pid 6202] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6203] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6202] ioctl(4, LOOP_CLR_FD [pid 6204] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6203] <... openat resumed>) = 4 [pid 6202] <... ioctl resumed>) = 0 [pid 6204] <... openat resumed>) = 4 [pid 6204] ioctl(4, LOOP_SET_FD, 3 [pid 6203] ioctl(4, LOOP_SET_FD, 3 [pid 6202] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6202] close(4) = 0 [pid 6202] close(3) = 0 [pid 6201] <... sync resumed>) = 0 [pid 6201] exit_group(0) = ? [pid 6202] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6205] <... write resumed>) = 524288 [pid 6202] sync( [pid 6205] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6202] <... sync resumed>) = 0 [pid 6201] +++ exited with 0 +++ [ 123.022434][ T6204] loop4: detected capacity change from 0 to 1024 [ 123.029792][ T6203] loop0: detected capacity change from 0 to 1024 [pid 6204] <... ioctl resumed>) = 0 [pid 6203] <... ioctl resumed>) = 0 [pid 6202] exit_group(0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6201, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6203] close(3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6203] <... close resumed>) = 0 [pid 6202] <... exit_group resumed>) = ? [pid 6205] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6203] close(4 [pid 5831] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6204] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6205] <... openat resumed>) = 4 [pid 6204] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6205] ioctl(4, LOOP_SET_FD, 3 [pid 6204] close(4 [pid 6202] +++ exited with 0 +++ [pid 5831] <... openat resumed>) = 3 [pid 6203] <... close resumed>) = 0 [pid 6203] mkdir("./file1", 0777 [pid 5831] newfstatat(3, "", [pid 6204] <... close resumed>) = 0 [pid 6203] <... mkdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6202, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6204] mkdir("./file1", 0777 [pid 6203] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6204] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6204] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6204] <... mount resumed>) = 0 [pid 5830] unlink("./75/binderfs") = 0 [pid 6204] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 6204] chdir("./file1" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6204] <... chdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./65/file1", [pid 5830] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6204] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 6205] <... ioctl resumed>) = 0 [pid 6204] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./75" [pid 6204] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6205] close(3 [pid 5831] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... rmdir resumed>) = 0 [pid 6205] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 6205] close(4 [pid 5831] newfstatat(4, "", [pid 6205] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] mkdir("./76", 0777 [pid 6205] mkdir("./file1", 0777 [pid 6203] <... mount resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] <... mkdir resumed>) = 0 [ 123.065999][ T6205] loop1: detected capacity change from 0 to 1024 [pid 6205] <... mkdir resumed>) = 0 [pid 6203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6205] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6203] <... openat resumed>) = 3 [pid 5831] close(4 [pid 5830] close(3 [pid 6203] chdir("./file1") = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] rmdir("./65/file1" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6206 attached [pid 6203] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 6203] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6203] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6206] set_robust_list(0x5555934ed660, 24 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6206 [pid 5831] newfstatat(AT_FDCWD, "./65/binderfs", [pid 6206] <... set_robust_list resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6206] chdir("./76" [pid 5831] unlink("./65/binderfs" [pid 6206] <... chdir resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 6206] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] getdents64(3, [pid 6206] <... prctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6206] setpgid(0, 0 [pid 5831] close(3 [pid 6206] <... setpgid resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6204] <... link resumed>) = 0 [pid 5831] rmdir("./65") = 0 [pid 6206] <... openat resumed>) = 3 [pid 6204] sync( [pid 6206] write(3, "1000", 4 [pid 5831] mkdir("./66", 0777 [pid 6206] <... write resumed>) = 4 [pid 5831] <... mkdir resumed>) = 0 [pid 6206] close(3) = 0 [pid 6206] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6206] write(1, "executing program\n", 18) = 18 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6206] memfd_create("syzkaller", 0 [pid 5831] <... openat resumed>) = 3 [pid 6206] <... memfd_create resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6205] <... mount resumed>) = 0 [pid 6203] <... link resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 6206] <... mmap resumed>) = 0x7ff1eb400000 [pid 6205] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6203] sync( [pid 6205] <... openat resumed>) = 3 [pid 6205] chdir("./file1") = 0 [pid 6206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6205] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] <... close resumed>) = 0 [pid 6205] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6207 attached [pid 6207] set_robust_list(0x5555934ed660, 24 [pid 6204] <... sync resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6207 [pid 6207] <... set_robust_list resumed>) = 0 [pid 6206] <... write resumed>) = 524288 [pid 6205] <... link resumed>) = 0 [pid 6204] exit_group(0 [pid 6207] chdir("./66") = 0 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6207] setpgid(0, 0 [pid 6204] <... exit_group resumed>) = ? [pid 6204] +++ exited with 0 +++ [pid 6207] <... setpgid resumed>) = 0 [pid 6205] sync( [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6204, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6207] <... openat resumed>) = 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6207] symlink("/dev/binderfs", "./binderfs" [pid 6203] <... sync resumed>) = 0 [pid 5832] newfstatat(3, "", executing program [pid 6207] <... symlink resumed>) = 0 [pid 6203] exit_group(0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6206] munmap(0x7ff1eb400000, 138412032 [pid 6205] <... sync resumed>) = 0 [pid 5832] getdents64(3, [pid 6207] write(1, "executing program\n", 18 [pid 6206] <... munmap resumed>) = 0 [pid 6205] exit_group(0 [pid 6207] <... write resumed>) = 18 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6207] memfd_create("syzkaller", 0 [pid 6203] <... exit_group resumed>) = ? [pid 5832] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6203] +++ exited with 0 +++ [pid 6207] <... memfd_create resumed>) = 3 [pid 6205] <... exit_group resumed>) = ? [pid 6207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6205] +++ exited with 0 +++ [pid 6207] <... mmap resumed>) = 0x7ff1eb400000 [pid 6206] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6205, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6203, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6206] <... openat resumed>) = 4 [pid 6206] ioctl(4, LOOP_SET_FD, 3 [pid 5828] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(3, "", [pid 5828] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] getdents64(3, [pid 5828] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6207] <... write resumed>) = 524288 [pid 5832] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6206] <... ioctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6206] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6206] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./71/file1", [pid 6206] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6206] <... close resumed>) = 0 [pid 5832] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6207] munmap(0x7ff1eb400000, 138412032 [pid 6206] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6207] <... munmap resumed>) = 0 [pid 6206] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6207] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6206] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(4, "", [pid 5829] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(AT_FDCWD, "./72/file1", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(4, [pid 5829] newfstatat(AT_FDCWD, "./73/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5829] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [ 123.249947][ T6206] loop2: detected capacity change from 0 to 1024 [pid 5832] rmdir("./71/file1") = 0 [pid 6207] <... openat resumed>) = 4 [pid 6206] <... mount resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6207] ioctl(4, LOOP_SET_FD, 3 [pid 6206] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6206] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 4 [pid 6206] chdir("./file1" [pid 5829] newfstatat(4, "", [pid 5828] newfstatat(4, "", [pid 6206] <... chdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 5828] getdents64(4, [pid 6206] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6206] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] unlink("./71/binderfs" [pid 6206] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... unlink resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] getdents64(4, [pid 5832] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5828] close(4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] close(3) = 0 [pid 5828] rmdir("./72/file1" [pid 5832] rmdir("./71" [pid 6206] <... link resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6206] sync( [pid 5832] mkdir("./72", 0777) = 0 [pid 5829] rmdir("./73/file1" [pid 5828] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6207] <... ioctl resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6207] close(3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6207] <... close resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 6207] close(4 [pid 5832] close(3 [pid 5828] unlink("./72/binderfs" [pid 6207] <... close resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6207] mkdir("./file1", 0777 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... unlink resumed>) = 0 [pid 5829] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, ./strace-static-x86_64: Process 6208 attached [pid 6207] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6206] <... sync resumed>) = 0 [pid 6206] exit_group(0 [pid 5829] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5828] close(3 [pid 6206] <... exit_group resumed>) = ? [pid 6206] +++ exited with 0 +++ [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 6208] set_robust_list(0x5555934ed660, 24 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6206, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6207] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6208] <... set_robust_list resumed>) = 0 [pid 6208] chdir("./72" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6208 [pid 6208] <... chdir resumed>) = 0 [pid 6208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6208] setpgid(0, 0 [pid 5828] rmdir("./72" [pid 6208] <... setpgid resumed>) = 0 [pid 6208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... rmdir resumed>) = 0 [pid 6208] <... openat resumed>) = 3 [ 123.325545][ T6207] loop3: detected capacity change from 0 to 1024 executing program [pid 6208] write(3, "1000", 4) = 4 [pid 5828] mkdir("./73", 0777 [pid 6208] close(3) = 0 [pid 5829] unlink("./73/binderfs" [pid 5828] <... mkdir resumed>) = 0 [pid 6208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6208] write(1, "executing program\n", 18 [pid 5829] getdents64(3, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6208] <... write resumed>) = 18 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6208] memfd_create("syzkaller", 0 [pid 5828] <... openat resumed>) = 3 [pid 5829] close(3 [pid 6208] <... memfd_create resumed>) = 3 [pid 5830] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] rmdir("./73" [pid 5828] <... ioctl resumed>) = 0 [pid 6208] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] newfstatat(3, "", [pid 6208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] mkdir("./74", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6209 attached [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6210 attached [pid 6209] set_robust_list(0x5555934ed660, 24 [pid 6208] <... write resumed>) = 524288 [pid 6207] <... mount resumed>) = 0 [pid 6210] set_robust_list(0x5555934ed660, 24 [pid 6209] <... set_robust_list resumed>) = 0 [pid 6208] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6209 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6210 [pid 6210] <... set_robust_list resumed>) = 0 [pid 6208] <... munmap resumed>) = 0 [pid 6210] chdir("./73" [pid 6209] chdir("./74" [pid 6210] <... chdir resumed>) = 0 [pid 6209] <... chdir resumed>) = 0 [pid 6207] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6210] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6209] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6208] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6207] chdir("./file1" [pid 6210] <... prctl resumed>) = 0 [pid 6210] setpgid(0, 0 [pid 6207] <... chdir resumed>) = 0 [pid 6210] <... setpgid resumed>) = 0 [pid 6208] <... openat resumed>) = 4 [pid 5830] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6209] <... prctl resumed>) = 0 [pid 6208] ioctl(4, LOOP_SET_FD, 3 [pid 6210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6209] setpgid(0, 0 [pid 6207] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6209] <... setpgid resumed>) = 0 [pid 6207] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6207] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6209] <... openat resumed>) = 3 [pid 6209] write(3, "1000", 4 [pid 5830] newfstatat(AT_FDCWD, "./76/file1", [pid 6210] <... openat resumed>) = 3 [pid 6210] write(3, "1000", 4 [pid 6209] <... write resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6209] close(3) = 0 [pid 6209] symlink("/dev/binderfs", "./binderfs"executing program [pid 6210] <... write resumed>) = 4 [pid 6209] <... symlink resumed>) = 0 [pid 5830] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6210] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6210] <... close resumed>) = 0 [pid 6209] write(1, "executing program\n", 18 [pid 5830] openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6210] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... openat resumed>) = 4 [pid 6209] <... write resumed>) = 18 [pid 6209] memfd_create("syzkaller", 0 [pid 5830] newfstatat(4, "", [pid 6210] <... symlink resumed>) = 0 [pid 6209] <... memfd_create resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6210] write(1, "executing program\n", 18executing program ) = 18 [pid 6207] <... link resumed>) = 0 [pid 5830] getdents64(4, [pid 6209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6207] sync( [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6210] memfd_create("syzkaller", 0 [pid 5830] close(4 [pid 6210] <... memfd_create resumed>) = 3 [pid 6209] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... close resumed>) = 0 [pid 6208] <... ioctl resumed>) = 0 [pid 6208] close(3) = 0 [pid 6208] close(4) = 0 [pid 6208] mkdir("./file1", 0777 [pid 6210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6208] <... mkdir resumed>) = 0 [pid 5830] rmdir("./76/file1" [pid 6210] <... mmap resumed>) = 0x7ff1eb400000 [pid 6208] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./76/binderfs") = 0 [ 123.446546][ T6208] loop4: detected capacity change from 0 to 1024 [pid 6209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6208] <... mount resumed>) = 0 [pid 5830] getdents64(3, [pid 6208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6208] <... openat resumed>) = 3 [pid 5830] close(3 [pid 6208] chdir("./file1" [pid 5830] <... close resumed>) = 0 [pid 6208] <... chdir resumed>) = 0 [pid 5830] rmdir("./76" [pid 6208] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6207] <... sync resumed>) = 0 [pid 6208] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6207] exit_group(0 [pid 5830] <... rmdir resumed>) = 0 [pid 6210] <... write resumed>) = 524288 [pid 6208] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6207] <... exit_group resumed>) = ? [pid 5830] mkdir("./77", 0777 [pid 6209] <... write resumed>) = 524288 [pid 5830] <... mkdir resumed>) = 0 [pid 6210] munmap(0x7ff1eb400000, 138412032 [pid 6207] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6207, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6210] <... munmap resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 6210] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 6209] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5831] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6208] <... link resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6208] sync( [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 6209] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6209] <... openat resumed>) = 4 [pid 5831] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6209] ioctl(4, LOOP_SET_FD, 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6210] <... openat resumed>) = 4 [pid 6210] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6209] <... ioctl resumed>) = 0 [pid 6209] close(3) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./66/file1", [pid 6209] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6209] <... close resumed>) = 0 [pid 5831] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6209] mkdir("./file1", 0777./strace-static-x86_64: Process 6211 attached [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6209] <... mkdir resumed>) = 0 [pid 6211] set_robust_list(0x5555934ed660, 24 [pid 6209] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] getdents64(4, [pid 6211] <... set_robust_list resumed>) = 0 [pid 6211] chdir("./77" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6211 [pid 6211] <... chdir resumed>) = 0 [pid 6211] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] getdents64(4, [pid 6211] <... prctl resumed>) = 0 [pid 6211] setpgid(0, 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6211] <... setpgid resumed>) = 0 [pid 6211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6209] <... mount resumed>) = 0 [pid 6208] <... sync resumed>) = 0 [pid 5831] close(4 [pid 6211] <... openat resumed>) = 3 [pid 6209] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6208] exit_group(0 [pid 5831] <... close resumed>) = 0 [pid 6211] write(3, "1000", 4 [pid 6208] <... exit_group resumed>) = ? [pid 6209] <... openat resumed>) = 3 [pid 5831] rmdir("./66/file1" [pid 6211] <... write resumed>) = 4 [pid 6209] chdir("./file1" [pid 6208] +++ exited with 0 +++ [pid 5831] <... rmdir resumed>) = 0 [pid 6211] close(3 [pid 6209] <... chdir resumed>) = 0 [pid 5831] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6211] <... close resumed>) = 0 [pid 6209] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6208, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6211] symlink("/dev/binderfs", "./binderfs" [pid 6209] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./66/binderfs", [pid 6211] <... symlink resumed>) = 0 [pid 6209] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] unlink("./66/binderfs" [pid 5832] <... openat resumed>) = 3 [pid 5831] <... unlink resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6211] write(1, "executing program\n", 18 [pid 5832] getdents64(3, [ 123.557273][ T6209] loop1: detected capacity change from 0 to 1024 [ 123.591705][ T6210] loop0: detected capacity change from 0 to 1024 [pid 5831] close(3 [pid 6211] <... write resumed>) = 18 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... close resumed>) = 0 [pid 6210] <... ioctl resumed>) = 0 [pid 5832] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./66" [pid 6211] memfd_create("syzkaller", 0 [pid 6210] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 6211] <... memfd_create resumed>) = 3 [pid 6210] <... close resumed>) = 0 [pid 6209] <... link resumed>) = 0 [pid 5831] mkdir("./67", 0777 [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6210] close(4 [pid 6209] sync( [pid 6211] <... mmap resumed>) = 0x7ff1eb400000 [pid 6210] <... close resumed>) = 0 [pid 6211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6210] mkdir("./file1", 0777 [pid 5831] <... mkdir resumed>) = 0 [pid 6210] <... mkdir resumed>) = 0 [pid 6210] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FDexecuting program ) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6212 attached [pid 6212] set_robust_list(0x5555934ed660, 24) = 0 [pid 6212] chdir("./67") = 0 [pid 6212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6212] setpgid(0, 0) = 0 [pid 6212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6212] write(3, "1000", 4) = 4 [pid 6212] close(3) = 0 [pid 6212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6212] write(1, "executing program\n", 18 [pid 6211] <... write resumed>) = 524288 [pid 6212] <... write resumed>) = 18 [pid 6212] memfd_create("syzkaller", 0 [pid 6211] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6212 [pid 6211] <... munmap resumed>) = 0 [pid 6212] <... memfd_create resumed>) = 3 [pid 5832] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./72/file1", [pid 6212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6212] <... mmap resumed>) = 0x7ff1eb400000 [pid 6212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6210] <... mount resumed>) = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5832] newfstatat(4, "", [pid 6210] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6210] <... openat resumed>) = 3 [pid 6211] ioctl(4, LOOP_SET_FD, 3 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 6210] chdir("./file1") = 0 [pid 6210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6210] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./72/file1") = 0 [pid 6209] <... sync resumed>) = 0 [pid 5832] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6209] exit_group(0 [pid 5832] unlink("./72/binderfs" [pid 6209] <... exit_group resumed>) = ? [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 6210] <... link resumed>) = 0 [pid 5832] rmdir("./72" [pid 6210] sync( [pid 5832] <... rmdir resumed>) = 0 [pid 6212] <... write resumed>) = 524288 [pid 6209] +++ exited with 0 +++ [pid 5832] mkdir("./73", 0777 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6209, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6211] <... ioctl resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6211] close(3 [pid 5829] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6211] <... close resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 6212] munmap(0x7ff1eb400000, 138412032 [pid 6211] close(4) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6211] mkdir("./file1", 0777) = 0 [pid 6211] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6212] <... munmap resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6212] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6211] <... mount resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] <... umount2 resumed>) = 0 [pid 6211] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... ioctl resumed>) = 0 [ 123.718744][ T6211] loop2: detected capacity change from 0 to 1024 [pid 6212] ioctl(4, LOOP_SET_FD, 3 [pid 6211] <... openat resumed>) = 3 [pid 6210] <... sync resumed>) = 0 [pid 5832] close(3 [pid 6212] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6211] chdir("./file1" [pid 6210] exit_group(0 [pid 5829] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 6212] ioctl(4, LOOP_CLR_FD [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6212] <... ioctl resumed>) = 0 [pid 6211] <... chdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6211] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6210] <... exit_group resumed>) = ? [pid 5829] newfstatat(AT_FDCWD, "./74/file1", ./strace-static-x86_64: Process 6213 attached [pid 6211] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6213] set_robust_list(0x5555934ed660, 24 [pid 6211] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6210] +++ exited with 0 +++ [pid 6212] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6212] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6210, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6212] close(4 [pid 5829] openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6213] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6213 [pid 5828] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6213] chdir("./73" [pid 5828] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6213] <... chdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6213] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] newfstatat(3, "", [pid 6213] <... prctl resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6213] setpgid(0, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6213] <... setpgid resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] getdents64(4, [pid 6213] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6213] write(3, "1000", 4) = 4 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6213] close(3 [pid 5829] close(4) = 0 [pid 6213] <... close resumed>) = 0 [pid 6213] symlink("/dev/binderfs", "./binderfs" [pid 5829] rmdir("./74/file1") = 0 [pid 6213] <... symlink resumed>) = 0 [pid 6212] <... close resumed>) = 0 [pid 6211] <... link resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6213] write(1, "executing program\n", 18 [pid 6212] close(3 [pid 6211] sync( [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6213] <... write resumed>) = 18 [pid 5828] newfstatat(AT_FDCWD, "./73/file1", [pid 6213] memfd_create("syzkaller", 0 [pid 6212] <... close resumed>) = 0 [pid 5829] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6213] <... memfd_create resumed>) = 3 [pid 5828] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6213] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./74/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./74") = 0 [pid 5829] mkdir("./75", 0777 [pid 6212] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 6212] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] getdents64(4, [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6214 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 6214 attached [pid 5828] getdents64(4, [pid 6214] set_robust_list(0x5555934ed660, 24 [pid 6212] sync( [pid 6214] <... set_robust_list resumed>) = 0 [pid 6214] chdir("./75") = 0 [pid 6214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6214] setpgid(0, 0 [pid 6211] <... sync resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 6214] <... setpgid resumed>) = 0 [pid 6211] exit_group(0 [pid 5828] rmdir("./73/file1" [pid 6214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... rmdir resumed>) = 0 [pid 5828] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./73/binderfs", [pid 6214] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./73/binderfs") = 0 [pid 6214] write(3, "1000", 4 [pid 5828] getdents64(3, [pid 6214] <... write resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./73" [pid 6214] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 6214] <... close resumed>) = 0 [pid 6214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] mkdir("./74", 0777 [pid 6212] <... sync resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 executing program [pid 6214] write(1, "executing program\n", 18) = 18 [pid 6214] memfd_create("syzkaller", 0) = 3 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... openat resumed>) = 3 [pid 6214] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6212] exit_group(0 [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6212] <... exit_group resumed>) = ? [pid 6211] <... exit_group resumed>) = ? [pid 6213] <... write resumed>) = 524288 [pid 6213] munmap(0x7ff1eb400000, 138412032 [pid 6212] +++ exited with 0 +++ [pid 6211] +++ exited with 0 +++ ./strace-static-x86_64: Process 6215 attached [pid 6213] <... munmap resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6212, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6215 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6211, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6213] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... restart_syscall resumed>) = 0 [pid 6215] set_robust_list(0x5555934ed660, 24 [pid 6213] <... openat resumed>) = 4 [pid 6215] <... set_robust_list resumed>) = 0 [pid 6213] ioctl(4, LOOP_SET_FD, 3 [pid 6215] chdir("./74") = 0 [pid 6215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6215] setpgid(0, 0) = 0 [pid 6215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6215] write(3, "1000", 4 [pid 5830] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6215] <... write resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6215] close(3 [pid 5830] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6215] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6215] symlink("/dev/binderfs", "./binderfs" [pid 5830] newfstatat(3, "", [pid 6215] <... symlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6215] write(1, "executing program\n", 18 [pid 6214] <... write resumed>) = 524288 [pid 5831] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 6215] <... write resumed>) = 18 [pid 6214] munmap(0x7ff1eb400000, 138412032 [pid 6213] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6215] memfd_create("syzkaller", 0 [pid 6214] <... munmap resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6215] <... memfd_create resumed>) = 3 [pid 6214] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6213] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6214] <... openat resumed>) = 4 [pid 5831] newfstatat(3, "", [pid 6215] <... mmap resumed>) = 0x7ff1eb400000 [pid 6214] ioctl(4, LOOP_SET_FD, 3 [pid 6213] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6213] close(4 [pid 5831] getdents64(3, [pid 5830] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6214] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6213] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5830] newfstatat(AT_FDCWD, "./77/file1", [pid 5831] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./67/binderfs", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6214] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6214] close(4) = 0 [pid 6214] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 123.943018][ T6213] loop4: detected capacity change from 0 to 1024 [pid 5831] unlink("./67/binderfs" [pid 6214] <... close resumed>) = 0 [pid 6213] mkdir("./file1", 0777 [pid 5831] <... unlink resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 6215] <... write resumed>) = 524288 [pid 6213] <... mkdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6214] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6214] sync( [pid 6215] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6214] <... sync resumed>) = 0 [pid 6213] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 6214] exit_group(0 [pid 5831] close(3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6214] <... exit_group resumed>) = ? [pid 5831] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 5831] rmdir("./67" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6214] +++ exited with 0 +++ [pid 5831] <... rmdir resumed>) = 0 [pid 5830] close(4 [pid 5831] mkdir("./68", 0777 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6214, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... close resumed>) = 0 [pid 6215] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] rmdir("./77/file1" [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5829] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./75/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] rmdir("./75" [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] newfstatat(AT_FDCWD, "./77/binderfs", [pid 5829] <... rmdir resumed>) = 0 [pid 5831] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] mkdir("./76", 0777 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] unlink("./77/binderfs" [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3) = 0 ./strace-static-x86_64: Process 6216 attached [pid 6215] <... ioctl resumed>) = 0 [pid 6213] <... mount resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6216 [pid 5830] <... unlink resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] getdents64(3, [pid 6216] set_robust_list(0x5555934ed660, 24 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6215] close(3 [pid 5830] close(3 [pid 6215] <... close resumed>) = 0 [pid 6215] close(4 [pid 6216] <... set_robust_list resumed>) = 0 [pid 6215] <... close resumed>) = 0 ./strace-static-x86_64: Process 6217 attached [pid 6215] mkdir("./file1", 0777 [pid 6216] chdir("./68" [pid 6215] <... mkdir resumed>) = 0 [pid 6213] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 6216] <... chdir resumed>) = 0 [pid 6216] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] rmdir("./77" [pid 6213] <... openat resumed>) = 3 [pid 6217] set_robust_list(0x5555934ed660, 24 [pid 6216] <... prctl resumed>) = 0 [pid 6215] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6217 [pid 6217] <... set_robust_list resumed>) = 0 [pid 6216] setpgid(0, 0 [pid 6213] chdir("./file1" [pid 5830] <... rmdir resumed>) = 0 [pid 6217] chdir("./76" [pid 6216] <... setpgid resumed>) = 0 [pid 6213] <... chdir resumed>) = 0 [pid 5830] mkdir("./78", 0777 [pid 6213] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6213] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... openat resumed>) = 3 [ 124.020642][ T6215] loop0: detected capacity change from 0 to 1024 executing program [pid 6217] <... chdir resumed>) = 0 [pid 6216] <... openat resumed>) = 3 [pid 6213] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6217] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6216] write(3, "1000", 4 [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 6217] <... prctl resumed>) = 0 [pid 6216] <... write resumed>) = 4 [pid 6217] setpgid(0, 0 [pid 6216] close(3 [pid 6217] <... setpgid resumed>) = 0 [pid 6216] <... close resumed>) = 0 [pid 6217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6216] symlink("/dev/binderfs", "./binderfs" [pid 6217] <... openat resumed>) = 3 [pid 6216] <... symlink resumed>) = 0 [pid 6215] <... mount resumed>) = 0 [pid 6216] write(1, "executing program\n", 18 [pid 6215] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6217] write(3, "1000", 4 [pid 6216] <... write resumed>) = 18 [pid 6215] <... openat resumed>) = 3 [pid 6217] <... write resumed>) = 4 [pid 6216] memfd_create("syzkaller", 0 [pid 6215] chdir("./file1" [pid 5830] <... close resumed>) = 0 [pid 6217] close(3 [pid 6216] <... memfd_create resumed>) = 3 [pid 6215] <... chdir resumed>) = 0 [pid 6217] <... close resumed>) = 0 [pid 6216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6216] <... mmap resumed>) = 0x7ff1eb400000 [pid 6215] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6217] symlink("/dev/binderfs", "./binderfs" [pid 6215] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6217] <... symlink resumed>) = 0 executing program [pid 6217] write(1, "executing program\n", 18) = 18 [pid 6217] memfd_create("syzkaller", 0) = 3 [pid 6217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6213] <... link resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6217] <... write resumed>) = 524288 [pid 6215] <... link resumed>) = 0 [pid 6216] <... write resumed>) = 524288 [pid 6215] sync( [pid 6213] sync( [pid 6217] munmap(0x7ff1eb400000, 138412032./strace-static-x86_64: Process 6218 attached [pid 6216] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6218 [pid 6218] set_robust_list(0x5555934ed660, 24) = 0 [pid 6217] <... munmap resumed>) = 0 [pid 6216] <... munmap resumed>) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6218] chdir("./78" [pid 6217] <... openat resumed>) = 4 [pid 6216] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6218] <... chdir resumed>) = 0 [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6217] ioctl(4, LOOP_SET_FD, 3 [pid 6216] <... openat resumed>) = 4 [pid 6218] <... prctl resumed>) = 0 [pid 6218] setpgid(0, 0) = 0 [pid 6216] ioctl(4, LOOP_SET_FD, 3 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6218] write(3, "1000", 4) = 4 [pid 6218] close(3) = 0 [pid 6218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6218] write(1, "executing program\n", 18executing program ) = 18 [pid 6218] memfd_create("syzkaller", 0) = 3 [pid 6215] <... sync resumed>) = 0 [pid 6213] <... sync resumed>) = 0 [pid 6218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6215] exit_group(0 [pid 6213] exit_group(0 [pid 6218] <... mmap resumed>) = 0x7ff1eb400000 [pid 6215] <... exit_group resumed>) = ? [pid 6213] <... exit_group resumed>) = ? [pid 6215] +++ exited with 0 +++ [pid 6217] <... ioctl resumed>) = 0 [pid 6213] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6215, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6217] close(3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6213, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6216] <... ioctl resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6217] <... close resumed>) = 0 [pid 6216] close(3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6217] close(4 [pid 6216] <... close resumed>) = 0 [pid 5828] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6217] <... close resumed>) = 0 [pid 6216] close(4 [pid 6217] mkdir("./file1", 0777 [pid 6216] <... close resumed>) = 0 [pid 6217] <... mkdir resumed>) = 0 [pid 6216] mkdir("./file1", 0777) = 0 [pid 6217] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [ 124.161286][ T6217] loop1: detected capacity change from 0 to 1024 [ 124.173048][ T6216] loop3: detected capacity change from 0 to 1024 [pid 6216] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... umount2 resumed>) = 0 [pid 5832] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] newfstatat(AT_FDCWD, "./74/file1", [pid 5832] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 6218] <... write resumed>) = 524288 [pid 6218] munmap(0x7ff1eb400000, 138412032 [pid 6216] <... mount resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] getdents64(4, [pid 6216] <... openat resumed>) = 3 [pid 6216] chdir("./file1") = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 6218] <... munmap resumed>) = 0 [pid 6216] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... close resumed>) = 0 [pid 6218] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6217] <... mount resumed>) = 0 [pid 5828] rmdir("./74/file1" [pid 6218] <... openat resumed>) = 4 [pid 6217] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6216] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6218] ioctl(4, LOOP_SET_FD, 3 [pid 6217] <... openat resumed>) = 3 [pid 6217] chdir("./file1" [pid 5828] <... rmdir resumed>) = 0 [pid 6217] <... chdir resumed>) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6217] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./74/binderfs", [pid 6218] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6218] close(3 [pid 5832] newfstatat(AT_FDCWD, "./73/file1", [pid 5828] unlink("./74/binderfs" [pid 6218] <... close resumed>) = 0 [pid 6218] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6218] <... close resumed>) = 0 [pid 5832] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6218] mkdir("./file1", 0777 [pid 6217] <... link resumed>) = 0 [pid 6216] <... link resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6218] <... mkdir resumed>) = 0 [pid 5828] close(3 [pid 6218] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... close resumed>) = 0 [pid 6217] sync( [pid 6216] sync( [pid 5832] openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] rmdir("./74" [pid 5832] <... openat resumed>) = 4 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./75", 0777 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] close(4 [ 124.261822][ T6218] loop2: detected capacity change from 0 to 1024 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5832] rmdir("./73/file1" [pid 5828] close(3 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6219 attached [pid 5832] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./73/binderfs" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6219 [pid 5832] <... unlink resumed>) = 0 [pid 6219] set_robust_list(0x5555934ed660, 24 [pid 5832] getdents64(3, [pid 6219] <... set_robust_list resumed>) = 0 [pid 6218] <... mount resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] close(3 [pid 6219] chdir("./75") = 0 [pid 6218] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 6219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6219] setpgid(0, 0 [pid 6218] chdir("./file1" [pid 5832] rmdir("./73" [pid 6219] <... setpgid resumed>) = 0 [pid 6218] <... chdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6218] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6219] <... openat resumed>) = 3 [pid 6218] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6219] write(3, "1000", 4 [pid 6218] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6219] <... write resumed>) = 4 [pid 5832] mkdir("./74", 0777) = 0 [pid 6219] close(3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6219] <... close resumed>) = 0 [pid 6219] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6219] <... symlink resumed>) = 0 [pid 6219] write(1, "executing program\n", 18executing program ./strace-static-x86_64: Process 6220 attached ) = 18 [pid 6218] <... link resumed>) = 0 [pid 6219] memfd_create("syzkaller", 0 [pid 6218] sync( [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6220 [pid 6220] set_robust_list(0x5555934ed660, 24 [pid 6219] <... memfd_create resumed>) = 3 [pid 6220] <... set_robust_list resumed>) = 0 [pid 6220] chdir("./74") = 0 [pid 6220] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6217] <... sync resumed>) = 0 [pid 6216] <... sync resumed>) = 0 [pid 6219] <... mmap resumed>) = 0x7ff1eb400000 [pid 6217] exit_group(0 [pid 6220] <... prctl resumed>) = 0 [pid 6220] setpgid(0, 0) = 0 [pid 6220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6217] <... exit_group resumed>) = ? [pid 6216] exit_group(0 [pid 6220] write(3, "1000", 4) = 4 [pid 6220] close(3) = 0 [pid 6220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6217] +++ exited with 0 +++ [pid 6216] <... exit_group resumed>) = ? [pid 6220] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6217, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6220] memfd_create("syzkaller", 0) = 3 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6219] <... write resumed>) = 524288 [pid 6216] +++ exited with 0 +++ [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6216, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] newfstatat(3, "", [pid 5831] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6219] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6219] ioctl(4, LOOP_SET_FD, 3 [pid 6218] <... sync resumed>) = 0 [pid 6218] exit_group(0) = ? [pid 6220] <... write resumed>) = 524288 [pid 6218] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6220] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6220] <... munmap resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./68/file1") = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6219] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./76/file1", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6219] close(3) = 0 [pid 5831] newfstatat(AT_FDCWD, "./68/binderfs", [pid 6219] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6219] <... close resumed>) = 0 [pid 6219] mkdir("./file1", 0777 [ 124.441714][ T6219] loop0: detected capacity change from 0 to 1024 [pid 5831] unlink("./68/binderfs" [pid 6220] <... openat resumed>) = 4 [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6220] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 6219] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./78/file1", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6219] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] rmdir("./68" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 4 [pid 5831] mkdir("./69", 0777) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(4, "", [pid 5830] openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] newfstatat(4, "", [pid 5829] getdents64(4, [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5829] getdents64(4, [pid 5831] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 5829] close(4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] close(4 [pid 5829] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] rmdir("./76/file1" [pid 5831] close(3 [pid 5830] rmdir("./78/file1" [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6221 attached [pid 6220] <... ioctl resumed>) = 0 [pid 6219] <... mount resumed>) = 0 [pid 5830] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6221] set_robust_list(0x5555934ed660, 24 [pid 6220] close(3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6221 [pid 6221] <... set_robust_list resumed>) = 0 [pid 6220] <... close resumed>) = 0 [pid 6221] chdir("./69" [pid 6220] close(4) = 0 [pid 6221] <... chdir resumed>) = 0 [pid 6220] mkdir("./file1", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6219] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5830] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6221] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6220] <... mkdir resumed>) = 0 [pid 6219] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6221] <... prctl resumed>) = 0 [pid 6219] chdir("./file1" [pid 5830] unlink("./78/binderfs" [pid 5829] unlink("./76/binderfs" [pid 6221] setpgid(0, 0 [pid 6219] <... chdir resumed>) = 0 [pid 6221] <... setpgid resumed>) = 0 [pid 6220] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6221] <... openat resumed>) = 3 [ 124.488683][ T6220] loop4: detected capacity change from 0 to 1024 [pid 6219] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] getdents64(3, [pid 5829] getdents64(3, [pid 6221] write(3, "1000", 4 [pid 6219] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6221] <... write resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5829] close(3executing program [pid 5830] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6221] close(3) = 0 [pid 6221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6221] write(1, "executing program\n", 18) = 18 [pid 5829] rmdir("./76" [pid 6221] memfd_create("syzkaller", 0 [pid 6220] <... mount resumed>) = 0 [pid 6219] <... link resumed>) = 0 [pid 5830] rmdir("./78" [pid 6220] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6221] <... memfd_create resumed>) = 3 [pid 6220] <... openat resumed>) = 3 [pid 5829] <... rmdir resumed>) = 0 [pid 6221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6220] chdir("./file1" [pid 6221] <... mmap resumed>) = 0x7ff1eb400000 [pid 6220] <... chdir resumed>) = 0 [pid 6219] sync( [pid 5830] <... rmdir resumed>) = 0 [pid 5829] mkdir("./77", 0777 [pid 6220] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] mkdir("./79", 0777 [pid 5829] <... mkdir resumed>) = 0 [pid 6220] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6220] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... close resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] close(3./strace-static-x86_64: Process 6222 attached ) = 0 [pid 6222] set_robust_list(0x5555934ed660, 24 [pid 6221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6222] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6223 attached [pid 6222] chdir("./77" [pid 6223] set_robust_list(0x5555934ed660, 24 [pid 6222] <... chdir resumed>) = 0 [pid 6221] <... write resumed>) = 524288 [pid 6219] <... sync resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6223 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6222 [pid 6223] <... set_robust_list resumed>) = 0 [pid 6222] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6220] <... link resumed>) = 0 [pid 6223] chdir("./79" [pid 6220] sync( [pid 6223] <... chdir resumed>) = 0 [pid 6222] <... prctl resumed>) = 0 [pid 6221] munmap(0x7ff1eb400000, 138412032 [pid 6223] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6222] setpgid(0, 0 [pid 6221] <... munmap resumed>) = 0 [pid 6219] exit_group(0 [pid 6223] <... prctl resumed>) = 0 [pid 6222] <... setpgid resumed>) = 0 [pid 6221] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6219] <... exit_group resumed>) = ? [pid 6223] setpgid(0, 0 [pid 6221] <... openat resumed>) = 4 [pid 6223] <... setpgid resumed>) = 0 [pid 6221] ioctl(4, LOOP_SET_FD, 3 [pid 6223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6223] write(3, "1000", 4 [pid 6222] <... openat resumed>) = 3 [pid 6223] <... write resumed>) = 4 [pid 6223] close(3) = 0 [pid 6223] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6223] write(1, "executing program\n", 18) = 18 [pid 6223] memfd_create("syzkaller", 0 [pid 6222] write(3, "1000", 4) = 4 [pid 6222] close(3 [pid 6223] <... memfd_create resumed>) = 3 [pid 6222] <... close resumed>) = 0 [pid 6223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6222] symlink("/dev/binderfs", "./binderfs" [pid 6219] +++ exited with 0 +++ [pid 6222] <... symlink resumed>) = 0 executing program [pid 6222] write(1, "executing program\n", 18 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6219, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6222] <... write resumed>) = 18 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6222] memfd_create("syzkaller", 0 [pid 6221] <... ioctl resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6222] <... memfd_create resumed>) = 3 [pid 6222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6220] <... sync resumed>) = 0 [pid 6222] <... mmap resumed>) = 0x7ff1eb400000 [pid 6221] close(3 [pid 6220] exit_group(0 [ 124.631815][ T6221] loop3: detected capacity change from 0 to 1024 [pid 5828] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6221] <... close resumed>) = 0 [pid 6220] <... exit_group resumed>) = ? [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6221] close(4) = 0 [pid 6220] +++ exited with 0 +++ [pid 5828] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6221] mkdir("./file1", 0777 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6220, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] <... openat resumed>) = 3 [pid 6221] <... mkdir resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6223] <... write resumed>) = 524288 [pid 6221] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 5832] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... openat resumed>) = 3 [pid 6222] <... write resumed>) = 524288 [pid 5832] newfstatat(3, "", [pid 5828] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6222] munmap(0x7ff1eb400000, 138412032 [pid 5832] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6223] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6222] <... munmap resumed>) = 0 [pid 6221] <... mount resumed>) = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6222] <... openat resumed>) = 4 [pid 6221] chdir("./file1" [pid 6222] ioctl(4, LOOP_SET_FD, 3 [pid 6221] <... chdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6221] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6223] ioctl(4, LOOP_SET_FD, 3 [pid 6222] <... ioctl resumed>) = 0 [pid 6221] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6222] close(3 [pid 6221] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6222] <... close resumed>) = 0 [pid 5832] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6222] close(4) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./75/file1", [pid 6222] mkdir("./file1", 0777 [pid 5832] newfstatat(AT_FDCWD, "./74/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6222] <... mkdir resumed>) = 0 [pid 5832] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6222] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... openat resumed>) = 4 [pid 6222] <... mount resumed>) = 0 [pid 6221] <... link resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./75/file1") = 0 [pid 5828] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./75/binderfs", [pid 6222] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6221] sync( [pid 5832] newfstatat(4, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6223] <... ioctl resumed>) = 0 [pid 5828] unlink("./75/binderfs" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6223] close(3 [pid 5832] getdents64(4, [pid 5828] <... unlink resumed>) = 0 [pid 6223] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 6222] <... openat resumed>) = 3 [pid 6223] close(4 [pid 6222] chdir("./file1" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6222] <... chdir resumed>) = 0 [pid 5832] getdents64(4, [pid 6223] <... close resumed>) = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6223] mkdir("./file1", 0777 [pid 5832] close(4 [pid 5828] <... close resumed>) = 0 [ 124.737951][ T6222] loop1: detected capacity change from 0 to 1024 [ 124.746226][ T6223] loop2: detected capacity change from 0 to 1024 [pid 6222] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... close resumed>) = 0 [pid 5828] rmdir("./75" [pid 6222] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] rmdir("./74/file1" [pid 6223] <... mkdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6223] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] mkdir("./76", 0777 [pid 5832] <... rmdir resumed>) = 0 [pid 6221] <... sync resumed>) = 0 [pid 5832] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... mkdir resumed>) = 0 [pid 6221] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6221] <... exit_group resumed>) = ? [pid 5832] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6224 attached [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./74/binderfs" [pid 6222] <... link resumed>) = 0 [pid 6221] +++ exited with 0 +++ [pid 5832] <... unlink resumed>) = 0 [pid 6224] set_robust_list(0x5555934ed660, 24 [pid 6222] sync( [pid 5832] getdents64(3, [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6221, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6224] <... set_robust_list resumed>) = 0 [pid 6224] chdir("./76" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 6224] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6224] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6224] <... prctl resumed>) = 0 [pid 6223] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6224] setpgid(0, 0 [pid 6223] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] rmdir("./74" [pid 5831] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6224] <... setpgid resumed>) = 0 [pid 6223] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 6224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6223] chdir("./file1" [pid 5831] newfstatat(3, "", [pid 6224] <... openat resumed>) = 3 [pid 6223] <... chdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] mkdir("./75", 0777 [pid 6224] write(3, "1000", 4 [pid 6223] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... mkdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6224 [pid 6224] <... write resumed>) = 4 [pid 6223] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6224] close(3 [pid 6223] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6224] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6224] symlink("/dev/binderfs", "./binderfs" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6224] <... symlink resumed>) = 0 [pid 6222] <... sync resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 executing program [pid 6224] write(1, "executing program\n", 18) = 18 [pid 6222] exit_group(0 [pid 5832] <... ioctl resumed>) = 0 [pid 6224] memfd_create("syzkaller", 0 [pid 5832] close(3 [pid 6222] <... exit_group resumed>) = ? [pid 6222] +++ exited with 0 +++ [pid 5831] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6222, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6224] <... memfd_create resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./69/file1", [pid 6224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6223] <... link resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6224] <... mmap resumed>) = 0x7ff1eb400000 [pid 6223] sync( [pid 5831] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 6224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6225 attached [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6225] set_robust_list(0x5555934ed660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6225 [pid 5831] getdents64(4, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6225] <... set_robust_list resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6225] chdir("./75") = 0 [pid 6224] <... write resumed>) = 524288 [pid 5831] getdents64(4, [pid 5829] <... openat resumed>) = 3 [pid 6225] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] newfstatat(3, "", [pid 6225] <... prctl resumed>) = 0 [pid 5831] close(4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6225] setpgid(0, 0 [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 6225] <... setpgid resumed>) = 0 [pid 5831] rmdir("./69/file1" [pid 6223] <... sync resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6223] exit_group(0 [pid 5831] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6223] <... exit_group resumed>) = ? [pid 6225] <... openat resumed>) = 3 [pid 6223] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6223, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] newfstatat(AT_FDCWD, "./69/binderfs", [pid 6225] write(3, "1000", 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6225] <... write resumed>) = 4 [pid 5831] unlink("./69/binderfs" [pid 5830] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6224] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6225] close(3 [pid 6224] <... munmap resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6225] <... close resumed>) = 0 [pid 6224] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6224] <... openat resumed>) = 4 [pid 5830] newfstatat(3, "", [pid 5831] getdents64(3, [pid 6224] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6225] symlink("/dev/binderfs", "./binderfs" [pid 5831] close(3 [pid 5830] getdents64(3, [pid 5829] <... umount2 resumed>) = 0 [pid 6225] <... symlink resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] rmdir("./69" [pid 5830] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5831] <... rmdir resumed>) = 0 [pid 5829] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6225] write(1, "executing program\n", 18) = 18 [pid 6225] memfd_create("syzkaller", 0) = 3 [pid 6225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6225] <... mmap resumed>) = 0x7ff1eb400000 [pid 6224] <... ioctl resumed>) = 0 [pid 5831] mkdir("./70", 0777 [pid 5829] newfstatat(AT_FDCWD, "./77/file1", [pid 6224] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6224] <... close resumed>) = 0 [pid 6224] close(4) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6224] mkdir("./file1", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./79/file1", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6224] <... mkdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] close(3 [pid 5830] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 6224] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(4, "", [pid 5830] openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6226 attached [pid 5830] newfstatat(4, "", [pid 5829] getdents64(4, [pid 6226] set_robust_list(0x5555934ed660, 24 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [ 124.933499][ T6224] loop0: detected capacity change from 0 to 1024 [pid 5829] getdents64(4, [pid 6226] <... set_robust_list resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6226 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 5829] close(4 [pid 6226] chdir("./70" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] close(4 [pid 5829] rmdir("./77/file1" [pid 5830] <... close resumed>) = 0 [pid 6226] <... chdir resumed>) = 0 [pid 6225] <... write resumed>) = 524288 [pid 6224] <... mount resumed>) = 0 [pid 5830] rmdir("./79/file1" [pid 5829] <... rmdir resumed>) = 0 [pid 6226] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6225] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6226] <... prctl resumed>) = 0 [pid 6224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6226] setpgid(0, 0 [pid 6224] <... openat resumed>) = 3 [pid 6226] <... setpgid resumed>) = 0 [pid 6225] <... munmap resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./77/binderfs", [pid 5830] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6224] chdir("./file1" [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6224] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6224] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] unlink("./77/binderfs" [pid 6226] <... openat resumed>) = 3 [pid 6225] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6224] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(AT_FDCWD, "./79/binderfs", [pid 6226] write(3, "1000", 4 [pid 6225] <... openat resumed>) = 4 [pid 5829] <... unlink resumed>) = 0 [pid 6226] <... write resumed>) = 4 [pid 6225] ioctl(4, LOOP_SET_FD, 3 [pid 6224] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] getdents64(3, [pid 6226] close(3 [pid 6225] <... ioctl resumed>) = 0 [pid 5830] unlink("./79/binderfs" [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6226] <... close resumed>) = 0 [pid 6225] close(3 [pid 5830] <... unlink resumed>) = 0 [pid 6226] symlink("/dev/binderfs", "./binderfs" [pid 6225] <... close resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6226] <... symlink resumed>) = 0 [pid 6225] close(4 [pid 6224] <... link resumed>) = 0 [pid 5830] close(3 [pid 6225] <... close resumed>) = 0 [pid 6226] write(1, "executing program\n", 18 [pid 6225] mkdir("./file1", 0777 [pid 6224] sync( [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./79"executing program [pid 6226] <... write resumed>) = 18 [pid 6226] memfd_create("syzkaller", 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6226] <... memfd_create resumed>) = 3 [pid 6225] <... mkdir resumed>) = 0 [pid 6226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6225] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] mkdir("./80", 0777 [pid 5829] close(3 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./77" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... rmdir resumed>) = 0 [pid 6226] <... write resumed>) = 524288 [pid 5830] <... openat resumed>) = 3 [ 125.029975][ T6225] loop4: detected capacity change from 0 to 1024 [pid 5829] mkdir("./78", 0777) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6226] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... ioctl resumed>) = 0 [pid 6226] <... munmap resumed>) = 0 [pid 6225] <... mount resumed>) = 0 [pid 5830] close(3 [pid 5829] <... openat resumed>) = 3 [pid 6226] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6226] <... openat resumed>) = 4 [pid 6225] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... ioctl resumed>) = 0 [pid 6226] ioctl(4, LOOP_SET_FD, 3 [pid 6225] <... openat resumed>) = 3 [pid 6225] chdir("./file1") = 0 [pid 6225] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 6227 attached ) = -1 EBUSY (Device or resource busy) [pid 6224] <... sync resumed>) = 0 [pid 5829] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6227 [pid 5829] <... close resumed>) = 0 [pid 6227] set_robust_list(0x5555934ed660, 24 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6227] <... set_robust_list resumed>) = 0 [pid 6225] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6224] exit_group(0./strace-static-x86_64: Process 6228 attached [pid 6227] chdir("./80" [pid 6228] set_robust_list(0x5555934ed660, 24 [pid 6227] <... chdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6228 [pid 6227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6227] setpgid(0, 0) = 0 [pid 6224] <... exit_group resumed>) = ? [pid 6228] <... set_robust_list resumed>) = 0 [pid 6227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6226] <... ioctl resumed>) = 0 [pid 6224] +++ exited with 0 +++ [pid 6228] chdir("./78" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6224, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6228] <... chdir resumed>) = 0 [pid 6227] <... openat resumed>) = 3 [pid 6226] close(3 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6227] write(3, "1000", 4 [pid 6226] <... close resumed>) = 0 [pid 6228] <... prctl resumed>) = 0 [pid 6227] <... write resumed>) = 4 [pid 6226] close(4) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6228] setpgid(0, 0 [pid 6227] close(3 [pid 6226] mkdir("./file1", 0777 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6228] <... setpgid resumed>) = 0 [pid 6227] <... close resumed>) = 0 [pid 6226] <... mkdir resumed>) = 0 [pid 6225] <... link resumed>) = 0 [pid 6225] sync( [pid 5828] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6227] symlink("/dev/binderfs", "./binderfs" [pid 6228] <... openat resumed>) = 3 [pid 6227] <... symlink resumed>) = 0 [pid 6226] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6228] write(3, "1000", 4 [pid 6227] write(1, "executing program\n", 18executing program [pid 6228] <... write resumed>) = 4 [ 125.102094][ T6226] loop3: detected capacity change from 0 to 1024 [pid 6227] <... write resumed>) = 18 [pid 6228] close(3 [pid 6227] memfd_create("syzkaller", 0 [pid 6228] <... close resumed>) = 0 [pid 6227] <... memfd_create resumed>) = 3 [pid 6228] symlink("/dev/binderfs", "./binderfs" [pid 6227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6228] <... symlink resumed>) = 0 [pid 6227] <... mmap resumed>) = 0x7ff1eb400000 [pid 6227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6226] <... mount resumed>) = 0 executing program [pid 6228] write(1, "executing program\n", 18 [pid 6226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6228] <... write resumed>) = 18 [pid 6226] <... openat resumed>) = 3 [pid 6228] memfd_create("syzkaller", 0 [pid 6226] chdir("./file1" [pid 6228] <... memfd_create resumed>) = 3 [pid 6226] <... chdir resumed>) = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6226] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6226] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6225] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6225] exit_group(0 [pid 5828] openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6225] <... exit_group resumed>) = ? [pid 5828] <... openat resumed>) = 4 [pid 6225] +++ exited with 0 +++ [pid 5828] newfstatat(4, "", [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6225, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./76/file1" [pid 6228] <... write resumed>) = 524288 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6227] <... write resumed>) = 524288 [pid 6226] <... link resumed>) = 0 [pid 5828] unlink("./76/binderfs" [pid 6227] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 5832] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6227] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6228] munmap(0x7ff1eb400000, 138412032 [pid 6227] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6226] sync( [pid 5832] <... openat resumed>) = 3 [pid 5828] close(3 [pid 6228] <... munmap resumed>) = 0 [pid 6227] <... openat resumed>) = 4 [pid 5832] newfstatat(3, "", [pid 5828] <... close resumed>) = 0 [pid 6228] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6227] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] rmdir("./76") = 0 [pid 5828] mkdir("./77", 0777 [pid 5832] getdents64(3, [pid 5828] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6228] <... openat resumed>) = 4 [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6228] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6229 attached [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6229 [pid 6229] set_robust_list(0x5555934ed660, 24) = 0 [pid 6229] chdir("./77") = 0 [pid 6229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6229] setpgid(0, 0) = 0 [pid 6229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6229] write(3, "1000", 4) = 4 [pid 6229] close(3) = 0 [pid 6229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6228] <... ioctl resumed>) = 0 [pid 6227] <... ioctl resumed>) = 0 [pid 6226] <... sync resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6226] exit_group(0 [pid 6229] write(1, "executing program\n", 18 [pid 6226] <... exit_group resumed>) = ? executing program [pid 6229] <... write resumed>) = 18 [pid 6228] close(3 [pid 6227] close(3 [pid 6229] memfd_create("syzkaller", 0 [pid 6228] <... close resumed>) = 0 [pid 6227] <... close resumed>) = 0 [pid 6226] +++ exited with 0 +++ [pid 5832] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6226, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6227] close(4 [pid 5832] newfstatat(AT_FDCWD, "./75/file1", [ 125.238771][ T6227] loop2: detected capacity change from 0 to 1024 [ 125.256335][ T6228] loop1: detected capacity change from 0 to 1024 [pid 6228] close(4 [pid 6227] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6228] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6228] mkdir("./file1", 0777 [pid 5831] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6229] <... memfd_create resumed>) = 3 [pid 6228] <... mkdir resumed>) = 0 [pid 6227] mkdir("./file1", 0777 [pid 5832] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6227] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6229] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(3, "", [pid 5832] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6228] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6227] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] newfstatat(4, "", [pid 5831] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(4, [pid 5831] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./75/file1") = 0 [pid 6229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 5832] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./75/binderfs") = 0 [pid 6229] <... write resumed>) = 524288 [pid 5831] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./75") = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] mkdir("./76", 0777) = 0 [pid 5831] newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6230 attached [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6227] <... mount resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6227] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] <... openat resumed>) = 4 [pid 6230] set_robust_list(0x5555934ed660, 24 [pid 6229] munmap(0x7ff1eb400000, 138412032 [pid 6227] chdir("./file1" [pid 5831] newfstatat(4, "", [pid 6229] <... munmap resumed>) = 0 [pid 6227] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6230] <... set_robust_list resumed>) = 0 [pid 6228] <... mount resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6230 [pid 5831] getdents64(4, [pid 6230] chdir("./76" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6230] <... chdir resumed>) = 0 [pid 6227] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6230] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6227] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6230] <... prctl resumed>) = 0 [pid 6227] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] close(4 [pid 6230] setpgid(0, 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 6230] <... setpgid resumed>) = 0 [pid 6230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6229] <... openat resumed>) = 4 [pid 6228] <... openat resumed>) = 3 [pid 5831] rmdir("./70/file1" [pid 6228] chdir("./file1" [pid 6229] ioctl(4, LOOP_SET_FD, 3 [pid 6228] <... chdir resumed>) = 0 executing program [pid 5831] <... rmdir resumed>) = 0 [pid 6230] <... openat resumed>) = 3 [pid 6228] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6230] write(3, "1000", 4) = 4 [pid 6230] close(3) = 0 [pid 6230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6230] write(1, "executing program\n", 18) = 18 [pid 6230] memfd_create("syzkaller", 0) = 3 [pid 6230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6228] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6228] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./70/binderfs", [pid 6230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6227] <... link resumed>) = 0 [pid 6227] sync( [pid 5831] unlink("./70/binderfs") = 0 [pid 6229] <... ioctl resumed>) = 0 [pid 5831] getdents64(3, [pid 6229] close(3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6229] <... close resumed>) = 0 [pid 5831] close(3 [pid 6229] close(4 [pid 5831] <... close resumed>) = 0 [pid 6229] <... close resumed>) = 0 [pid 5831] rmdir("./70" [pid 6229] mkdir("./file1", 0777 [pid 6228] <... link resumed>) = 0 [pid 6230] <... write resumed>) = 524288 [pid 6229] <... mkdir resumed>) = 0 [pid 6228] sync( [pid 5831] <... rmdir resumed>) = 0 [pid 6229] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6230] munmap(0x7ff1eb400000, 138412032 [pid 5831] mkdir("./71", 0777 [pid 6230] <... munmap resumed>) = 0 [pid 6227] <... sync resumed>) = 0 [pid 6227] exit_group(0 [pid 5831] <... mkdir resumed>) = 0 [ 125.391583][ T6229] loop0: detected capacity change from 0 to 1024 [pid 6230] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6227] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6230] <... openat resumed>) = 4 [pid 6227] +++ exited with 0 +++ [pid 6230] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6227, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6230] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6230] ioctl(4, LOOP_CLR_FD [pid 5830] <... restart_syscall resumed>) = 0 [pid 6230] <... ioctl resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3) = 0 [pid 6230] ioctl(4, LOOP_SET_FD, 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6230] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6230] close(4./strace-static-x86_64: Process 6232 attached ) = 0 [pid 5830] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6230] close(3 [pid 6232] set_robust_list(0x5555934ed660, 24 [pid 6230] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6232 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6232] <... set_robust_list resumed>) = 0 [pid 6229] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6232] chdir("./71" [pid 5830] <... openat resumed>) = 3 [pid 6232] <... chdir resumed>) = 0 [pid 6229] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] newfstatat(3, "", [pid 6232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6230] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6229] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6232] setpgid(0, 0 [pid 6230] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6232] <... setpgid resumed>) = 0 [pid 5830] getdents64(3, [pid 6232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6230] sync( [pid 6229] chdir("./file1" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6229] <... chdir resumed>) = 0 [pid 6232] write(3, "1000", 4 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6228] <... sync resumed>) = 0 [pid 6232] <... write resumed>) = 4 [pid 6232] close(3 [pid 6229] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6232] <... close resumed>) = 0 [pid 6228] exit_group(0 [pid 6232] symlink("/dev/binderfs", "./binderfs" [pid 6229] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"executing program [pid 6232] <... symlink resumed>) = 0 [pid 6228] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = 0 [pid 6232] write(1, "executing program\n", 18) = 18 [pid 6232] memfd_create("syzkaller", 0) = 3 [pid 6232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6228] +++ exited with 0 +++ [pid 6232] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6229] <... link resumed>) = 0 [pid 5830] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... restart_syscall resumed>) = 0 [pid 6229] sync( [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6230] <... sync resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6230] exit_group(0 [pid 5829] newfstatat(3, "", [pid 6230] <... exit_group resumed>) = ? [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6230] +++ exited with 0 +++ [pid 5830] openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] getdents64(3, [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6230, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... openat resumed>) = 4 [pid 5829] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 6232] <... write resumed>) = 524288 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5832] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5830] getdents64(4, [pid 5832] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(4 [pid 5832] unlink("./76/binderfs") = 0 [pid 5830] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5830] rmdir("./80/file1" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5832] rmdir("./76" [pid 5830] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6232] munmap(0x7ff1eb400000, 138412032 [pid 6229] <... sync resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = 0 [pid 6232] <... munmap resumed>) = 0 [pid 6229] exit_group(0 [pid 5830] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6229] <... exit_group resumed>) = ? [pid 5829] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6232] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] mkdir("./77", 0777 [pid 5830] unlink("./80/binderfs" [pid 6232] <... openat resumed>) = 4 [pid 6229] +++ exited with 0 +++ [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5829] newfstatat(AT_FDCWD, "./78/file1", [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6229, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6232] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] close(3 [pid 5829] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] close(3) = 0 [pid 5830] rmdir("./80" [pid 5829] <... openat resumed>) = 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] newfstatat(4, "", [pid 5830] <... rmdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6233 ./strace-static-x86_64: Process 6233 attached [pid 5830] mkdir("./81", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6233] set_robust_list(0x5555934ed660, 24) = 0 [pid 6233] chdir("./77" [pid 5829] getdents64(4, [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./78/file1" [pid 5828] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6233] <... chdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6233] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6233] <... prctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(3, "", [pid 6233] setpgid(0, 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6233] <... setpgid resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(3 [pid 5829] unlink("./78/binderfs" [pid 6233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6233] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6233] write(3, "1000", 4) = 4 [pid 6232] <... ioctl resumed>) = 0 [pid 6233] close(3) = 0 [pid 6232] close(3 [pid 6233] symlink("/dev/binderfs", "./binderfs" [pid 6232] <... close resumed>) = 0 [pid 5829] close(3./strace-static-x86_64: Process 6234 attached [pid 6233] <... symlink resumed>) = 0 [pid 6232] close(4 [pid 5829] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6234] set_robust_list(0x5555934ed660, 24 [pid 6232] <... close resumed>) = 0 [pid 5829] rmdir("./78" [pid 5828] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6232] mkdir("./file1", 0777 [pid 6233] write(1, "executing program\n", 18 [pid 6232] <... mkdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6234] <... set_robust_list resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6234 [pid 5829] mkdir("./79", 0777 [pid 5828] newfstatat(AT_FDCWD, "./77/file1", executing program [pid 6233] <... write resumed>) = 18 [pid 6233] memfd_create("syzkaller", 0 [pid 6234] chdir("./81" [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6234] <... chdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6234] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6233] <... memfd_create resumed>) = 3 [pid 6232] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [ 125.574264][ T6232] loop3: detected capacity change from 0 to 1024 [pid 6234] <... prctl resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6234] setpgid(0, 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6234] <... setpgid resumed>) = 0 [pid 5829] close(3 [pid 5828] newfstatat(4, "", [pid 6234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6234] <... openat resumed>) = 3 [pid 5828] getdents64(4, [pid 6234] write(3, "1000", 4 [pid 6233] <... write resumed>) = 524288 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6234] <... write resumed>) = 4 [pid 6234] close(3 [pid 5828] getdents64(4, [pid 6234] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6235 attached [pid 6234] symlink("/dev/binderfs", "./binderfs" [pid 5828] close(4 [pid 6232] <... mount resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6232] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6234] <... symlink resumed>) = 0 [pid 6232] <... openat resumed>) = 3 [pid 5828] rmdir("./77/file1" [pid 6232] chdir("./file1") = 0 [pid 6232] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6233] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6232] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... rmdir resumed>) = 0 [pid 6233] <... openat resumed>) = 4 [pid 6233] ioctl(4, LOOP_SET_FD, 3 [pid 6235] set_robust_list(0x5555934ed660, 24 executing program [pid 6234] write(1, "executing program\n", 18 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6235 [pid 5828] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6235] <... set_robust_list resumed>) = 0 [pid 6234] <... write resumed>) = 18 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6235] chdir("./79" [pid 5828] newfstatat(AT_FDCWD, "./77/binderfs", [pid 6234] memfd_create("syzkaller", 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6235] <... chdir resumed>) = 0 [pid 5828] unlink("./77/binderfs") = 0 [pid 6235] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 6232] <... link resumed>) = 0 [pid 6232] sync( [pid 6234] <... memfd_create resumed>) = 3 [pid 5828] rmdir("./77" [pid 6235] <... prctl resumed>) = 0 [pid 6235] setpgid(0, 0 [pid 6234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./78", 0777 [pid 6234] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... mkdir resumed>) = 0 [pid 6235] <... setpgid resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... openat resumed>) = 3 [pid 6235] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 6233] <... ioctl resumed>) = 0 [pid 6235] write(3, "1000", 4 [pid 6234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6232] <... sync resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6235] <... write resumed>) = 4 [ 125.682570][ T6233] loop4: detected capacity change from 0 to 1024 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6232] exit_group(0) = ? ./strace-static-x86_64: Process 6237 attached [pid 6232] +++ exited with 0 +++ [pid 6233] close(3) = 0 [pid 6233] close(4) = 0 [pid 6233] mkdir("./file1", 0777 [pid 6235] close(3 [pid 6233] <... mkdir resumed>) = 0 [pid 6233] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6235] <... close resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6232, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6235] symlink("/dev/binderfs", "./binderfs" [pid 5831] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6235] <... symlink resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6237 [pid 6237] set_robust_list(0x5555934ed660, 24 [pid 6235] write(1, "executing program\n", 18 [pid 6234] <... write resumed>) = 524288 [pid 6235] <... write resumed>) = 18 [pid 6237] <... set_robust_list resumed>) = 0 [pid 6237] chdir("./78" [pid 6235] memfd_create("syzkaller", 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6237] <... chdir resumed>) = 0 [pid 6235] <... memfd_create resumed>) = 3 [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6237] <... prctl resumed>) = 0 [pid 6235] <... mmap resumed>) = 0x7ff1eb400000 [pid 6237] setpgid(0, 0 [pid 6235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6234] munmap(0x7ff1eb400000, 138412032 [pid 5831] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6237] <... setpgid resumed>) = 0 [pid 6234] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6233] <... mount resumed>) = 0 [pid 6233] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6233] chdir("./file1") = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6233] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6235] <... write resumed>) = 524288 [pid 6234] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 6233] <... link resumed>) = 0 [pid 6237] write(3, "1000", 4 [pid 6234] <... openat resumed>) = 4 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6237] <... write resumed>) = 4 [pid 6234] ioctl(4, LOOP_SET_FD, 3 [pid 6237] close(3 [pid 5831] getdents64(3, [pid 6233] sync( [pid 6237] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6237] write(1, "executing program\n", 18executing program ) = 18 [pid 6235] munmap(0x7ff1eb400000, 138412032 [pid 6233] <... sync resumed>) = 0 [pid 6233] exit_group(0 [pid 6237] memfd_create("syzkaller", 0 [pid 6233] <... exit_group resumed>) = ? [pid 6237] <... memfd_create resumed>) = 3 [pid 6235] <... munmap resumed>) = 0 [pid 6233] +++ exited with 0 +++ [pid 6237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6233, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6237] <... mmap resumed>) = 0x7ff1eb400000 [pid 6235] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6235] <... openat resumed>) = 4 [pid 5832] <... restart_syscall resumed>) = 0 [pid 6234] <... ioctl resumed>) = 0 [pid 6234] close(3 [pid 6235] ioctl(4, LOOP_SET_FD, 3 [pid 6234] <... close resumed>) = 0 [pid 6234] close(4) = 0 [pid 5832] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6234] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6234] <... mkdir resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6234] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6237] <... write resumed>) = 524288 [pid 6235] <... ioctl resumed>) = 0 [pid 6237] munmap(0x7ff1eb400000, 138412032 [pid 6235] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 6235] <... close resumed>) = 0 [pid 6235] close(4 [pid 6237] <... munmap resumed>) = 0 [pid 6235] <... close resumed>) = 0 [pid 5831] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6235] mkdir("./file1", 0777 [pid 6237] <... openat resumed>) = 4 [pid 6235] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [ 125.821756][ T6234] loop2: detected capacity change from 0 to 1024 [ 125.857514][ T6235] loop1: detected capacity change from 0 to 1024 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./71/file1", [pid 6237] ioctl(4, LOOP_SET_FD, 3 [pid 6235] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6234] <... mount resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./77/file1", [pid 6235] <... mount resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6234] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6234] chdir("./file1") = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6235] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6234] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6235] <... openat resumed>) = 3 [pid 6234] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6235] chdir("./file1" [pid 5832] openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6235] <... chdir resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] <... openat resumed>) = 4 [pid 6235] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] newfstatat(4, "", [pid 5831] newfstatat(4, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6235] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] getdents64(4, [pid 5831] getdents64(4, [pid 6235] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5832] getdents64(4, [pid 5831] rmdir("./71/file1" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] close(4) = 0 [pid 6237] <... ioctl resumed>) = 0 [pid 5832] rmdir("./77/file1" [pid 5831] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6234] <... link resumed>) = 0 [pid 6234] sync( [pid 5831] unlink("./71/binderfs" [pid 6237] close(3 [pid 5832] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... unlink resumed>) = 0 [pid 6237] <... close resumed>) = 0 [pid 6235] <... link resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6237] close(4 [pid 6235] sync( [ 125.887726][ T6237] loop0: detected capacity change from 0 to 1024 [pid 5832] newfstatat(AT_FDCWD, "./77/binderfs", [pid 6237] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] getdents64(3, [pid 6237] mkdir("./file1", 0777 [pid 5832] unlink("./77/binderfs" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6237] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./77") = 0 [pid 5832] mkdir("./78", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6237] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6235] <... sync resumed>) = 0 [pid 6234] <... sync resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6234] exit_group(0 [pid 5831] rmdir("./71" [pid 6234] <... exit_group resumed>) = ? [pid 5831] <... rmdir resumed>) = 0 [pid 6234] +++ exited with 0 +++ [pid 5832] <... ioctl resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6234, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6235] exit_group(0 [pid 5832] close(3 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... close resumed>) = 0 [pid 6235] <... exit_group resumed>) = ? [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] mkdir("./72", 0777 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6237] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6238 attached ./strace-static-x86_64: Process 6239 attached [pid 6237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6235] +++ exited with 0 +++ [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6238 [pid 5830] <... umount2 resumed>) = 0 [pid 6237] <... openat resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6235, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6237] chdir("./file1" [pid 6239] set_robust_list(0x5555934ed660, 24) = 0 [pid 5829] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] set_robust_list(0x5555934ed660, 24 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6239] chdir("./78" [pid 5829] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6239] <... chdir resumed>) = 0 [pid 6238] <... set_robust_list resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6239] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6238] chdir("./72" [pid 6239] <... prctl resumed>) = 0 [pid 6238] <... chdir resumed>) = 0 [pid 6239] setpgid(0, 0 [pid 6238] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6239] <... setpgid resumed>) = 0 [pid 6238] <... prctl resumed>) = 0 [pid 6239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6238] setpgid(0, 0 [pid 6237] <... chdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6239 [pid 5830] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(3, "", [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6238] <... setpgid resumed>) = 0 [pid 6237] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(AT_FDCWD, "./81/file1", [pid 5829] getdents64(3, [pid 6239] <... openat resumed>) = 3 [pid 6238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6237] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 executing program [pid 6239] write(3, "1000", 4 [pid 6238] write(3, "1000", 4 [pid 5830] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] <... write resumed>) = 4 [pid 6238] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6238] <... close resumed>) = 0 [pid 6238] symlink("/dev/binderfs", "./binderfs" [pid 5830] openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6239] <... write resumed>) = 4 [pid 6238] <... symlink resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6238] write(1, "executing program\n", 18) = 18 [pid 6238] memfd_create("syzkaller", 0) = 3 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6239] close(3 [pid 6238] <... mmap resumed>) = 0x7ff1eb400000 [pid 6239] <... close resumed>) = 0 [pid 6238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] newfstatat(4, "", [pid 6239] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6239] <... symlink resumed>) = 0 [pid 5830] getdents64(4, [pid 6239] write(1, "executing program\n", 18) = 18 [pid 6239] memfd_create("syzkaller", 0) = 3 [pid 6237] <... link resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... umount2 resumed>) = 0 [pid 5830] getdents64(4, [pid 6239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6237] sync( [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 5829] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6239] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] rmdir("./81/file1" [pid 5829] newfstatat(AT_FDCWD, "./79/file1", [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6238] <... write resumed>) = 524288 [pid 5829] openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] unlink("./81/binderfs" [pid 6239] <... write resumed>) = 524288 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5830] getdents64(3, [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6238] munmap(0x7ff1eb400000, 138412032 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6238] <... munmap resumed>) = 0 [pid 5829] getdents64(4, [pid 6237] <... sync resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] close(4 [pid 6237] exit_group(0 [pid 5830] close(3 [pid 6237] <... exit_group resumed>) = ? [pid 5830] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] rmdir("./81" [pid 5829] rmdir("./79/file1") = 0 [pid 6239] munmap(0x7ff1eb400000, 138412032 [pid 6237] +++ exited with 0 +++ [pid 5830] <... rmdir resumed>) = 0 [pid 5829] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6239] <... munmap resumed>) = 0 [pid 5830] mkdir("./82", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6239] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6239] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./79/binderfs", [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5828] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 5829] unlink("./79/binderfs" [pid 5828] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6238] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 6238] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... unlink resumed>) = 0 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5828] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] close(3) = 0 [pid 5828] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./79") = 0 [pid 5829] mkdir("./80", 0777) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6239] <... ioctl resumed>) = 0 [pid 6238] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] newfstatat(AT_FDCWD, "./78/file1", [pid 6239] close(3) = 0 [pid 6239] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6239] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6240 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 6239] mkdir("./file1", 0777 [pid 5829] close(3 [pid 5828] <... openat resumed>) = 4 [pid 6239] <... mkdir resumed>) = 0 [pid 6238] close(3 [pid 5828] newfstatat(4, "", [pid 6238] <... close resumed>) = 0 ./strace-static-x86_64: Process 6240 attached [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6239] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6238] close(4 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6240] set_robust_list(0x5555934ed660, 24 [pid 6238] <... close resumed>) = 0 [pid 5828] getdents64(4, [pid 6240] <... set_robust_list resumed>) = 0 [ 126.113418][ T6239] loop4: detected capacity change from 0 to 1024 [ 126.125567][ T6238] loop3: detected capacity change from 0 to 1024 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6238] mkdir("./file1", 0777 [pid 6240] chdir("./82" [pid 5829] <... close resumed>) = 0 [pid 6240] <... chdir resumed>) = 0 [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6238] <... mkdir resumed>) = 0 [pid 5828] close(4 [pid 6240] <... prctl resumed>) = 0 [pid 6240] setpgid(0, 0 [pid 5828] <... close resumed>) = 0 [pid 6240] <... setpgid resumed>) = 0 [pid 6238] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] rmdir("./78/file1" [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6240] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 6240] write(3, "1000", 4./strace-static-x86_64: Process 6241 attached ) = 4 [pid 5828] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6240] close(3 [pid 6241] set_robust_list(0x5555934ed660, 24 [pid 6240] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6241] <... set_robust_list resumed>) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs" [pid 6239] <... mount resumed>) = 0 [pid 6241] chdir("./80" [pid 6240] <... symlink resumed>) = 0 [pid 6239] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6241] <... chdir resumed>) = 0 [pid 6239] <... openat resumed>) = 3 executing program [pid 6241] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6241 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./78/binderfs" [pid 6241] <... prctl resumed>) = 0 [pid 6240] write(1, "executing program\n", 18 [pid 6239] chdir("./file1" [pid 5828] <... unlink resumed>) = 0 [pid 6241] setpgid(0, 0 [pid 5828] getdents64(3, [pid 6241] <... setpgid resumed>) = 0 [pid 6240] <... write resumed>) = 18 [pid 6239] <... chdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6240] memfd_create("syzkaller", 0 [pid 6239] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6238] <... mount resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6240] <... memfd_create resumed>) = 3 [pid 6239] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6241] <... openat resumed>) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6239] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] rmdir("./78" [pid 6240] <... mmap resumed>) = 0x7ff1eb400000 [pid 6240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... rmdir resumed>) = 0 [pid 6241] write(3, "1000", 4 [pid 6238] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] mkdir("./79", 0777) = 0 [pid 6241] <... write resumed>) = 4 [pid 6241] close(3 [pid 6238] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6241] <... close resumed>) = 0 [pid 6238] chdir("./file1" [pid 5828] <... openat resumed>) = 3 [pid 6238] <... chdir resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6241] symlink("/dev/binderfs", "./binderfs" [pid 6238] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... ioctl resumed>) = 0 [pid 6241] <... symlink resumed>) = 0 [pid 6238] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] close(3 [pid 6238] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6241] write(1, "executing program\n", 18executing program [pid 5828] <... close resumed>) = 0 [pid 6241] <... write resumed>) = 18 [pid 6239] <... link resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6239] sync( [pid 6238] <... link resumed>) = 0 [pid 6241] memfd_create("syzkaller", 0 [pid 6240] <... write resumed>) = 524288 [pid 6241] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 6243 attached [pid 6241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6238] sync( [pid 6243] set_robust_list(0x5555934ed660, 24) = 0 [pid 6241] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6243 [pid 6243] chdir("./79" [pid 6240] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6240] ioctl(4, LOOP_SET_FD, 3 [pid 6243] <... chdir resumed>) = 0 [pid 6241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6239] <... sync resumed>) = 0 [pid 6243] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6239] exit_group(0 [pid 6243] <... prctl resumed>) = 0 [pid 6239] <... exit_group resumed>) = ? [pid 6243] setpgid(0, 0 [pid 6238] <... sync resumed>) = 0 [pid 6238] exit_group(0) = ? [pid 6243] <... setpgid resumed>) = 0 [pid 6239] +++ exited with 0 +++ [pid 6238] +++ exited with 0 +++ [pid 6243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6239, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6238, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6243] <... openat resumed>) = 3 [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6243] write(3, "1000", 4 [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6243] <... write resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6243] close(3 [pid 5832] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6243] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6243] symlink("/dev/binderfs", "./binderfs" [pid 5831] newfstatat(3, "", [pid 5832] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6240] <... ioctl resumed>) = 0 [pid 6243] <... symlink resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] getdents64(3, [pid 6240] close(3) = 0 [pid 6240] close(4) = 0 [pid 6241] <... write resumed>) = 524288 [pid 6240] mkdir("./file1", 0777) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(3, executing program [pid 6243] write(1, "executing program\n", 18 [pid 6241] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6240] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6243] <... write resumed>) = 18 [pid 6241] <... munmap resumed>) = 0 [ 126.278028][ T6240] loop2: detected capacity change from 0 to 1024 [pid 6243] memfd_create("syzkaller", 0) = 3 [pid 6241] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6241] <... openat resumed>) = 4 [pid 6241] ioctl(4, LOOP_SET_FD, 3 [pid 6243] <... mmap resumed>) = 0x7ff1eb400000 [pid 6240] <... mount resumed>) = 0 [pid 6240] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6240] chdir("./file1") = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6240] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6240] sync( [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./72/file1") = 0 [pid 5831] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./72/binderfs", [pid 6240] <... sync resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6240] exit_group(0 [pid 5831] unlink("./72/binderfs" [pid 6243] <... write resumed>) = 524288 [pid 5832] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... unlink resumed>) = 0 [pid 6240] <... exit_group resumed>) = ? [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6240] +++ exited with 0 +++ [pid 5832] newfstatat(AT_FDCWD, "./78/file1", [pid 5831] getdents64(3, [pid 6241] <... ioctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6241] close(3) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6241] close(4 [pid 5832] openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6241] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 6243] munmap(0x7ff1eb400000, 138412032 [pid 6241] mkdir("./file1", 0777 [pid 5832] newfstatat(4, "", [pid 5831] rmdir("./72" [pid 5830] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6241] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5831] mkdir("./73", 0777 [pid 5830] newfstatat(3, "", [pid 6243] <... munmap resumed>) = 0 [ 126.348081][ T6241] loop1: detected capacity change from 0 to 1024 [pid 6241] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] getdents64(4, [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6243] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(3, [pid 6243] <... openat resumed>) = 4 [pid 5832] getdents64(4, [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6243] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(4) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] rmdir("./78/file1") = 0 [pid 5832] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6244 attached [pid 5832] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6244] set_robust_list(0x5555934ed660, 24 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6244] <... set_robust_list resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6244 [pid 6244] chdir("./73" [pid 6243] <... ioctl resumed>) = 0 [pid 5832] unlink("./78/binderfs" [pid 6244] <... chdir resumed>) = 0 [pid 6241] <... mount resumed>) = 0 [pid 6241] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6243] close(3 [pid 6241] <... openat resumed>) = 3 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6241] chdir("./file1" [pid 5832] getdents64(3, [pid 6243] <... close resumed>) = 0 [pid 6241] <... chdir resumed>) = 0 [pid 6243] close(4 [pid 6241] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6243] <... close resumed>) = 0 [pid 6244] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6243] mkdir("./file1", 0777 [pid 6241] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] close(3 [pid 6244] <... prctl resumed>) = 0 [pid 6241] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... close resumed>) = 0 [pid 6244] setpgid(0, 0 [pid 5832] rmdir("./78" [pid 5830] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6243] <... mkdir resumed>) = 0 [pid 6244] <... setpgid resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... rmdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./82/file1", [pid 6244] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6243] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] mkdir("./79", 0777 [pid 5830] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6244] write(3, "1000", 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6244] <... write resumed>) = 4 [pid 5830] <... openat resumed>) = 4 [pid 6244] close(3 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6244] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 6244] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6244] <... symlink resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 6244] write(1, "executing program\n", 18 [pid 5830] getdents64(4, [pid 6244] <... write resumed>) = 18 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6244] memfd_create("syzkaller", 0 [pid 5830] close(4 [pid 6244] <... memfd_create resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] rmdir("./82/file1") = 0 [pid 6244] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 126.422288][ T6243] loop0: detected capacity change from 0 to 1024 [pid 5830] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./82/binderfs", [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] unlink("./82/binderfs") = 0 [pid 5830] getdents64(3, [pid 5832] close(3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6241] <... link resumed>) = 0 [pid 5830] close(3) = 0 [pid 6241] sync( [pid 5832] <... close resumed>) = 0 [pid 5830] rmdir("./82" [pid 6244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6245 attached [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6245 [pid 6245] set_robust_list(0x5555934ed660, 24 [pid 5830] mkdir("./83", 0777 [pid 6245] <... set_robust_list resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6245] chdir("./79") = 0 [pid 6243] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6243] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6244] <... write resumed>) = 524288 [pid 6245] setpgid(0, 0 [pid 6243] <... openat resumed>) = 3 [pid 6243] chdir("./file1" [pid 6245] <... setpgid resumed>) = 0 [pid 6244] munmap(0x7ff1eb400000, 138412032 [pid 6245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6244] <... munmap resumed>) = 0 [pid 6243] <... chdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 6245] <... openat resumed>) = 3 [pid 6243] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6243] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6245] write(3, "1000", 4 [pid 6244] ioctl(4, LOOP_SET_FD, 3executing program [pid 6245] <... write resumed>) = 4 [pid 6244] <... ioctl resumed>) = 0 [pid 6243] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6245] close(3) = 0 [pid 6245] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6246 attached ) = 0 [pid 6245] write(1, "executing program\n", 18 [pid 6241] <... sync resumed>) = 0 [pid 6245] <... write resumed>) = 18 [pid 6246] set_robust_list(0x5555934ed660, 24 [pid 6245] memfd_create("syzkaller", 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6246 [pid 6246] <... set_robust_list resumed>) = 0 [pid 6246] chdir("./83") = 0 [pid 6246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6246] setpgid(0, 0) = 0 [pid 6246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6246] write(3, "1000", 4) = 4 [pid 6246] close(3) = 0 [pid 6246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6245] <... memfd_create resumed>) = 3 [pid 6244] close(3 [pid 6241] exit_group(0 [pid 6245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6241] <... exit_group resumed>) = ? executing program [pid 6244] <... close resumed>) = 0 [pid 6246] write(1, "executing program\n", 18 [pid 6244] close(4 [pid 6246] <... write resumed>) = 18 [pid 6244] <... close resumed>) = 0 [pid 6246] memfd_create("syzkaller", 0 [pid 6244] mkdir("./file1", 0777 [pid 6245] <... mmap resumed>) = 0x7ff1eb400000 [pid 6246] <... memfd_create resumed>) = 3 [pid 6245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6244] <... mkdir resumed>) = 0 [pid 6246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6243] <... link resumed>) = 0 [pid 6241] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6241, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6244] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [ 126.539007][ T6244] loop3: detected capacity change from 0 to 1024 [pid 6243] sync( [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6246] <... write resumed>) = 524288 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 6245] <... write resumed>) = 524288 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6244] <... mount resumed>) = 0 [pid 6244] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6244] chdir("./file1") = 0 [pid 6245] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5829] <... umount2 resumed>) = 0 [pid 6244] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6245] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6245] ioctl(4, LOOP_SET_FD, 3 [pid 6246] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5829] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6246] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6246] ioctl(4, LOOP_SET_FD, 3 [pid 6243] <... sync resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6243] exit_group(0 [pid 5829] newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6244] <... link resumed>) = 0 [pid 6243] <... exit_group resumed>) = ? [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6244] sync( [pid 5829] openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 6243] +++ exited with 0 +++ [pid 5829] rmdir("./80/file1" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6243, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] <... rmdir resumed>) = 0 [pid 5829] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6244] <... sync resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6244] exit_group(0 [pid 5829] unlink("./80/binderfs" [pid 5828] <... openat resumed>) = 3 [pid 6244] <... exit_group resumed>) = ? [pid 5829] <... unlink resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6244] +++ exited with 0 +++ [pid 5829] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6244, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] getdents64(3, [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] close(3 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6245] <... ioctl resumed>) = 0 [pid 5829] rmdir("./80" [pid 5828] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6245] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 6245] <... close resumed>) = 0 [pid 5831] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6246] <... ioctl resumed>) = 0 [pid 6245] close(4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mkdir("./81", 0777 [pid 6245] <... close resumed>) = 0 [ 126.647914][ T6245] loop4: detected capacity change from 0 to 1024 [ 126.669849][ T6246] loop2: detected capacity change from 0 to 1024 [pid 6246] close(3 [pid 6245] mkdir("./file1", 0777 [pid 5831] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... mkdir resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6245] <... mkdir resumed>) = 0 [pid 6246] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5829] <... openat resumed>) = 3 [pid 6246] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6246] <... close resumed>) = 0 [pid 6245] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] getdents64(3, [pid 5829] <... ioctl resumed>) = 0 [pid 6246] mkdir("./file1", 0777 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] close(3 [pid 6246] <... mkdir resumed>) = 0 [pid 5831] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6248 attached [pid 6248] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6248 [pid 6248] <... set_robust_list resumed>) = 0 [pid 6248] chdir("./81" [pid 6246] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6248] <... chdir resumed>) = 0 [pid 6246] <... mount resumed>) = 0 [pid 6245] <... mount resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6248] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6245] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6246] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6245] chdir("./file1" [pid 6246] <... openat resumed>) = 3 [pid 6245] <... chdir resumed>) = 0 [pid 5828] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6246] chdir("./file1" [pid 6245] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6246] <... chdir resumed>) = 0 [pid 6245] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6246] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5828] newfstatat(AT_FDCWD, "./79/file1", [pid 6246] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6245] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 6248] <... prctl resumed>) = 0 [pid 5828] rmdir("./79/file1") = 0 [pid 5828] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./79/binderfs") = 0 [pid 5828] getdents64(3, [pid 6248] setpgid(0, 0) = 0 [pid 6248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6245] <... link resumed>) = 0 [pid 6248] <... openat resumed>) = 3 [pid 6246] <... link resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6248] write(3, "1000", 4 [pid 6246] sync( [pid 6245] sync( [pid 5831] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 6248] <... write resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6248] close(3 [pid 5828] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./73/file1", [pid 6248] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] rmdir("./79" [pid 6248] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... rmdir resumed>) = 0 [pid 6248] <... symlink resumed>) = 0 [pid 6248] write(1, "executing program\n", 18executing program ) = 18 [pid 5831] openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", [pid 5828] mkdir("./80", 0777 [pid 6248] memfd_create("syzkaller", 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] getdents64(4, [pid 5828] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] close(4 [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 6248] <... memfd_create resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 6248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6248] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./73/file1" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6249 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6249 attached [pid 6248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./73/binderfs" [pid 6246] <... sync resumed>) = 0 [pid 6245] <... sync resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 6246] exit_group(0 [pid 6245] exit_group(0 [pid 5831] getdents64(3, [pid 6246] <... exit_group resumed>) = ? [pid 6245] <... exit_group resumed>) = ? [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6249] set_robust_list(0x5555934ed660, 24 [pid 6245] +++ exited with 0 +++ [pid 5831] close(3 [pid 6249] <... set_robust_list resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6245, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6249] chdir("./80") = 0 [pid 5831] <... close resumed>) = 0 [pid 6249] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./73" [pid 6249] <... prctl resumed>) = 0 [pid 6246] +++ exited with 0 +++ [pid 5832] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./74", 0777 [pid 5832] <... openat resumed>) = 3 [pid 6249] setpgid(0, 0 [pid 5832] newfstatat(3, "", [pid 5831] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... openat resumed>) = 3 [pid 5832] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6249] <... setpgid resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6246, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... ioctl resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6249] <... openat resumed>) = 3 [pid 5831] close(3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 6249] write(3, "1000", 4) = 4 [pid 6249] close(3) = 0 [pid 6248] <... write resumed>) = 524288 [pid 5830] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6249] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6249] write(1, "executing program\n", 18) = 18 [pid 5830] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6248] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... close resumed>) = 0 [pid 6249] memfd_create("syzkaller", 0 [pid 6248] <... munmap resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6249] <... memfd_create resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 6248] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6250 attached [pid 6249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6250] set_robust_list(0x5555934ed660, 24 [pid 6249] <... mmap resumed>) = 0x7ff1eb400000 [pid 6248] <... openat resumed>) = 4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6250 [pid 5830] getdents64(3, [pid 6250] <... set_robust_list resumed>) = 0 [pid 6250] chdir("./74" [pid 6249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6248] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6250] <... chdir resumed>) = 0 [pid 5830] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6250] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6248] <... ioctl resumed>) = 0 [pid 6250] <... prctl resumed>) = 0 [pid 6248] close(3 [pid 6250] setpgid(0, 0 [pid 6248] <... close resumed>) = 0 [pid 6250] <... setpgid resumed>) = 0 [pid 6250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6248] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6250] <... openat resumed>) = 3 [pid 6248] <... close resumed>) = 0 [pid 5830] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6250] write(3, "1000", 4 [pid 6248] mkdir("./file1", 0777 [pid 6250] <... write resumed>) = 4 [pid 6250] close(3 [pid 6248] <... mkdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6250] <... close resumed>) = 0 [pid 6248] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6250] write(1, "executing program\n", 18 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6250] <... write resumed>) = 18 [pid 6249] <... write resumed>) = 524288 [pid 5832] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6250] memfd_create("syzkaller", 0) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] newfstatat(AT_FDCWD, "./79/file1", [pid 6250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(4, [pid 5832] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./83/file1") = 0 [pid 5830] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./83/binderfs", [pid 5832] openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5830] unlink("./83/binderfs") = 0 [ 126.909817][ T6248] loop1: detected capacity change from 0 to 1024 [pid 6249] munmap(0x7ff1eb400000, 138412032 [pid 5832] newfstatat(4, "", [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6249] <... munmap resumed>) = 0 [pid 6248] <... mount resumed>) = 0 [pid 5830] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6248] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6248] chdir("./file1" [pid 5832] getdents64(4, [pid 6248] <... chdir resumed>) = 0 [pid 6248] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./83" [pid 6248] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 6248] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 5830] mkdir("./84", 0777 [pid 5832] rmdir("./79/file1" [pid 6249] <... openat resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5832] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6249] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6250] <... write resumed>) = 524288 [pid 5832] unlink("./79/binderfs"./strace-static-x86_64: Process 6251 attached [pid 6251] set_robust_list(0x5555934ed660, 24 [pid 6248] <... link resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6251 [pid 6251] <... set_robust_list resumed>) = 0 [pid 6251] chdir("./84") = 0 [pid 6248] sync( [pid 5832] getdents64(3, [pid 6249] <... ioctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6251] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6250] munmap(0x7ff1eb400000, 138412032 [pid 6249] close(3 [pid 5832] close(3 [pid 6251] <... prctl resumed>) = 0 [pid 6251] setpgid(0, 0) = 0 [pid 6251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... close resumed>) = 0 [pid 6251] <... openat resumed>) = 3 [pid 6249] <... close resumed>) = 0 [pid 5832] rmdir("./79" [pid 6251] write(3, "1000", 4) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 6249] close(4 [pid 6251] close(3) = 0 [pid 6250] <... munmap resumed>) = 0 [pid 6251] symlink("/dev/binderfs", "./binderfs" [pid 6249] <... close resumed>) = 0 [pid 6251] <... symlink resumed>) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6249] mkdir("./file1", 0777 [pid 5832] mkdir("./80", 0777 [pid 6250] <... openat resumed>) = 4 [pid 5832] <... mkdir resumed>) = 0 executing program [pid 6251] write(1, "executing program\n", 18 [pid 6250] ioctl(4, LOOP_SET_FD, 3 [pid 6249] <... mkdir resumed>) = 0 [ 126.980064][ T6249] loop0: detected capacity change from 0 to 1024 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6251] <... write resumed>) = 18 [pid 6251] memfd_create("syzkaller", 0) = 3 [pid 6251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6249] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 6251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] close(3 [pid 6251] <... write resumed>) = 524288 [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6251] munmap(0x7ff1eb400000, 138412032) = 0 [ 127.026724][ T6250] loop3: detected capacity change from 0 to 1024 [pid 6251] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6251] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6252 attached [pid 6250] <... ioctl resumed>) = 0 [pid 6250] close(3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6252 [pid 6250] <... close resumed>) = 0 [pid 6250] close(4 [pid 6252] set_robust_list(0x5555934ed660, 24 [pid 6250] <... close resumed>) = 0 [pid 6252] <... set_robust_list resumed>) = 0 [pid 6250] mkdir("./file1", 0777 [pid 6252] chdir("./80") = 0 [pid 6250] <... mkdir resumed>) = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6249] <... mount resumed>) = 0 [pid 6252] <... prctl resumed>) = 0 [pid 6250] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6249] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6248] <... sync resumed>) = 0 [pid 6252] setpgid(0, 0 [pid 6249] <... openat resumed>) = 3 [pid 6248] exit_group(0) = ? [pid 6252] <... setpgid resumed>) = 0 [pid 6251] <... ioctl resumed>) = 0 [pid 6249] chdir("./file1" [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6251] close(3 [pid 6249] <... chdir resumed>) = 0 [pid 6252] <... openat resumed>) = 3 [pid 6251] <... close resumed>) = 0 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6251] close(4 [pid 6249] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6252] write(3, "1000", 4 [pid 6251] <... close resumed>) = 0 [pid 6249] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6248] +++ exited with 0 +++ [pid 6252] <... write resumed>) = 4 [pid 6251] mkdir("./file1", 0777 [pid 6252] close(3 [pid 6251] <... mkdir resumed>) = 0 [pid 6252] <... close resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6248, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6252] symlink("/dev/binderfs", "./binderfs" [pid 6251] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6252] <... symlink resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6250] <... mount resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6252] write(1, "executing program\n", 18 executing program [pid 6250] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6250] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 6252] <... write resumed>) = 18 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6252] memfd_create("syzkaller", 0) = 3 [pid 6250] chdir("./file1" [pid 5829] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6250] <... chdir resumed>) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6250] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6252] <... mmap resumed>) = 0x7ff1eb400000 [ 127.070650][ T6251] loop2: detected capacity change from 0 to 1024 [pid 6251] <... mount resumed>) = 0 [pid 6249] <... link resumed>) = 0 [pid 6250] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6249] sync( [pid 6251] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6251] <... openat resumed>) = 3 [pid 6251] chdir("./file1" [pid 5829] <... umount2 resumed>) = 0 [pid 6251] <... chdir resumed>) = 0 [pid 6251] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6250] <... link resumed>) = 0 [pid 5829] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6251] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6250] sync( [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6251] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] newfstatat(AT_FDCWD, "./81/file1", [pid 6252] <... write resumed>) = 524288 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6252] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6252] <... munmap resumed>) = 0 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6251] <... link resumed>) = 0 [pid 5829] getdents64(4, [pid 6252] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6251] sync( [pid 6252] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6252] ioctl(4, LOOP_SET_FD, 3 [pid 6250] <... sync resumed>) = 0 [pid 6249] <... sync resumed>) = 0 [pid 6249] exit_group(0 [pid 6250] exit_group(0 [pid 6249] <... exit_group resumed>) = ? [pid 6250] <... exit_group resumed>) = ? [pid 5829] getdents64(4, [pid 6250] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6250, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] close(4 [pid 5831] newfstatat(3, "", [pid 6252] <... ioctl resumed>) = 0 [pid 6251] <... sync resumed>) = 0 [pid 6249] +++ exited with 0 +++ [pid 5829] <... close resumed>) = 0 [pid 6252] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./81/file1" [pid 6252] <... close resumed>) = 0 [pid 6251] exit_group(0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6252] close(4 [pid 6251] <... exit_group resumed>) = ? [pid 5831] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6249, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6252] <... close resumed>) = 0 [pid 6251] +++ exited with 0 +++ [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6251, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6252] mkdir("./file1", 0777 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... restart_syscall resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 6252] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6252] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6252] <... mount resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./81/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [ 127.193605][ T6252] loop4: detected capacity change from 0 to 1024 [pid 5830] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] unlink("./81/binderfs" [pid 5828] newfstatat(3, "", [pid 6252] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6252] chdir("./file1" [pid 5829] <... unlink resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6252] <... chdir resumed>) = 0 [pid 5831] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6252] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] newfstatat(3, "", [pid 5829] getdents64(3, [pid 5828] getdents64(3, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] newfstatat(AT_FDCWD, "./74/file1", [pid 6252] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] close(3) = 0 [pid 6252] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] getdents64(3, [pid 5829] rmdir("./81" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", [pid 5829] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] mkdir("./82", 0777 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6252] <... link resumed>) = 0 [pid 5830] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... mkdir resumed>) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./74/file1") = 0 [pid 6252] sync( [pid 5830] <... umount2 resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./80/file1", [pid 5830] newfstatat(AT_FDCWD, "./84/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] rmdir("./80/file1" [pid 5831] unlink("./74/binderfs" [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... ioctl resumed>) = 0 [pid 5828] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5830] openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5828] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5831] close(3 [pid 5830] newfstatat(4, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] close(3 [pid 5828] unlink("./80/binderfs" [pid 5831] rmdir("./74" [pid 5830] getdents64(4, [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 5828] <... unlink resumed>) = 0 [pid 6252] <... sync resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6252] exit_group(0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6252] <... exit_group resumed>) = ? [pid 5828] close(3) = 0 [pid 6252] +++ exited with 0 +++ [pid 5831] mkdir("./75", 0777 [pid 5830] close(4 [pid 5828] rmdir("./80" [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] rmdir("./84/file1" [pid 5828] mkdir("./81", 0777./strace-static-x86_64: Process 6254 attached [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6254] set_robust_list(0x5555934ed660, 24 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] close(3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6254 [pid 6254] <... set_robust_list resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5828] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6254] chdir("./82" [pid 5832] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] unlink("./84/binderfs" [pid 5828] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... unlink resumed>) = 0 [pid 5828] close(3 [pid 6254] <... chdir resumed>) = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 5828] <... close resumed>) = 0 [pid 6254] <... prctl resumed>) = 0 [pid 6254] setpgid(0, 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6255 attached [pid 6254] <... setpgid resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5830] close(3 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... close resumed>) = 0 [pid 6255] set_robust_list(0x5555934ed660, 24 [pid 6254] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 5830] rmdir("./84" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6255 [pid 6255] <... set_robust_list resumed>) = 0 [pid 6254] write(3, "1000", 4) = 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... rmdir resumed>) = 0 [pid 6255] chdir("./81" [pid 6254] close(3 [pid 5832] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6255] <... chdir resumed>) = 0 [pid 6254] <... close resumed>) = 0 [pid 5830] mkdir("./85", 0777 [pid 6255] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6254] symlink("/dev/binderfs", "./binderfs"executing program [pid 6255] <... prctl resumed>) = 0 [pid 6254] <... symlink resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6254] write(1, "executing program\n", 18 [pid 6255] setpgid(0, 0 [pid 6254] <... write resumed>) = 18 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6255] <... setpgid resumed>) = 0 [pid 6254] memfd_create("syzkaller", 0 [pid 5831] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6254] <... memfd_create resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6255] <... openat resumed>) = 3 [pid 6254] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... ioctl resumed>) = 0 [pid 6255] write(3, "1000", 4 [pid 6254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] close(3 [pid 6255] <... write resumed>) = 4 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6255] close(3 [pid 5830] <... close resumed>) = 0 [pid 6255] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6255] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 6257 attached ./strace-static-x86_64: Process 6256 attached [pid 6255] write(1, "executing program\n", 18executing program [pid 6257] set_robust_list(0x5555934ed660, 24 [pid 5832] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6257] <... set_robust_list resumed>) = 0 [pid 6256] set_robust_list(0x5555934ed660, 24 [pid 6255] <... write resumed>) = 18 [pid 6254] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6257 [pid 6257] chdir("./75" [pid 5832] newfstatat(AT_FDCWD, "./80/file1", [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6256 [pid 6256] <... set_robust_list resumed>) = 0 [pid 6255] memfd_create("syzkaller", 0 [pid 6257] <... chdir resumed>) = 0 [pid 6256] chdir("./85" [pid 6255] <... memfd_create resumed>) = 3 [pid 6254] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6257] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6256] <... chdir resumed>) = 0 [pid 6255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6254] <... munmap resumed>) = 0 [pid 5832] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6256] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6255] <... mmap resumed>) = 0x7ff1eb400000 [pid 6257] <... prctl resumed>) = 0 [pid 6254] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6257] setpgid(0, 0 [pid 6256] <... prctl resumed>) = 0 [pid 6254] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6257] <... setpgid resumed>) = 0 [pid 6254] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... openat resumed>) = 4 [pid 6257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6256] setpgid(0, 0 [pid 6255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] newfstatat(4, "", [pid 6257] <... openat resumed>) = 3 [pid 6256] <... setpgid resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6257] write(3, "1000", 4 [pid 6256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] getdents64(4, [pid 6257] <... write resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6257] close(3 [pid 5832] getdents64(4, [pid 6257] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6257] symlink("/dev/binderfs", "./binderfs" [pid 5832] close(4executing program [pid 6257] <... symlink resumed>) = 0 [pid 6256] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 6257] write(1, "executing program\n", 18 [pid 5832] rmdir("./80/file1" [pid 6257] <... write resumed>) = 18 [pid 6256] write(3, "1000", 4 [pid 5832] <... rmdir resumed>) = 0 [pid 6256] <... write resumed>) = 4 [pid 6256] close(3 [pid 6257] memfd_create("syzkaller", 0 [pid 5832] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6257] <... memfd_create resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6256] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./80/binderfs", [pid 6256] symlink("/dev/binderfs", "./binderfs" [pid 6257] <... mmap resumed>) = 0x7ff1eb400000 [pid 6256] <... symlink resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6256] write(1, "executing program\n", 18 [pid 5832] unlink("./80/binderfs"executing program [pid 6256] <... write resumed>) = 18 [pid 5832] <... unlink resumed>) = 0 [pid 6256] memfd_create("syzkaller", 0 [pid 5832] getdents64(3, [pid 6256] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5832] close(3) = 0 [pid 5832] rmdir("./80" [pid 6256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6255] <... write resumed>) = 524288 [pid 6254] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./81", 0777 [pid 6255] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... mkdir resumed>) = 0 [pid 6255] <... munmap resumed>) = 0 [pid 6254] close(3) = 0 [pid 6254] close(4) = 0 [pid 6254] mkdir("./file1", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6254] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6255] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 6255] <... openat resumed>) = 4 [ 127.417494][ T6254] loop1: detected capacity change from 0 to 1024 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6258 attached [pid 6257] <... write resumed>) = 524288 [pid 6255] ioctl(4, LOOP_SET_FD, 3 [pid 6258] set_robust_list(0x5555934ed660, 24) = 0 [pid 6255] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6258] chdir("./81") = 0 [pid 6255] ioctl(4, LOOP_CLR_FD) = 0 [pid 6258] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6254] <... mount resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6258 [pid 6258] <... prctl resumed>) = 0 [pid 6255] ioctl(4, LOOP_SET_FD, 3 [pid 6254] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6258] setpgid(0, 0 [pid 6255] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6254] <... openat resumed>) = 3 [pid 6258] <... setpgid resumed>) = 0 [pid 6255] close(4 [pid 6258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6256] <... write resumed>) = 524288 [pid 6255] <... close resumed>) = 0 [pid 6254] chdir("./file1" [pid 6257] munmap(0x7ff1eb400000, 138412032 [pid 6256] munmap(0x7ff1eb400000, 138412032 [pid 6255] close(3 [pid 6254] <... chdir resumed>) = 0 [pid 6258] <... openat resumed>) = 3 [pid 6254] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6258] write(3, "1000", 4 [pid 6254] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6258] <... write resumed>) = 4 [pid 6254] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6258] close(3) = 0 [pid 6258] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6258] write(1, "executing program\n", 18 [pid 6255] <... close resumed>) = 0 [pid 6258] <... write resumed>) = 18 [pid 6258] memfd_create("syzkaller", 0 [pid 6257] <... munmap resumed>) = 0 [pid 6256] <... munmap resumed>) = 0 [pid 6257] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6256] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6258] <... memfd_create resumed>) = 3 [pid 6257] <... openat resumed>) = 4 [pid 6256] <... openat resumed>) = 4 [pid 6255] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6257] ioctl(4, LOOP_SET_FD, 3 [pid 6256] ioctl(4, LOOP_SET_FD, 3 [pid 6258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6255] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6258] <... mmap resumed>) = 0x7ff1eb400000 [pid 6255] sync( [pid 6254] <... link resumed>) = 0 [pid 6254] sync( [pid 6258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6256] <... ioctl resumed>) = 0 [pid 6255] <... sync resumed>) = 0 [pid 6254] <... sync resumed>) = 0 [pid 6255] exit_group(0 [pid 6254] exit_group(0 [pid 6255] <... exit_group resumed>) = ? [pid 6254] <... exit_group resumed>) = ? [pid 6257] <... ioctl resumed>) = 0 [pid 6256] close(3 [pid 6255] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6255, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6258] munmap(0x7ff1eb400000, 138412032 [pid 6256] <... close resumed>) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6256] close(4 [pid 6258] <... munmap resumed>) = 0 [pid 6256] <... close resumed>) = 0 [pid 6257] close(3 [pid 6256] mkdir("./file1", 0777 [pid 6258] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6257] <... close resumed>) = 0 [pid 6256] <... mkdir resumed>) = 0 [pid 6257] close(4 [pid 6256] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6257] <... close resumed>) = 0 [ 127.518303][ T6256] loop2: detected capacity change from 0 to 1024 [ 127.526367][ T6257] loop3: detected capacity change from 0 to 1024 [pid 6258] <... openat resumed>) = 4 [pid 6258] ioctl(4, LOOP_SET_FD, 3 [pid 6257] mkdir("./file1", 0777) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6257] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... openat resumed>) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 5828] newfstatat(3, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 5828] getdents64(3, [pid 6256] <... mount resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6256] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6256] <... openat resumed>) = 3 [pid 5829] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6256] chdir("./file1" [pid 5828] newfstatat(AT_FDCWD, "./81/binderfs", [pid 6256] <... chdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6256] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] unlink("./81/binderfs") = 0 [pid 6256] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] getdents64(3, [pid 6256] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6257] <... mount resumed>) = 0 [pid 5828] close(3 [pid 5829] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6258] <... ioctl resumed>) = 0 [pid 6257] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... openat resumed>) = 4 [pid 5828] <... close resumed>) = 0 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] rmdir("./81" [pid 6257] <... openat resumed>) = 3 [pid 5829] getdents64(4, [pid 6258] close(3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6258] <... close resumed>) = 0 [pid 6257] chdir("./file1" [pid 5828] <... rmdir resumed>) = 0 [pid 6258] close(4 [pid 5829] getdents64(4, [pid 6258] <... close resumed>) = 0 [pid 6257] <... chdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] mkdir("./82", 0777 [pid 6258] mkdir("./file1", 0777 [pid 6257] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] close(4 [pid 6258] <... mkdir resumed>) = 0 [pid 6257] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 127.580863][ T6258] loop4: detected capacity change from 0 to 1024 [pid 5829] <... close resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6257] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] rmdir("./82/file1" [pid 5828] <... openat resumed>) = 3 [pid 6258] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6256] <... link resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6256] sync( [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] close(3 [pid 5829] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] unlink("./82/binderfs"./strace-static-x86_64: Process 6259 attached ) = 0 [pid 5829] getdents64(3, [pid 6259] set_robust_list(0x5555934ed660, 24 [pid 6257] <... link resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6259 [pid 6258] <... mount resumed>) = 0 [pid 6258] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] close(3 [pid 6257] sync( [pid 6259] <... set_robust_list resumed>) = 0 [pid 6258] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 6258] chdir("./file1" [pid 5829] rmdir("./82" [pid 6258] <... chdir resumed>) = 0 [pid 6259] chdir("./82" [pid 6258] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6259] <... chdir resumed>) = 0 [pid 6258] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... rmdir resumed>) = 0 [pid 6259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6259] setpgid(0, 0 [pid 6258] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] mkdir("./83", 0777 [pid 6259] <... setpgid resumed>) = 0 [pid 6259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... mkdir resumed>) = 0 [pid 6259] <... openat resumed>) = 3 [pid 6259] write(3, "1000", 4) = 4 [pid 6259] close(3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6259] <... close resumed>) = 0 [pid 6259] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... openat resumed>) = 3 executing program [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 6259] <... symlink resumed>) = 0 [pid 6259] write(1, "executing program\n", 18 [pid 6257] <... sync resumed>) = 0 [pid 6256] <... sync resumed>) = 0 [pid 6259] <... write resumed>) = 18 [pid 6259] memfd_create("syzkaller", 0) = 3 [pid 6257] exit_group(0 [pid 6256] exit_group(0 [pid 6257] <... exit_group resumed>) = ? [pid 6256] <... exit_group resumed>) = ? [pid 5829] <... close resumed>) = 0 [pid 6259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6258] <... link resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6260 attached [pid 6259] <... mmap resumed>) = 0x7ff1eb400000 [pid 6258] sync( [pid 6260] set_robust_list(0x5555934ed660, 24) = 0 [pid 6257] +++ exited with 0 +++ [pid 6260] chdir("./83" [pid 6256] +++ exited with 0 +++ [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6260 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6257, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6260] <... chdir resumed>) = 0 [pid 6260] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6260] <... prctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6260] setpgid(0, 0 [pid 5831] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6260] <... setpgid resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6256, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] newfstatat(3, "", [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 6260] <... openat resumed>) = 3 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6260] write(3, "1000", 4 [pid 5830] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6260] <... write resumed>) = 4 [pid 5831] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6260] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6260] <... close resumed>) = 0 [pid 6260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... openat resumed>) = 3 executing program [pid 5830] newfstatat(3, "", [pid 6260] write(1, "executing program\n", 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6260] <... write resumed>) = 18 [pid 5830] getdents64(3, [pid 6260] memfd_create("syzkaller", 0 [pid 6258] <... sync resumed>) = 0 [pid 6258] exit_group(0 [pid 6260] <... memfd_create resumed>) = 3 [pid 6260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6258] <... exit_group resumed>) = ? [pid 6258] +++ exited with 0 +++ [pid 6260] <... mmap resumed>) = 0x7ff1eb400000 [pid 6260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6259] <... write resumed>) = 524288 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6258, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6259] munmap(0x7ff1eb400000, 138412032 [pid 5830] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6259] <... munmap resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] <... umount2 resumed>) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6259] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6259] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6259] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./75/file1") = 0 [pid 6260] <... write resumed>) = 524288 [pid 5831] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6259] <... ioctl resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5832] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6260] munmap(0x7ff1eb400000, 138412032 [pid 5832] newfstatat(AT_FDCWD, "./81/file1", [pid 5831] newfstatat(AT_FDCWD, "./75/binderfs", [pid 6260] <... munmap resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./75/binderfs") = 0 [pid 5832] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5830] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6260] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5832] openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./85/file1", [pid 5831] rmdir("./75" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6260] <... openat resumed>) = 4 [pid 5832] getdents64(4, [pid 5830] openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... openat resumed>) = 4 [pid 6259] close(3 [pid 5832] getdents64(4, [pid 5830] newfstatat(4, "", [ 127.801294][ T6259] loop0: detected capacity change from 0 to 1024 [pid 6260] ioctl(4, LOOP_SET_FD, 3 [pid 6259] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] mkdir("./76", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(4 [pid 5830] getdents64(4, [pid 5832] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] rmdir("./81/file1") = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6259] close(4 [pid 5832] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] getdents64(4, [pid 6259] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6259] mkdir("./file1", 0777 [pid 5832] newfstatat(AT_FDCWD, "./81/binderfs", [pid 5830] close(4 [pid 6259] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] rmdir("./85/file1" [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 5832] unlink("./81/binderfs" [pid 6259] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6261 attached [pid 5832] <... unlink resumed>) = 0 [pid 5830] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6261] set_robust_list(0x5555934ed660, 24 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6261 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5830] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6261] <... set_robust_list resumed>) = 0 [pid 5832] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6261] chdir("./76" [pid 5832] <... close resumed>) = 0 [pid 5830] unlink("./85/binderfs" [pid 5832] rmdir("./81" [pid 6261] <... chdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 6261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] mkdir("./82", 0777 [pid 5830] getdents64(3, [pid 6261] setpgid(0, 0 [pid 6260] <... ioctl resumed>) = 0 [pid 6261] <... setpgid resumed>) = 0 [pid 6261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6261] <... openat resumed>) = 3 [pid 6260] close(3 [pid 5830] close(3 [pid 6260] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6260] close(4 [pid 5830] <... close resumed>) = 0 [pid 6261] write(3, "1000", 4 [pid 6260] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6260] mkdir("./file1", 0777 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6260] <... mkdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] rmdir("./85" [pid 5832] close(3 [pid 6261] <... write resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 6261] close(3) = 0 [pid 6261] symlink("/dev/binderfs", "./binderfs" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6262 attached [pid 6261] <... symlink resumed>) = 0 [pid 6260] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] mkdir("./86", 0777 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6262 [ 127.848090][ T6260] loop1: detected capacity change from 0 to 1024 executing program [pid 6262] set_robust_list(0x5555934ed660, 24 [pid 6261] write(1, "executing program\n", 18 [pid 5830] <... mkdir resumed>) = 0 [pid 6262] <... set_robust_list resumed>) = 0 [pid 6262] chdir("./82" [pid 6261] <... write resumed>) = 18 [pid 6261] memfd_create("syzkaller", 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6262] <... chdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6262] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6261] <... memfd_create resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6262] <... prctl resumed>) = 0 [pid 6262] setpgid(0, 0 [pid 6261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... ioctl resumed>) = 0 [pid 6261] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] close(3 [pid 6262] <... setpgid resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6259] <... mount resumed>) = 0 [pid 6259] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6263 attached [pid 6262] <... openat resumed>) = 3 [pid 6259] <... openat resumed>) = 3 [pid 6259] chdir("./file1") = 0 [pid 6259] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6262] write(3, "1000", 4) = 4 [pid 6259] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6262] close(3) = 0 [pid 6259] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6263] set_robust_list(0x5555934ed660, 24 [pid 6262] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6263 [pid 6263] <... set_robust_list resumed>) = 0 [pid 6263] chdir("./86" [pid 6262] <... symlink resumed>) = 0 [pid 6263] <... chdir resumed>) = 0 [pid 6262] write(1, "executing program\n", 18 [pid 6260] <... mount resumed>) = 0 executing program [pid 6263] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6262] <... write resumed>) = 18 [pid 6260] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6263] <... prctl resumed>) = 0 [pid 6263] setpgid(0, 0 [pid 6260] <... openat resumed>) = 3 [pid 6262] memfd_create("syzkaller", 0 [pid 6263] <... setpgid resumed>) = 0 [pid 6260] chdir("./file1" [pid 6263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6262] <... memfd_create resumed>) = 3 [pid 6260] <... chdir resumed>) = 0 [pid 6263] <... openat resumed>) = 3 [pid 6262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6260] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6263] write(3, "1000", 4 [pid 6262] <... mmap resumed>) = 0x7ff1eb400000 [pid 6261] <... write resumed>) = 524288 [pid 6260] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6259] <... link resumed>) = 0 [pid 6263] <... write resumed>) = 4 [pid 6263] close(3 [pid 6262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6260] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6263] <... close resumed>) = 0 [pid 6263] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6261] munmap(0x7ff1eb400000, 138412032 [pid 6259] sync( [pid 6263] write(1, "executing program\n", 18 [pid 6261] <... munmap resumed>) = 0 [pid 6263] <... write resumed>) = 18 [pid 6261] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6261] ioctl(4, LOOP_SET_FD, 3 [pid 6263] memfd_create("syzkaller", 0) = 3 [pid 6263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6262] <... write resumed>) = 524288 [pid 6263] <... mmap resumed>) = 0x7ff1eb400000 [pid 6263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6260] <... link resumed>) = 0 [pid 6260] sync( [pid 6262] munmap(0x7ff1eb400000, 138412032 [pid 6261] <... ioctl resumed>) = 0 [pid 6259] <... sync resumed>) = 0 [pid 6261] close(3 [pid 6259] exit_group(0 [pid 6261] <... close resumed>) = 0 [pid 6259] <... exit_group resumed>) = ? [pid 6261] close(4 [pid 6260] <... sync resumed>) = 0 [pid 6262] <... munmap resumed>) = 0 [pid 6261] <... close resumed>) = 0 [pid 6260] exit_group(0 [pid 6263] <... write resumed>) = 524288 [pid 6262] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6261] mkdir("./file1", 0777 [pid 6260] <... exit_group resumed>) = ? [pid 6263] munmap(0x7ff1eb400000, 138412032 [pid 6262] <... openat resumed>) = 4 [pid 6261] <... mkdir resumed>) = 0 [pid 6260] +++ exited with 0 +++ [ 127.996739][ T6261] loop3: detected capacity change from 0 to 1024 [pid 6262] ioctl(4, LOOP_SET_FD, 3 [pid 6259] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6260, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6261] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6259, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6263] <... munmap resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6263] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6263] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6263] ioctl(4, LOOP_SET_FD, 3 [pid 5829] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6262] <... ioctl resumed>) = 0 [pid 5828] getdents64(3, [pid 6262] close(3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6262] <... close resumed>) = 0 [pid 5828] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6262] close(4) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6262] mkdir("./file1", 0777) = 0 [pid 5829] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6262] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./83/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6263] <... ioctl resumed>) = 0 [pid 5829] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6263] close(3 [pid 6261] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./82/file1", [pid 5829] openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6261] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6263] <... close resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 6263] close(4) = 0 [pid 6262] <... mount resumed>) = 0 [pid 6261] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6263] mkdir("./file1", 0777 [pid 6262] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] getdents64(4, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6263] <... mkdir resumed>) = 0 [pid 6262] <... openat resumed>) = 3 [pid 6261] chdir("./file1" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6261] <... chdir resumed>) = 0 [pid 6261] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] getdents64(4, [pid 5828] <... openat resumed>) = 4 [pid 6261] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6262] chdir("./file1" [pid 6261] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(4, "", [pid 6263] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6262] <... chdir resumed>) = 0 [ 128.053953][ T6262] loop4: detected capacity change from 0 to 1024 [ 128.087541][ T6263] loop2: detected capacity change from 0 to 1024 [pid 6262] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6262] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] getdents64(4, [pid 6262] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] rmdir("./83/file1" [pid 5828] getdents64(4, [pid 5829] <... rmdir resumed>) = 0 [pid 5829] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] close(4 [pid 5829] newfstatat(AT_FDCWD, "./83/binderfs", [pid 5828] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] rmdir("./82/file1" [pid 5829] unlink("./83/binderfs" [pid 5828] <... rmdir resumed>) = 0 [pid 6263] <... mount resumed>) = 0 [pid 6262] <... link resumed>) = 0 [pid 6263] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6262] sync( [pid 6261] <... link resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5828] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6263] <... openat resumed>) = 3 [pid 6261] sync( [pid 6263] chdir("./file1" [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./82/binderfs", [pid 6263] <... chdir resumed>) = 0 [pid 6263] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6263] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] close(3 [pid 5828] unlink("./82/binderfs" [pid 6263] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./83" [pid 5828] <... unlink resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, [pid 5829] mkdir("./84", 0777 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] close(3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./82") = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] mkdir("./83", 0777 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] <... mkdir resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] close(3 [pid 6263] <... link resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6263] sync( [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3./strace-static-x86_64: Process 6265 attached ) = 0 [pid 6265] set_robust_list(0x5555934ed660, 24 [pid 6262] <... sync resumed>) = 0 [pid 6261] <... sync resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6265] <... set_robust_list resumed>) = 0 [pid 6262] exit_group(0 [pid 6261] exit_group(0) = ? ./strace-static-x86_64: Process 6266 attached [pid 6265] chdir("./84" [pid 6262] <... exit_group resumed>) = ? [pid 6261] +++ exited with 0 +++ [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6265 [pid 6266] set_robust_list(0x5555934ed660, 24 [pid 6265] <... chdir resumed>) = 0 [pid 6266] <... set_robust_list resumed>) = 0 [pid 6265] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6266 [pid 6266] chdir("./83" [pid 6265] <... prctl resumed>) = 0 [pid 6262] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6261, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6265] setpgid(0, 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6262, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6265] <... setpgid resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6266] <... chdir resumed>) = 0 [pid 6265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6266] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6266] <... prctl resumed>) = 0 [pid 5831] getdents64(3, [pid 6266] setpgid(0, 0 [pid 6265] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6266] <... setpgid resumed>) = 0 [pid 6265] write(3, "1000", 4 [pid 5832] newfstatat(3, "", [pid 5831] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6265] <... write resumed>) = 4 [pid 6266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6265] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6265] <... close resumed>) = 0 [pid 6266] <... openat resumed>) = 3 [pid 6265] symlink("/dev/binderfs", "./binderfs" [pid 5832] getdents64(3, [pid 6266] write(3, "1000", 4executing program ) = 4 [pid 6265] <... symlink resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6266] close(3 [pid 6265] write(1, "executing program\n", 18 [pid 6266] <... close resumed>) = 0 [pid 6265] <... write resumed>) = 18 [pid 6266] symlink("/dev/binderfs", "./binderfs" [pid 6265] memfd_create("syzkaller", 0 [pid 5832] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6266] <... symlink resumed>) = 0 [pid 6265] <... memfd_create resumed>) = 3 [pid 6265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6266] write(1, "executing program\n", 18) = 18 [pid 6266] memfd_create("syzkaller", 0) = 3 [pid 6263] <... sync resumed>) = 0 [pid 6266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 6266] <... mmap resumed>) = 0x7ff1eb400000 [pid 6263] exit_group(0) = ? [pid 5831] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6265] <... write resumed>) = 524288 [pid 5831] umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6263] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6263, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./76/file1" [pid 6266] <... write resumed>) = 524288 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6265] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 6265] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5830] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6265] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./76/binderfs") = 0 [pid 5832] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 6266] munmap(0x7ff1eb400000, 138412032 [pid 6265] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6266] <... munmap resumed>) = 0 [pid 6265] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(AT_FDCWD, "./82/file1", [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6266] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3) = 0 [pid 5832] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6266] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 4 [pid 5831] rmdir("./76" [pid 6266] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(4, "", [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] mkdir("./77", 0777 [pid 5830] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5831] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] getdents64(4, [pid 5831] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] close(4 [pid 5831] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./82/file1" [pid 5831] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6267 attached [pid 5832] newfstatat(AT_FDCWD, "./82/binderfs", [pid 5830] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6267 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] unlink("./82/binderfs" [pid 5830] openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6265] <... ioctl resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6267] set_robust_list(0x5555934ed660, 24) = 0 [pid 6267] chdir("./77") = 0 [pid 6265] close(3 [pid 5832] getdents64(3, [pid 5830] newfstatat(4, "", [pid 6265] <... close resumed>) = 0 [pid 6265] close(4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6265] <... close resumed>) = 0 [pid 6265] mkdir("./file1", 0777 [pid 5830] getdents64(4, [pid 5832] close(3) = 0 [pid 5832] rmdir("./82" [pid 6265] <... mkdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6266] <... ioctl resumed>) = 0 [pid 5830] getdents64(4, [pid 6266] close(3 [pid 6265] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6266] <... close resumed>) = 0 [pid 5830] close(4 [pid 6266] close(4 [pid 6267] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6266] <... close resumed>) = 0 [pid 5832] mkdir("./83", 0777 [pid 5830] <... close resumed>) = 0 [pid 6266] mkdir("./file1", 0777 [pid 5830] rmdir("./86/file1" [pid 6267] <... prctl resumed>) = 0 [pid 6266] <... mkdir resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6267] setpgid(0, 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6267] <... setpgid resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6267] <... openat resumed>) = 3 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6268 attached [pid 6266] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 128.328823][ T6265] loop1: detected capacity change from 0 to 1024 [ 128.341967][ T6266] loop0: detected capacity change from 0 to 1024 [pid 6268] set_robust_list(0x5555934ed660, 24 [pid 6267] write(3, "1000", 4 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6268 [pid 5830] newfstatat(AT_FDCWD, "./86/binderfs", [pid 6268] <... set_robust_list resumed>) = 0 [pid 6267] <... write resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6268] chdir("./83" [pid 6267] close(3 [pid 5830] unlink("./86/binderfs" [pid 6268] <... chdir resumed>) = 0 [pid 6267] <... close resumed>) = 0 [pid 6268] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6267] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... unlink resumed>) = 0 [pid 6268] <... prctl resumed>) = 0 [pid 6267] <... symlink resumed>) = 0 [pid 5830] getdents64(3, executing program [pid 6268] setpgid(0, 0 [pid 6267] write(1, "executing program\n", 18 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6268] <... setpgid resumed>) = 0 [pid 6267] <... write resumed>) = 18 [pid 5830] close(3 [pid 6266] <... mount resumed>) = 0 [pid 6268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6267] memfd_create("syzkaller", 0 [pid 6266] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 6267] <... memfd_create resumed>) = 3 [pid 6268] <... openat resumed>) = 3 [pid 6267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6266] <... openat resumed>) = 3 [pid 5830] rmdir("./86" [pid 6267] <... mmap resumed>) = 0x7ff1eb400000 [pid 6268] write(3, "1000", 4 [pid 5830] <... rmdir resumed>) = 0 [pid 6268] <... write resumed>) = 4 [pid 6266] chdir("./file1" [pid 6268] close(3 [pid 6266] <... chdir resumed>) = 0 [pid 5830] mkdir("./87", 0777 [pid 6268] <... close resumed>) = 0 [pid 6266] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6268] symlink("/dev/binderfs", "./binderfs" [pid 6267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6266] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6268] <... symlink resumed>) = 0 [pid 6266] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"executing program [pid 6268] write(1, "executing program\n", 18) = 18 [pid 6268] memfd_create("syzkaller", 0) = 3 [pid 6268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6268] <... mmap resumed>) = 0x7ff1eb400000 [pid 6266] <... link resumed>) = 0 [pid 6265] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6266] sync( [pid 6265] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... openat resumed>) = 3 [pid 6265] chdir("./file1" [pid 6266] <... sync resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6265] <... chdir resumed>) = 0 [pid 6265] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... ioctl resumed>) = 0 [pid 6267] <... write resumed>) = 524288 [pid 6268] <... write resumed>) = 524288 [pid 6266] exit_group(0 [pid 6265] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] close(3 [pid 6266] <... exit_group resumed>) = ? [pid 6265] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6267] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6267] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6268] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6267] <... openat resumed>) = 4 [pid 6266] +++ exited with 0 +++ [pid 6268] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6267] ioctl(4, LOOP_SET_FD, 3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6266, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6268] <... openat resumed>) = 4 [pid 6268] ioctl(4, LOOP_SET_FD, 3 [pid 6265] <... link resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6265] sync( [pid 6267] <... ioctl resumed>) = 0 [pid 6265] <... sync resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6265] exit_group(0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6269 attached [pid 6265] <... exit_group resumed>) = ? [pid 5828] <... openat resumed>) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6269 [pid 5828] newfstatat(3, "", [pid 6267] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6269] set_robust_list(0x5555934ed660, 24 [pid 6267] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 6269] <... set_robust_list resumed>) = 0 [pid 6267] close(4 [pid 6265] +++ exited with 0 +++ [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [ 128.472554][ T6267] loop3: detected capacity change from 0 to 1024 [pid 6269] chdir("./87" [pid 6267] <... close resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6265, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6269] <... chdir resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6269] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... restart_syscall resumed>) = 0 [pid 6269] <... prctl resumed>) = 0 [pid 6267] mkdir("./file1", 0777 [pid 6269] setpgid(0, 0 [pid 6267] <... mkdir resumed>) = 0 [pid 5829] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6267] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6269] <... setpgid resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... openat resumed>) = 3 [pid 5828] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(3, "", [pid 6269] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(3, [pid 5828] newfstatat(AT_FDCWD, "./83/file1", [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6269] write(3, "1000", 4 [pid 5829] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6268] <... ioctl resumed>) = 0 [pid 6268] close(3) = 0 [pid 6268] close(4) = 0 [pid 6268] mkdir("./file1", 0777 [pid 6269] <... write resumed>) = 4 [pid 6268] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6269] close(3 [pid 5828] openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6269] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6267] <... mount resumed>) = 0 [pid 6269] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... umount2 resumed>) = 0 [pid 6269] <... symlink resumed>) = 0 [pid 6268] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""executing program [pid 6267] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] newfstatat(4, "", [pid 6269] write(1, "executing program\n", 18 [pid 6267] <... openat resumed>) = 3 [pid 5829] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6269] <... write resumed>) = 18 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 6269] memfd_create("syzkaller", 0 [pid 6267] chdir("./file1" [pid 5829] newfstatat(AT_FDCWD, "./84/file1", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6267] <... chdir resumed>) = 0 [pid 6269] <... memfd_create resumed>) = 3 [pid 6267] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] getdents64(4, [pid 6269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6267] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6269] <... mmap resumed>) = 0x7ff1eb400000 [ 128.514730][ T6268] loop4: detected capacity change from 0 to 1024 [pid 6267] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] close(4 [pid 6268] <... mount resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./83/file1" [pid 6268] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... openat resumed>) = 4 [pid 6268] <... openat resumed>) = 3 [pid 6268] chdir("./file1" [pid 5828] <... rmdir resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 6268] <... chdir resumed>) = 0 [pid 6268] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6268] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] getdents64(4, [pid 5828] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6268] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] getdents64(4, [pid 5828] newfstatat(AT_FDCWD, "./83/binderfs", [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] unlink("./83/binderfs" [pid 5829] rmdir("./84/file1" [pid 6267] <... link resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6267] sync( [pid 5829] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5829] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6268] <... link resumed>) = 0 [pid 5828] rmdir("./83" [pid 6268] sync( [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5828] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] mkdir("./84", 0777 [pid 5829] unlink("./84/binderfs") = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6269] <... write resumed>) = 524288 [pid 5829] getdents64(3, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6269] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... openat resumed>) = 3 [pid 6269] <... munmap resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 6269] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] close(3 [pid 6269] <... openat resumed>) = 4 [pid 6269] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... close resumed>) = 0 [pid 5828] close(3 [pid 5829] rmdir("./84" [pid 6268] <... sync resumed>) = 0 [pid 6268] exit_group(0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6268] <... exit_group resumed>) = ? [pid 6268] +++ exited with 0 +++ [pid 6267] <... sync resumed>) = 0 [pid 5829] mkdir("./85", 0777 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6267] exit_group(0./strace-static-x86_64: Process 6270 attached [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6268, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6267] <... exit_group resumed>) = ? [pid 6269] <... ioctl resumed>) = 0 [pid 6267] +++ exited with 0 +++ [pid 5832] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6270 [pid 6270] set_robust_list(0x5555934ed660, 24 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6270] <... set_robust_list resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6270] chdir("./84" [pid 6269] close(3 [pid 5832] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6270] <... chdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6267, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6270] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6269] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... openat resumed>) = 3 [pid 6270] <... prctl resumed>) = 0 [pid 6269] close(4 [pid 5832] getdents64(3, [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6270] setpgid(0, 0 [pid 6269] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 6270] <... setpgid resumed>) = 0 [pid 6269] mkdir("./file1", 0777 [pid 5832] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3 [pid 6270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6269] <... mkdir resumed>) = 0 [pid 6270] <... openat resumed>) = 3 [ 128.630580][ T6269] loop2: detected capacity change from 0 to 1024 [pid 6269] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... close resumed>) = 0 [pid 6270] write(3, "1000", 4 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... umount2 resumed>) = 0 [pid 5831] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6270] <... write resumed>) = 4 [pid 6270] close(3 [pid 5832] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(3, "", [pid 5832] newfstatat(AT_FDCWD, "./83/file1", [pid 6270] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6270] symlink("/dev/binderfs", "./binderfs" [pid 5832] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6270] <... symlink resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ./strace-static-x86_64: Process 6271 attached [pid 5832] <... openat resumed>) = 4 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6271 [pid 6271] set_robust_list(0x5555934ed660, 24 [pid 6270] write(1, "executing program\n", 18 [pid 5832] newfstatat(4, "", [pid 6271] <... set_robust_list resumed>) = 0 [pid 6270] <... write resumed>) = 18 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6271] chdir("./85" [pid 6270] memfd_create("syzkaller", 0 [pid 5832] getdents64(4, [pid 6271] <... chdir resumed>) = 0 [pid 6270] <... memfd_create resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6271] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] getdents64(4, [pid 6271] <... prctl resumed>) = 0 [pid 6270] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6271] setpgid(0, 0 [pid 6270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] close(4) = 0 [pid 5832] rmdir("./83/file1" [pid 6271] <... setpgid resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6271] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./77/file1", [pid 5832] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./83/binderfs" [pid 6271] write(3, "1000", 4 [pid 5831] umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6271] <... write resumed>) = 4 [pid 5832] <... unlink resumed>) = 0 [pid 6271] close(3) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6271] symlink("/dev/binderfs", "./binderfs" [pid 5831] openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 6271] <... symlink resumed>) = 0 [pid 5832] getdents64(3, [pid 5831] <... openat resumed>) = 4 [pid 6271] write(1, "executing program\n", 18 [pid 5831] newfstatat(4, "", [pid 6271] <... write resumed>) = 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 6270] <... write resumed>) = 524288 [pid 5832] rmdir("./83" [pid 5831] getdents64(4, [pid 6271] memfd_create("syzkaller", 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5832] mkdir("./84", 0777) = 0 [pid 6271] <... memfd_create resumed>) = 3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... openat resumed>) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6272 attached [pid 6270] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6272 [pid 6272] set_robust_list(0x5555934ed660, 24 [pid 6269] <... mount resumed>) = 0 [pid 5831] getdents64(4, [pid 6271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6272] <... set_robust_list resumed>) = 0 [pid 6270] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6272] chdir("./84" [pid 6270] <... openat resumed>) = 4 [pid 6272] <... chdir resumed>) = 0 [pid 6271] <... mmap resumed>) = 0x7ff1eb400000 [pid 6270] ioctl(4, LOOP_SET_FD, 3 [pid 6269] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 6269] <... openat resumed>) = 3 [pid 6271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6269] chdir("./file1" [pid 5831] rmdir("./77/file1" [pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6272] setpgid(0, 0) = 0 [pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6272] write(3, "1000", 4) = 4 [pid 6272] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 6269] <... chdir resumed>) = 0 [pid 5831] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6269] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6272] <... close resumed>) = 0 [pid 6269] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6272] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6272] write(1, "executing program\n", 18) = 18 [pid 6272] memfd_create("syzkaller", 0 [pid 6269] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] newfstatat(AT_FDCWD, "./77/binderfs", [pid 6272] <... memfd_create resumed>) = 3 [pid 6272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./77/binderfs") = 0 [pid 5831] getdents64(3, [pid 6272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 6270] <... ioctl resumed>) = 0 [pid 5831] rmdir("./77" [pid 6270] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 6270] <... close resumed>) = 0 [pid 6270] close(4) = 0 [pid 6270] mkdir("./file1", 0777) = 0 [pid 5831] mkdir("./78", 0777 [pid 6271] <... write resumed>) = 524288 [pid 6270] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... mkdir resumed>) = 0 [pid 6272] <... write resumed>) = 524288 [pid 6272] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6271] munmap(0x7ff1eb400000, 138412032 [pid 6269] <... link resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 128.781834][ T6270] loop0: detected capacity change from 0 to 1024 [pid 6269] sync( [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 6272] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6271] <... munmap resumed>) = 0 [pid 5831] close(3 [pid 6271] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6271] <... openat resumed>) = 4 [pid 6272] <... openat resumed>) = 4 [pid 6271] ioctl(4, LOOP_SET_FD, 3 [pid 6272] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6272] ioctl(4, LOOP_CLR_FD) = 0 [pid 6272] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6272] close(4) = 0 [pid 6272] close(3./strace-static-x86_64: Process 6273 attached [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6273 [pid 6273] set_robust_list(0x5555934ed660, 24) = 0 [pid 6271] <... ioctl resumed>) = 0 [pid 6273] chdir("./78" [pid 6272] <... close resumed>) = 0 [pid 6271] close(3 [pid 6273] <... chdir resumed>) = 0 [pid 6271] <... close resumed>) = 0 [pid 6273] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6271] close(4) = 0 [pid 6273] <... prctl resumed>) = 0 [pid 6273] setpgid(0, 0 [pid 6271] mkdir("./file1", 0777 [pid 6273] <... setpgid resumed>) = 0 [pid 6272] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6272] sync( [pid 6270] <... mount resumed>) = 0 [pid 6273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6270] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6271] <... mkdir resumed>) = 0 [pid 6270] <... openat resumed>) = 3 [pid 6270] chdir("./file1" [pid 6273] <... openat resumed>) = 3 [pid 6270] <... chdir resumed>) = 0 [pid 6270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6273] write(3, "1000", 4 [pid 6270] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6273] <... write resumed>) = 4 [ 128.856033][ T6271] loop1: detected capacity change from 0 to 1024 [pid 6271] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6273] close(3 [pid 6270] <... link resumed>) = 0 [pid 6270] sync( [pid 6273] <... close resumed>) = 0 [pid 6273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6273] write(1, "executing program\n", 18executing program ) = 18 [pid 6273] memfd_create("syzkaller", 0) = 3 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6271] <... mount resumed>) = 0 [pid 6273] <... mmap resumed>) = 0x7ff1eb400000 [pid 6269] <... sync resumed>) = 0 [pid 6269] exit_group(0) = ? [pid 6272] <... sync resumed>) = 0 [pid 6269] +++ exited with 0 +++ [pid 6272] exit_group(0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6269, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6272] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6272] +++ exited with 0 +++ [pid 6271] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6272, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", [pid 6271] <... openat resumed>) = 3 [pid 6270] <... sync resumed>) = 0 [pid 5832] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6270] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6270] <... exit_group resumed>) = ? [pid 5832] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(3, [pid 6271] chdir("./file1" [pid 6270] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5832] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./84/binderfs", [pid 6271] <... chdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6270, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6271] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5830] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... restart_syscall resumed>) = 0 [pid 6271] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6273] <... write resumed>) = 524288 [pid 5832] unlink("./84/binderfs" [pid 6273] munmap(0x7ff1eb400000, 138412032 [pid 6271] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./84" [pid 6273] <... munmap resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6273] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] mkdir("./85", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./87/file1", [pid 5828] newfstatat(3, "", [pid 5832] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6273] <... openat resumed>) = 4 [pid 5830] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6273] ioctl(4, LOOP_SET_FD, 3 [pid 6271] <... link resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6271] sync( [pid 5830] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 3 [pid 5828] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(4, "", [pid 5828] newfstatat(AT_FDCWD, "./84/file1", ./strace-static-x86_64: Process 6274 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6274] set_robust_list(0x5555934ed660, 24 [pid 5828] openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6274] <... set_robust_list resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6274] chdir("./85" [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6274] <... chdir resumed>) = 0 [pid 5828] getdents64(4, [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6274 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 6274] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... close resumed>) = 0 [pid 6274] <... prctl resumed>) = 0 [pid 5828] rmdir("./84/file1" [pid 6274] setpgid(0, 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6274] <... setpgid resumed>) = 0 [pid 6274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6273] <... ioctl resumed>) = 0 [pid 5828] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6274] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6271] <... sync resumed>) = 0 [pid 5830] getdents64(4, [pid 5828] newfstatat(AT_FDCWD, "./84/binderfs", [pid 6274] write(3, "1000", 4 [pid 6271] exit_group(0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] getdents64(4, [pid 6274] <... write resumed>) = 4 [pid 6271] <... exit_group resumed>) = ? [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] unlink("./84/binderfs" [pid 5830] close(4 [pid 6274] close(3 [pid 5830] <... close resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6274] <... close resumed>) = 0 [pid 6273] close(3 [pid 5830] rmdir("./87/file1" [pid 6274] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6273] <... close resumed>) = 0 [pid 6271] +++ exited with 0 +++ [pid 5830] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, [pid 6273] close(4 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6271, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6274] write(1, "executing program\n", 18 [pid 6273] <... close resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] close(3 [pid 6274] <... write resumed>) = 18 [pid 6273] mkdir("./file1", 0777 [pid 5830] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6274] memfd_create("syzkaller", 0 [pid 6273] <... mkdir resumed>) = 0 [pid 5829] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6274] <... memfd_create resumed>) = 3 [pid 6273] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./84" [pid 6274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... rmdir resumed>) = 0 [pid 6274] <... mmap resumed>) = 0x7ff1eb400000 [ 129.012038][ T6273] loop3: detected capacity change from 0 to 1024 [pid 6274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] unlink("./87/binderfs" [pid 5829] <... openat resumed>) = 3 [pid 5828] mkdir("./85", 0777 [pid 5830] <... unlink resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5828] <... mkdir resumed>) = 0 [pid 5830] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5829] getdents64(3, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./87" [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6275 attached [pid 5830] mkdir("./88", 0777) = 0 [pid 6275] set_robust_list(0x5555934ed660, 24) = 0 [pid 6275] chdir("./85") = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6275 [pid 6275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6275] setpgid(0, 0) = 0 [pid 6275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6274] <... write resumed>) = 524288 [pid 5829] <... umount2 resumed>) = 0 [pid 6275] <... openat resumed>) = 3 [pid 6275] write(3, "1000", 4) = 4 [pid 6275] close(3) = 0 [pid 6275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6273] <... mount resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6275] write(1, "executing program\n", 18) = 18 [pid 6275] memfd_create("syzkaller", 0) = 3 [pid 6274] munmap(0x7ff1eb400000, 138412032 [pid 5829] newfstatat(AT_FDCWD, "./85/file1", [pid 5830] <... ioctl resumed>) = 0 [pid 6275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(3 [pid 5829] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6275] <... mmap resumed>) = 0x7ff1eb400000 [pid 6274] <... munmap resumed>) = 0 [pid 6275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6274] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6273] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6274] <... openat resumed>) = 4 [pid 6273] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6273] chdir("./file1" [pid 6274] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6276 attached [pid 6273] <... chdir resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 6276] set_robust_list(0x5555934ed660, 24 [pid 6273] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6276 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6276] <... set_robust_list resumed>) = 0 [pid 6275] <... write resumed>) = 524288 [pid 6273] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] getdents64(4, [pid 6276] chdir("./88" [pid 6273] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6276] <... chdir resumed>) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6276] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] close(4) = 0 [pid 5829] rmdir("./85/file1") = 0 [pid 5829] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6276] <... prctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6276] setpgid(0, 0 [pid 5829] newfstatat(AT_FDCWD, "./85/binderfs", [pid 6276] <... setpgid resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6275] munmap(0x7ff1eb400000, 138412032 [pid 5829] unlink("./85/binderfs" [pid 6275] <... munmap resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6275] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6276] <... openat resumed>) = 3 [pid 6276] write(3, "1000", 4 [pid 6275] <... openat resumed>) = 4 [pid 6273] <... link resumed>) = 0 [pid 5829] getdents64(3, [pid 6273] sync( [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6276] <... write resumed>) = 4 [pid 5829] close(3 [pid 6276] close(3 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./85" [pid 6276] <... close resumed>) = 0 [pid 6275] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... rmdir resumed>) = 0 [pid 6276] symlink("/dev/binderfs", "./binderfs" [pid 6273] <... sync resumed>) = 0 [pid 5829] mkdir("./86", 0777 [pid 6276] <... symlink resumed>) = 0 [pid 6274] <... ioctl resumed>) = 0 [pid 6274] close(3) = 0 [pid 6274] close(4) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6273] exit_group(0) = ? [pid 6274] mkdir("./file1", 0777) = 0 [pid 6274] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""executing program [pid 6276] write(1, "executing program\n", 18 [pid 6273] +++ exited with 0 +++ [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6273, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] <... openat resumed>) = 3 [pid 6276] <... write resumed>) = 18 [pid 6274] <... mount resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6274] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... restart_syscall resumed>) = 0 [pid 6274] <... openat resumed>) = 3 [pid 6274] chdir("./file1") = 0 [pid 6274] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6275] <... ioctl resumed>) = 0 [pid 6274] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6276] memfd_create("syzkaller", 0 [pid 6275] close(3 [pid 6274] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6276] <... memfd_create resumed>) = 3 [pid 6275] <... close resumed>) = 0 [pid 5831] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 6276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6276] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 6275] close(4 [pid 5831] <... openat resumed>) = 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6277 attached [pid 6275] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [ 129.158652][ T6274] loop4: detected capacity change from 0 to 1024 [ 129.192011][ T6275] loop0: detected capacity change from 0 to 1024 [pid 6275] mkdir("./file1", 0777 [pid 6277] set_robust_list(0x5555934ed660, 24 [pid 6275] <... mkdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6277 [pid 5831] getdents64(3, [pid 6277] <... set_robust_list resumed>) = 0 [pid 6276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6275] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6277] chdir("./86" [pid 5831] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6277] <... chdir resumed>) = 0 [pid 6277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6274] <... link resumed>) = 0 [pid 6274] sync( [pid 6277] setpgid(0, 0 [pid 6276] <... write resumed>) = 524288 [pid 5831] <... umount2 resumed>) = 0 [pid 6277] <... setpgid resumed>) = 0 [pid 6277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6277] write(3, "1000", 4 [pid 6275] <... mount resumed>) = 0 [pid 6277] <... write resumed>) = 4 [pid 6275] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6277] close(3 [pid 6275] <... openat resumed>) = 3 [pid 5831] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6276] munmap(0x7ff1eb400000, 138412032 [pid 6277] <... close resumed>) = 0 [pid 6275] chdir("./file1" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./78/file1", [pid 6277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6276] <... munmap resumed>) = 0 [pid 5831] umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6275] <... chdir resumed>) = 0 [pid 6275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) executing program [pid 5831] openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6277] write(1, "executing program\n", 18 [pid 6276] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6277] <... write resumed>) = 18 [pid 6276] <... openat resumed>) = 4 [pid 5831] <... openat resumed>) = 4 [pid 6275] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] newfstatat(4, "", [pid 6277] memfd_create("syzkaller", 0 [pid 6276] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6274] <... sync resumed>) = 0 [pid 5831] getdents64(4, [pid 6277] <... memfd_create resumed>) = 3 [pid 6276] <... ioctl resumed>) = 0 [pid 6274] exit_group(0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6274] <... exit_group resumed>) = ? [pid 5831] getdents64(4, [pid 6277] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6275] <... link resumed>) = 0 [pid 6274] +++ exited with 0 +++ [pid 5831] close(4 [pid 6275] sync( [pid 5831] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6274, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] rmdir("./78/file1" [pid 5832] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 6276] close(3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... rmdir resumed>) = 0 [pid 6277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6276] <... close resumed>) = 0 [pid 5832] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6276] close(4 [pid 5831] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6276] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6276] mkdir("./file1", 0777) = 0 [pid 6276] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6275] <... sync resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6275] exit_group(0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] unlink("./78/binderfs" [pid 6275] <... exit_group resumed>) = ? [pid 5831] <... unlink resumed>) = 0 [pid 6275] +++ exited with 0 +++ [pid 5831] getdents64(3, [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6275, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] close(3) = 0 [ 129.306898][ T6276] loop2: detected capacity change from 0 to 1024 [pid 5831] rmdir("./78") = 0 [pid 6277] <... write resumed>) = 524288 [pid 6276] <... mount resumed>) = 0 [pid 5832] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... restart_syscall resumed>) = 0 [pid 6276] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6277] munmap(0x7ff1eb400000, 138412032 [pid 6276] <... openat resumed>) = 3 [pid 5832] newfstatat(AT_FDCWD, "./85/file1", [pid 5831] mkdir("./79", 0777 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6276] chdir("./file1" [pid 5832] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6277] <... munmap resumed>) = 0 [pid 6276] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6276] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6276] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6277] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6276] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(4, "", [pid 5831] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6277] <... openat resumed>) = 4 [pid 5832] getdents64(4, [pid 5831] <... ioctl resumed>) = 0 [pid 6277] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5828] newfstatat(3, "", [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(4 [pid 5828] getdents64(3, [pid 5832] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] rmdir("./85/file1" [pid 5828] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./85/file1", [pid 5832] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] unlink("./85/binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... unlink resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3 [pid 6276] <... link resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6276] sync( [pid 5832] rmdir("./85") = 0 [pid 5832] mkdir("./86", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 129.395890][ T6277] loop1: detected capacity change from 0 to 1024 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6277] <... ioctl resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... openat resumed>) = 4 [pid 6277] close(3./strace-static-x86_64: Process 6279 attached ./strace-static-x86_64: Process 6278 attached ) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6278 [pid 5828] newfstatat(4, "", [pid 6279] set_robust_list(0x5555934ed660, 24 [pid 6277] close(4 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6279 [pid 6279] <... set_robust_list resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6277] <... close resumed>) = 0 [pid 6279] chdir("./79" [pid 6278] set_robust_list(0x5555934ed660, 24 [pid 6277] mkdir("./file1", 0777 [pid 6276] <... sync resumed>) = 0 [pid 5828] getdents64(4, [pid 6278] <... set_robust_list resumed>) = 0 [pid 6276] exit_group(0 [pid 6278] chdir("./86" [pid 6276] <... exit_group resumed>) = ? [pid 6279] <... chdir resumed>) = 0 [pid 6278] <... chdir resumed>) = 0 [pid 6277] <... mkdir resumed>) = 0 [pid 6276] +++ exited with 0 +++ [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6279] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6278] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6277] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6276, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] getdents64(4, [pid 6279] <... prctl resumed>) = 0 [pid 6278] <... prctl resumed>) = 0 [pid 6279] setpgid(0, 0 [pid 6278] setpgid(0, 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6279] <... setpgid resumed>) = 0 [pid 6278] <... setpgid resumed>) = 0 [pid 6277] <... mount resumed>) = 0 [pid 5830] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6279] <... openat resumed>) = 3 [pid 6277] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 6279] write(3, "1000", 4 [pid 6278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6277] <... openat resumed>) = 3 [pid 6279] <... write resumed>) = 4 [pid 6278] <... openat resumed>) = 3 [pid 6277] chdir("./file1" [pid 5830] newfstatat(3, "", [pid 5828] rmdir("./85/file1" [pid 6279] close(3 [pid 6278] write(3, "1000", 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6278] <... write resumed>) = 4 [pid 6278] close(3 [pid 5830] getdents64(3, [pid 6279] <... close resumed>) = 0 [pid 6278] <... close resumed>) = 0 [pid 6277] <... chdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 executing program executing program [pid 5828] <... rmdir resumed>) = 0 [pid 6279] symlink("/dev/binderfs", "./binderfs" [pid 6278] symlink("/dev/binderfs", "./binderfs" [pid 6277] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6279] <... symlink resumed>) = 0 [pid 6278] <... symlink resumed>) = 0 [pid 6277] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6278] write(1, "executing program\n", 18) = 18 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6279] write(1, "executing program\n", 18 [pid 6278] memfd_create("syzkaller", 0 [pid 6277] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6279] <... write resumed>) = 18 [pid 6278] <... memfd_create resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./85/binderfs", [pid 6278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6279] memfd_create("syzkaller", 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6279] <... memfd_create resumed>) = 3 [pid 5828] unlink("./85/binderfs" [pid 6279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, [pid 6279] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] close(3) = 0 [pid 5828] rmdir("./85" [pid 5830] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] mkdir("./86", 0777 [pid 5830] newfstatat(AT_FDCWD, "./88/file1", [pid 6277] <... link resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6277] sync( [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6278] <... write resumed>) = 524288 [pid 5830] openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5828] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6278] munmap(0x7ff1eb400000, 138412032 [pid 5830] getdents64(4, [pid 5828] <... ioctl resumed>) = 0 [pid 6278] <... munmap resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] close(3 [pid 5830] getdents64(4, [pid 6278] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] close(4 [pid 6278] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6280 attached [pid 6279] <... write resumed>) = 524288 [pid 6278] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./88/file1" [pid 6280] set_robust_list(0x5555934ed660, 24 [pid 6279] munmap(0x7ff1eb400000, 138412032 [pid 6277] <... sync resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6280] <... set_robust_list resumed>) = 0 [pid 6279] <... munmap resumed>) = 0 [pid 6277] exit_group(0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6280 [pid 6280] chdir("./86" [pid 6277] <... exit_group resumed>) = ? [pid 5830] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6277] +++ exited with 0 +++ [pid 5830] unlink("./88/binderfs" [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6277, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6279] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... unlink resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6279] <... openat resumed>) = 4 [pid 5830] getdents64(3, [pid 6279] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 6278] <... ioctl resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6278] close(3 [pid 5830] close(3 [pid 6280] <... chdir resumed>) = 0 [pid 6278] <... close resumed>) = 0 [pid 6280] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] <... close resumed>) = 0 [pid 6280] <... prctl resumed>) = 0 [pid 5830] rmdir("./88" [pid 6280] setpgid(0, 0 [pid 6278] close(4) = 0 [pid 6278] mkdir("./file1", 0777 [pid 6280] <... setpgid resumed>) = 0 [pid 6278] <... mkdir resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6278] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] mkdir("./89", 0777 [pid 6280] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 6280] write(3, "1000", 4 [pid 6279] <... ioctl resumed>) = 0 [pid 6280] <... write resumed>) = 4 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... umount2 resumed>) = 0 [pid 6280] close(3) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6279] close(3executing program [pid 6280] write(1, "executing program\n", 18 [pid 6279] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6280] <... write resumed>) = 18 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6280] memfd_create("syzkaller", 0) = 3 [pid 5830] <... ioctl resumed>) = 0 [pid 6280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] close(3 [pid 5829] newfstatat(AT_FDCWD, "./86/file1", [pid 6280] <... mmap resumed>) = 0x7ff1eb400000 [ 129.556442][ T6278] loop4: detected capacity change from 0 to 1024 [ 129.575896][ T6279] loop3: detected capacity change from 0 to 1024 [pid 6280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6279] close(4 [pid 6278] <... mount resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6278] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6278] chdir("./file1") = 0 [pid 6278] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6278] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6279] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6279] mkdir("./file1", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6281 attached [pid 6279] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6279] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... openat resumed>) = 4 [pid 6281] set_robust_list(0x5555934ed660, 24 [pid 5829] newfstatat(4, "", [pid 6281] <... set_robust_list resumed>) = 0 [pid 6278] <... link resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6281 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6278] sync( [pid 6280] <... write resumed>) = 524288 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6281] chdir("./89" [pid 5829] getdents64(4, [pid 6281] <... chdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6281] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] close(4 [pid 6281] <... prctl resumed>) = 0 [pid 6281] setpgid(0, 0 [pid 6280] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... close resumed>) = 0 [pid 6281] <... setpgid resumed>) = 0 [pid 5829] rmdir("./86/file1" [pid 6281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... rmdir resumed>) = 0 [pid 6281] <... openat resumed>) = 3 [pid 6280] <... munmap resumed>) = 0 [pid 5829] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6281] write(3, "1000", 4) = 4 [pid 6280] <... openat resumed>) = 4 [pid 5829] unlink("./86/binderfs" [pid 6281] close(3 [pid 6280] ioctl(4, LOOP_SET_FD, 3 [pid 6279] <... mount resumed>) = 0 [pid 6279] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6279] chdir("./file1") = 0 [pid 6279] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) executing program [pid 6281] <... close resumed>) = 0 [pid 6279] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6281] write(1, "executing program\n", 18 [pid 5829] <... unlink resumed>) = 0 [pid 6281] <... write resumed>) = 18 [pid 5829] getdents64(3, [pid 6281] memfd_create("syzkaller", 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 6281] <... memfd_create resumed>) = 3 [pid 5829] rmdir("./86" [pid 6281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5829] <... rmdir resumed>) = 0 [pid 6278] <... sync resumed>) = 0 [pid 5829] mkdir("./87", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6279] <... link resumed>) = 0 [pid 6278] exit_group(0 [pid 5829] <... openat resumed>) = 3 [pid 6278] <... exit_group resumed>) = ? [pid 6279] sync( [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 6280] <... ioctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [ 129.695658][ T6280] loop0: detected capacity change from 0 to 1024 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6282 attached [pid 6278] +++ exited with 0 +++ [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6282 [pid 6282] set_robust_list(0x5555934ed660, 24 [pid 6280] close(3 [pid 6282] <... set_robust_list resumed>) = 0 [pid 6280] <... close resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6278, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6280] close(4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6282] chdir("./87" [pid 6280] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6282] <... chdir resumed>) = 0 [pid 6281] <... write resumed>) = 524288 [pid 6280] mkdir("./file1", 0777 [pid 5832] getdents64(3, [pid 6282] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6281] munmap(0x7ff1eb400000, 138412032 [pid 6280] <... mkdir resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6282] <... prctl resumed>) = 0 [pid 6280] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6282] setpgid(0, 0) = 0 [pid 6279] <... sync resumed>) = 0 [pid 6279] exit_group(0 [pid 6282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6281] <... munmap resumed>) = 0 [pid 6279] <... exit_group resumed>) = ? [pid 5832] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6282] write(3, "1000", 4) = 4 [pid 6281] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6279] +++ exited with 0 +++ [pid 6282] close(3) = 0 [pid 6281] <... openat resumed>) = 4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6279, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6282] symlink("/dev/binderfs", "./binderfs" [pid 6281] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6282] <... symlink resumed>) = 0 [pid 5832] close(4 [pid 5831] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./86/file1"executing program [pid 6282] write(1, "executing program\n", 18 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6282] <... write resumed>) = 18 [pid 6282] memfd_create("syzkaller", 0 [pid 5832] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6282] <... memfd_create resumed>) = 3 [pid 6281] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6281] close(3 [pid 5831] newfstatat(3, "", [pid 6282] <... mmap resumed>) = 0x7ff1eb400000 [pid 6281] <... close resumed>) = 0 [pid 6281] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6281] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./86/binderfs") = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./86") = 0 [pid 6281] mkdir("./file1", 0777 [pid 5831] getdents64(3, [pid 6281] <... mkdir resumed>) = 0 [pid 5832] mkdir("./87", 0777 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6281] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 6280] <... mount resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6283 attached [pid 6280] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6283 [pid 6280] chdir("./file1") = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6283] set_robust_list(0x5555934ed660, 24 [pid 6280] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6283] <... set_robust_list resumed>) = 0 [ 129.784538][ T6281] loop2: detected capacity change from 0 to 1024 [pid 6283] chdir("./87") = 0 [pid 6283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6283] setpgid(0, 0) = 0 [pid 6283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6283] write(3, "1000", 4) = 4 [pid 6283] close(3) = 0 [pid 6283] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6283] write(1, "executing program\n", 18) = 18 [pid 6283] memfd_create("syzkaller", 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6283] <... memfd_create resumed>) = 3 [pid 6280] <... link resumed>) = 0 [pid 6280] sync( [pid 6283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6281] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6281] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] newfstatat(AT_FDCWD, "./79/file1", [pid 6282] <... write resumed>) = 524288 [pid 6281] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6281] chdir("./file1" [pid 6280] <... sync resumed>) = 0 [pid 5831] umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6282] munmap(0x7ff1eb400000, 138412032 [pid 6281] <... chdir resumed>) = 0 [pid 6282] <... munmap resumed>) = 0 [pid 6280] exit_group(0 [pid 6281] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6281] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6280] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6281] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6280] +++ exited with 0 +++ [pid 5831] <... openat resumed>) = 4 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6280, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6283] <... write resumed>) = 524288 [pid 6282] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] newfstatat(4, "", [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5828] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6282] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6282] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 5828] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] close(4 [pid 6283] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5831] rmdir("./79/file1" [pid 6283] <... munmap resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6283] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6283] ioctl(4, LOOP_SET_FD, 3 [pid 5831] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6281] <... link resumed>) = 0 [pid 6283] <... ioctl resumed>) = 0 [pid 6283] close(3) = 0 [pid 6283] close(4) = 0 [pid 6283] mkdir("./file1", 0777) = 0 [pid 6283] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6281] sync( [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5831] unlink("./79/binderfs") = 0 [pid 5828] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6283] <... mount resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./86/file1", [pid 5831] getdents64(3, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6282] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6282] close(3 [pid 5831] close(3 [pid 6282] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6282] close(4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./79" [pid 6282] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6282] mkdir("./file1", 0777 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6283] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] newfstatat(4, "", [pid 6283] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6283] chdir("./file1" [pid 6282] <... mkdir resumed>) = 0 [pid 5831] mkdir("./80", 0777 [pid 6283] <... chdir resumed>) = 0 [pid 6282] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] getdents64(4, [pid 6283] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [ 129.921602][ T6282] loop1: detected capacity change from 0 to 1024 [ 129.921621][ T6283] loop4: detected capacity change from 0 to 1024 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6283] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... openat resumed>) = 3 [pid 6283] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] getdents64(4, [pid 6282] <... mount resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6282] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6282] <... openat resumed>) = 3 [pid 6281] <... sync resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5828] close(4 [pid 6282] chdir("./file1" [pid 6281] exit_group(0 [pid 5831] close(3 [pid 6282] <... chdir resumed>) = 0 [pid 6281] <... exit_group resumed>) = ? [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./86/file1" [pid 6282] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... rmdir resumed>) = 0 [pid 6281] +++ exited with 0 +++ [pid 5831] <... close resumed>) = 0 [pid 6282] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6282] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6281, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6283] <... link resumed>) = 0 [pid 5828] unlink("./86/binderfs" [pid 6283] sync( [pid 5828] <... unlink resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] getdents64(3, [pid 5830] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6282] <... link resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5828] close(3) = 0 [pid 5828] rmdir("./86") = 0 [pid 5828] mkdir("./87", 0777 [pid 6282] sync( [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6284 attached [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6284] set_robust_list(0x5555934ed660, 24 [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 6284] <... set_robust_list resumed>) = 0 [pid 6284] chdir("./80" [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6285 attached [pid 6282] <... sync resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6284 [pid 6284] <... chdir resumed>) = 0 [pid 6283] <... sync resumed>) = 0 [pid 6284] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6283] exit_group(0 [pid 6285] set_robust_list(0x5555934ed660, 24 [pid 6284] <... prctl resumed>) = 0 [pid 6283] <... exit_group resumed>) = ? [pid 6285] <... set_robust_list resumed>) = 0 [pid 6284] setpgid(0, 0 [pid 6282] exit_group(0 [pid 5830] <... umount2 resumed>) = 0 [pid 6284] <... setpgid resumed>) = 0 [pid 6284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6282] <... exit_group resumed>) = ? [pid 5830] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6285] chdir("./87") = 0 [pid 6284] <... openat resumed>) = 3 [pid 6283] +++ exited with 0 +++ [pid 6282] +++ exited with 0 +++ [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6285 [pid 6285] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6283, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6282, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6285] <... prctl resumed>) = 0 [pid 6284] write(3, "1000", 4 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] newfstatat(AT_FDCWD, "./89/file1", [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6285] setpgid(0, 0 [pid 6284] <... write resumed>) = 4 [pid 6285] <... setpgid resumed>) = 0 [pid 6284] close(3 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6284] <... close resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6285] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY executing program [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6284] write(1, "executing program\n", 18 [pid 5832] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6285] write(3, "1000", 4 [pid 6284] <... write resumed>) = 18 [pid 5832] newfstatat(3, "", [pid 5830] <... openat resumed>) = 4 [pid 5829] <... openat resumed>) = 3 [pid 6285] <... write resumed>) = 4 [pid 6284] memfd_create("syzkaller", 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6285] close(3 [pid 6284] <... memfd_create resumed>) = 3 [pid 5830] newfstatat(4, "", [pid 5829] newfstatat(3, "", [pid 5832] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6285] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] getdents64(4, [pid 5829] getdents64(3, [pid 6285] symlink("/dev/binderfs", "./binderfs" [pid 6284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6285] <... symlink resumed>) = 0 [pid 6284] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6285] write(1, "executing program\n", 18 [pid 6284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] getdents64(4, [pid 5829] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6285] <... write resumed>) = 18 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6285] memfd_create("syzkaller", 0) = 3 [pid 6285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6285] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] close(4 [pid 6285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./89/file1") = 0 [pid 5830] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5829] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(4, "", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6284] <... write resumed>) = 524288 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] unlink("./89/binderfs" [pid 5829] newfstatat(AT_FDCWD, "./87/file1", [pid 5832] getdents64(4, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... unlink resumed>) = 0 [pid 5829] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5830] getdents64(3, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6285] <... write resumed>) = 524288 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] close(3 [pid 5832] close(4 [pid 5829] <... openat resumed>) = 4 [pid 5832] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 5830] rmdir("./89" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] rmdir("./87/file1") = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5830] mkdir("./90", 0777 [pid 5832] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 6284] munmap(0x7ff1eb400000, 138412032 [pid 5832] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5829] <... close resumed>) = 0 [pid 6284] <... munmap resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] rmdir("./87/file1" [pid 5832] unlink("./87/binderfs" [pid 6284] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... unlink resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6284] <... openat resumed>) = 4 [pid 5832] getdents64(3, [pid 5830] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./87/binderfs", [pid 6284] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] unlink("./87/binderfs" [pid 5830] close(3 [pid 6285] munmap(0x7ff1eb400000, 138412032 [pid 5832] close(3 [pid 5830] <... close resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6285] <... munmap resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./87") = 0 [pid 6285] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6285] <... openat resumed>) = 4 [pid 5832] mkdir("./88", 0777) = 0 [pid 5829] getdents64(3, [pid 6285] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6285] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 6286 attached [pid 6285] ioctl(4, LOOP_CLR_FD [pid 5832] <... openat resumed>) = 3 [pid 6286] set_robust_list(0x5555934ed660, 24 [pid 6285] <... ioctl resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6286 [pid 5829] close(3 [pid 5832] <... ioctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] close(3 [pid 5829] rmdir("./87" [pid 5832] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6285] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... rmdir resumed>) = 0 [pid 6285] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6285] close(4 [pid 6286] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6287 attached [pid 6286] chdir("./90") = 0 [pid 6286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6285] <... close resumed>) = 0 [pid 6287] set_robust_list(0x5555934ed660, 24 [pid 6286] setpgid(0, 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6287 [pid 5829] mkdir("./88", 0777 [pid 6286] <... setpgid resumed>) = 0 [pid 6287] <... set_robust_list resumed>) = 0 [pid 6286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6284] <... ioctl resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6287] chdir("./88" [pid 6286] <... openat resumed>) = 3 [pid 6284] close(3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6287] <... chdir resumed>) = 0 [pid 6286] write(3, "1000", 4 [pid 6284] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6287] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6286] <... write resumed>) = 4 [pid 6284] close(4 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 6284] <... close resumed>) = 0 [pid 6284] mkdir("./file1", 0777 [pid 6287] <... prctl resumed>) = 0 [pid 6286] close(3 [pid 6284] <... mkdir resumed>) = 0 [pid 6287] setpgid(0, 0 [pid 6286] <... close resumed>) = 0 [pid 6287] <... setpgid resumed>) = 0 [pid 6286] symlink("/dev/binderfs", "./binderfs" [pid 6285] close(3 [pid 6287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6286] <... symlink resumed>) = 0 [pid 6284] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... close resumed>) = 0 [pid 6287] <... openat resumed>) = 3 executing program [pid 6287] write(3, "1000", 4 [pid 6286] write(1, "executing program\n", 18 [pid 6287] <... write resumed>) = 4 [pid 6286] <... write resumed>) = 18 [pid 6287] close(3 [pid 6286] memfd_create("syzkaller", 0 [pid 6287] <... close resumed>) = 0 [pid 6287] symlink("/dev/binderfs", "./binderfs" [pid 6286] <... memfd_create resumed>) = 3 [pid 6287] <... symlink resumed>) = 0 [ 130.146934][ T6284] loop3: detected capacity change from 0 to 1024 [pid 6286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 6287] write(1, "executing program\n", 18 [pid 6286] <... mmap resumed>) = 0x7ff1eb400000 [pid 6285] <... close resumed>) = 0 [pid 6287] <... write resumed>) = 18 [pid 6286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6285] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6287] memfd_create("syzkaller", 0 [pid 6286] <... write resumed>) = 524288 [pid 6285] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6287] <... memfd_create resumed>) = 3 [pid 6287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6285] sync( [pid 6287] <... mmap resumed>) = 0x7ff1eb400000 [pid 6284] <... mount resumed>) = 0 [pid 6284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6288 [pid 6284] chdir("./file1") = 0 [pid 6284] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6288 attached [pid 6284] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6288] set_robust_list(0x5555934ed660, 24 [pid 6287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6288] <... set_robust_list resumed>) = 0 [pid 6288] chdir("./88" [pid 6286] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6288] <... chdir resumed>) = 0 [pid 6284] <... link resumed>) = 0 [pid 6284] sync( [pid 6288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6288] setpgid(0, 0 [pid 6285] <... sync resumed>) = 0 [pid 6288] <... setpgid resumed>) = 0 [pid 6287] <... write resumed>) = 524288 [pid 6286] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6285] exit_group(0 [pid 6286] <... openat resumed>) = 4 [pid 6285] <... exit_group resumed>) = ? [pid 6288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6286] ioctl(4, LOOP_SET_FD, 3 [pid 6285] +++ exited with 0 +++ [pid 6288] <... openat resumed>) = 3 [pid 6284] <... sync resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6285, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6287] munmap(0x7ff1eb400000, 138412032 [pid 5828] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6288] write(3, "1000", 4 [pid 6287] <... munmap resumed>) = 0 [pid 6284] exit_group(0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6284] <... exit_group resumed>) = ? [pid 5828] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6288] <... write resumed>) = 4 [pid 6284] +++ exited with 0 +++ [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6288] close(3 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6284, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6288] <... close resumed>) = 0 [pid 6287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5828] getdents64(3, [pid 6288] symlink("/dev/binderfs", "./binderfs" [pid 6287] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6287] ioctl(4, LOOP_SET_FD, 3 [pid 5828] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6288] <... symlink resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./87/binderfs") = 0 [pid 5831] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(3, [pid 5831] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6288] write(1, "executing program\n", 18executing program ) = 18 [pid 5831] newfstatat(3, "", [pid 5828] close(3) = 0 [pid 5828] rmdir("./87" [pid 6288] memfd_create("syzkaller", 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6288] <... memfd_create resumed>) = 3 [pid 5831] getdents64(3, [pid 6288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6286] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] mkdir("./88", 0777 [pid 6286] close(3 [pid 5828] <... mkdir resumed>) = 0 [pid 6286] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6286] close(4 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6286] <... close resumed>) = 0 [pid 6286] mkdir("./file1", 0777./strace-static-x86_64: Process 6289 attached ) = 0 [pid 6286] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6289] set_robust_list(0x5555934ed660, 24) = 0 [pid 6289] chdir("./88" [pid 6287] <... ioctl resumed>) = 0 [pid 6289] <... chdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6289 [pid 6289] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6287] close(3 [pid 6289] <... prctl resumed>) = 0 [pid 6287] <... close resumed>) = 0 [pid 6289] setpgid(0, 0 [pid 6287] close(4 [pid 6289] <... setpgid resumed>) = 0 [pid 6287] <... close resumed>) = 0 [pid 6289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 130.274311][ T6286] loop2: detected capacity change from 0 to 1024 [ 130.292698][ T6287] loop4: detected capacity change from 0 to 1024 [pid 6287] mkdir("./file1", 0777 [pid 6289] <... openat resumed>) = 3 [pid 6288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6287] <... mkdir resumed>) = 0 [pid 6289] write(3, "1000", 4) = 4 [pid 6289] close(3) = 0 [pid 6289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6287] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" executing program [pid 6286] <... mount resumed>) = 0 [pid 6289] write(1, "executing program\n", 18) = 18 [pid 6289] memfd_create("syzkaller", 0) = 3 [pid 6286] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6286] chdir("./file1") = 0 [pid 6289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6286] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6286] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6288] <... write resumed>) = 524288 [pid 5831] newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6287] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6287] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6287] chdir("./file1" [pid 5831] <... openat resumed>) = 4 [pid 6287] <... chdir resumed>) = 0 [pid 6287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6288] munmap(0x7ff1eb400000, 138412032 [pid 5831] newfstatat(4, "", [pid 6288] <... munmap resumed>) = 0 [pid 6287] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] getdents64(4, [pid 6288] <... openat resumed>) = 4 [pid 6286] <... link resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6286] sync( [pid 5831] getdents64(4, [pid 6288] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 6287] <... link resumed>) = 0 [pid 6289] <... write resumed>) = 524288 [pid 6288] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6288] close(3 [pid 6287] sync( [pid 5831] rmdir("./80/file1" [pid 6289] munmap(0x7ff1eb400000, 138412032 [pid 6288] <... close resumed>) = 0 [pid 6289] <... munmap resumed>) = 0 [pid 6288] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 6288] <... close resumed>) = 0 [pid 6288] mkdir("./file1", 0777 [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6286] <... sync resumed>) = 0 [pid 5831] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6289] <... openat resumed>) = 4 [pid 6288] <... mkdir resumed>) = 0 [pid 6286] exit_group(0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6289] ioctl(4, LOOP_SET_FD, 3 [pid 6287] <... sync resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./80/binderfs", [pid 6288] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6286] <... exit_group resumed>) = ? [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6286] +++ exited with 0 +++ [pid 5831] unlink("./80/binderfs" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6286, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6287] exit_group(0) = ? [pid 6287] +++ exited with 0 +++ [pid 5831] <... unlink resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6287, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] getdents64(3, [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6289] <... ioctl resumed>) = 0 [pid 6288] <... mount resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6289] close(3 [pid 5832] newfstatat(3, "", [pid 6289] <... close resumed>) = 0 [pid 6288] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6289] close(4 [pid 6288] <... openat resumed>) = 3 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... openat resumed>) = 3 [pid 5832] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6289] <... close resumed>) = 0 [pid 5830] getdents64(3, [ 130.375119][ T6288] loop1: detected capacity change from 0 to 1024 [ 130.405006][ T6289] loop0: detected capacity change from 0 to 1024 [pid 6289] mkdir("./file1", 0777 [pid 6288] chdir("./file1" [pid 6289] <... mkdir resumed>) = 0 [pid 5831] rmdir("./80" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6289] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6288] <... chdir resumed>) = 0 [pid 6288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 5830] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6288] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6288] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] mkdir("./81", 0777) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6288] <... link resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... umount2 resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6288] sync( [pid 5832] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6289] <... mount resumed>) = 0 [pid 6289] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... openat resumed>) = 4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(4, "", [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5830] newfstatat(AT_FDCWD, "./90/file1", [pid 5831] <... close resumed>) = 0 [pid 6289] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 6290 attached [pid 6289] chdir("./file1" [pid 5832] getdents64(4, [pid 5830] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6290] set_robust_list(0x5555934ed660, 24 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6289] <... chdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6290 [pid 6290] <... set_robust_list resumed>) = 0 [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] close(4 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 6290] chdir("./81" [pid 6289] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] rmdir("./88/file1" [pid 5830] getdents64(4, [pid 6290] <... chdir resumed>) = 0 [pid 6289] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6290] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] getdents64(4, [pid 6290] <... prctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6290] setpgid(0, 0 [pid 5832] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] close(4 [pid 6290] <... setpgid resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6288] <... sync resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6288] exit_group(0 [pid 5832] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] rmdir("./90/file1" [pid 5832] unlink("./88/binderfs") = 0 [pid 6288] <... exit_group resumed>) = ? [pid 6290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6290] <... openat resumed>) = 3 [pid 6288] +++ exited with 0 +++ [pid 5832] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6288, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6289] <... link resumed>) = 0 [pid 5832] close(3 [pid 6289] sync( [pid 5832] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] rmdir("./88" [pid 5830] unlink("./90/binderfs" [pid 6290] write(3, "1000", 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] mkdir("./89", 0777 [pid 6290] <... write resumed>) = 4 [pid 5830] getdents64(3, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6290] close(3 [pid 5830] close(3 [pid 6290] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6290] symlink("/dev/binderfs", "./binderfs" [pid 5830] rmdir("./90" [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, [pid 5830] mkdir("./91", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 6290] <... symlink resumed>) = 0 [pid 6289] <... sync resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6289] exit_group(0 [pid 5830] <... openat resumed>) = 3 [pid 6289] <... exit_group resumed>) = ? [pid 5832] close(3executing program [pid 6290] write(1, "executing program\n", 18 [pid 6289] +++ exited with 0 +++ [pid 5832] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6290] <... write resumed>) = 18 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6289, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5830] close(3 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6290] memfd_create("syzkaller", 0 [pid 5830] <... close resumed>) = 0 ./strace-static-x86_64: Process 6291 attached [pid 6290] <... memfd_create resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6291 ./strace-static-x86_64: Process 6292 attached [pid 6291] set_robust_list(0x5555934ed660, 24) = 0 [pid 6291] chdir("./89") = 0 [pid 6291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6291] setpgid(0, 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6292] set_robust_list(0x5555934ed660, 24 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6291] <... setpgid resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6291] <... openat resumed>) = 3 [pid 5828] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6292] <... set_robust_list resumed>) = 0 [pid 6290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6292 [pid 6292] chdir("./91" [pid 6291] write(3, "1000", 4) = 4 [pid 5829] <... umount2 resumed>) = 0 [pid 6291] close(3) = 0 [pid 6291] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6291] write(1, "executing program\n", 18 [pid 5829] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6291] <... write resumed>) = 18 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6291] memfd_create("syzkaller", 0 [pid 5829] newfstatat(AT_FDCWD, "./88/file1", [pid 6291] <... memfd_create resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6292] <... chdir resumed>) = 0 [pid 6291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6291] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6292] <... prctl resumed>) = 0 [pid 6292] setpgid(0, 0 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 6291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./88/file1" [pid 6292] <... setpgid resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./88/binderfs", [pid 6292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6292] <... openat resumed>) = 3 [pid 5829] unlink("./88/binderfs" [pid 6292] write(3, "1000", 4) = 4 [pid 5829] <... unlink resumed>) = 0 [pid 6292] close(3 [pid 5829] getdents64(3, [pid 6292] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6292] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6290] <... write resumed>) = 524288 [pid 5829] close(3 [pid 5828] <... umount2 resumed>) = 0 [pid 6292] write(1, "executing program\n", 18 [pid 6290] munmap(0x7ff1eb400000, 138412032 [pid 6292] <... write resumed>) = 18 [pid 5829] <... close resumed>) = 0 [pid 6290] <... munmap resumed>) = 0 [pid 6292] memfd_create("syzkaller", 0 [pid 5829] rmdir("./88" [pid 6292] <... memfd_create resumed>) = 3 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6292] <... mmap resumed>) = 0x7ff1eb400000 [pid 6290] <... openat resumed>) = 4 [pid 6291] <... write resumed>) = 524288 [pid 5829] mkdir("./89", 0777 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... mkdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./88/file1", [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... ioctl resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] close(3 [pid 5828] <... openat resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 6292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6291] munmap(0x7ff1eb400000, 138412032 [pid 6290] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... close resumed>) = 0 ./strace-static-x86_64: Process 6293 attached [pid 6291] <... munmap resumed>) = 0 [pid 5828] rmdir("./88/file1") = 0 [pid 6293] set_robust_list(0x5555934ed660, 24 [pid 6291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6293 [pid 6293] <... set_robust_list resumed>) = 0 [pid 6293] chdir("./89") = 0 [pid 6293] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6293] <... prctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6293] setpgid(0, 0 [pid 5828] newfstatat(AT_FDCWD, "./88/binderfs", [pid 6293] <... setpgid resumed>) = 0 [pid 6292] <... write resumed>) = 524288 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6292] munmap(0x7ff1eb400000, 138412032 [pid 6291] <... openat resumed>) = 4 [pid 5828] unlink("./88/binderfs" [pid 6291] ioctl(4, LOOP_SET_FD, 3 [pid 6293] <... openat resumed>) = 3 [pid 6292] <... munmap resumed>) = 0 [pid 6290] <... ioctl resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6293] write(3, "1000", 4 [pid 5828] getdents64(3, [pid 6293] <... write resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6293] close(3 [pid 6292] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6290] close(3 [pid 5828] close(3 [pid 6290] <... close resumed>) = 0 [pid 6293] <... close resumed>) = 0 [pid 6292] <... openat resumed>) = 4 [pid 6290] close(4 [pid 5828] <... close resumed>) = 0 [pid 6293] symlink("/dev/binderfs", "./binderfs" [pid 5828] rmdir("./88" [pid 6293] <... symlink resumed>) = 0 [pid 6292] ioctl(4, LOOP_SET_FD, 3 [pid 6290] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6290] mkdir("./file1", 0777 [pid 5828] mkdir("./89", 0777executing program [pid 6293] write(1, "executing program\n", 18 [pid 6290] <... mkdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6290] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6293] <... write resumed>) = 18 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6293] memfd_create("syzkaller", 0 [pid 5828] <... openat resumed>) = 3 [pid 6293] <... memfd_create resumed>) = 3 [pid 6293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [ 130.665067][ T6290] loop3: detected capacity change from 0 to 1024 [ 130.672745][ T6291] loop4: detected capacity change from 0 to 1024 [pid 5828] close(3 [pid 6293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6291] <... ioctl resumed>) = 0 [pid 6291] close(3 [pid 6290] <... mount resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6291] <... close resumed>) = 0 [pid 6291] close(4) = 0 [pid 6291] mkdir("./file1", 0777) = 0 [pid 6291] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6294 attached [pid 6293] <... write resumed>) = 524288 [pid 6290] <... openat resumed>) = 3 [pid 6294] set_robust_list(0x5555934ed660, 24 [pid 6290] chdir("./file1" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6294 [pid 6294] <... set_robust_list resumed>) = 0 [pid 6290] <... chdir resumed>) = 0 [pid 6294] chdir("./89" [pid 6292] <... ioctl resumed>) = 0 [pid 6290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6294] <... chdir resumed>) = 0 [pid 6292] close(3 [pid 6294] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6292] <... close resumed>) = 0 [pid 6290] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6294] <... prctl resumed>) = 0 [pid 6292] close(4 [pid 6290] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6294] setpgid(0, 0) = 0 [pid 6292] <... close resumed>) = 0 [pid 6294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6293] munmap(0x7ff1eb400000, 138412032 [pid 6292] mkdir("./file1", 0777 [pid 6294] <... openat resumed>) = 3 [pid 6293] <... munmap resumed>) = 0 [pid 6292] <... mkdir resumed>) = 0 [pid 6291] <... mount resumed>) = 0 [pid 6294] write(3, "1000", 4 [pid 6292] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6294] <... write resumed>) = 4 [pid 6294] close(3) = 0 [pid 6293] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6294] symlink("/dev/binderfs", "./binderfs" [pid 6293] <... openat resumed>) = 4 [pid 6291] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6293] ioctl(4, LOOP_SET_FD, 3 [pid 6291] <... openat resumed>) = 3 [pid 6291] chdir("./file1") = 0 executing program [pid 6294] <... symlink resumed>) = 0 [pid 6292] <... mount resumed>) = 0 [pid 6291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6294] write(1, "executing program\n", 18 [pid 6290] <... link resumed>) = 0 [pid 6292] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6290] sync( [pid 6294] <... write resumed>) = 18 [ 130.717997][ T6292] loop2: detected capacity change from 0 to 1024 [pid 6294] memfd_create("syzkaller", 0 [pid 6291] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6294] <... memfd_create resumed>) = 3 [pid 6291] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6292] <... openat resumed>) = 3 [pid 6294] <... mmap resumed>) = 0x7ff1eb400000 [pid 6292] chdir("./file1") = 0 [pid 6292] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6291] <... link resumed>) = 0 [pid 6291] sync( [pid 6293] <... ioctl resumed>) = 0 [pid 6294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6292] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6291] <... sync resumed>) = 0 [pid 6290] <... sync resumed>) = 0 [pid 6294] <... write resumed>) = 524288 [pid 6293] close(3 [pid 6292] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6291] exit_group(0 [pid 6290] exit_group(0) = ? [pid 6291] <... exit_group resumed>) = ? [pid 6293] <... close resumed>) = 0 [pid 6291] +++ exited with 0 +++ [pid 6293] close(4 [pid 6290] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6291, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6294] munmap(0x7ff1eb400000, 138412032 [pid 6293] <... close resumed>) = 0 [pid 6294] <... munmap resumed>) = 0 [pid 6293] mkdir("./file1", 0777 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6290, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6294] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6294] <... openat resumed>) = 4 [ 130.767841][ T6293] loop1: detected capacity change from 0 to 1024 [pid 6294] ioctl(4, LOOP_SET_FD, 3 [pid 6293] <... mkdir resumed>) = 0 [pid 6293] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6292] <... link resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6292] sync( [pid 5832] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] newfstatat(3, "", [pid 5831] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(3, "", [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6294] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6294] close(3) = 0 [pid 6294] close(4) = 0 [pid 6294] mkdir("./file1", 0777) = 0 [pid 6294] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6294] <... mount resumed>) = 0 [pid 6294] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6294] chdir("./file1") = 0 [pid 6294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = 0 [pid 6294] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [ 130.827737][ T6294] loop0: detected capacity change from 0 to 1024 [pid 5832] close(4) = 0 [pid 5832] rmdir("./89/file1") = 0 [pid 6294] <... link resumed>) = 0 [pid 6294] sync( [pid 5832] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./89/binderfs") = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./89") = 0 [pid 6293] <... mount resumed>) = 0 [pid 6293] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] mkdir("./90", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6295 attached [pid 6293] <... openat resumed>) = 3 [pid 6293] chdir("./file1" [pid 6295] set_robust_list(0x5555934ed660, 24 [pid 5831] <... umount2 resumed>) = 0 [pid 6295] <... set_robust_list resumed>) = 0 [pid 6293] <... chdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6295 [pid 5831] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6295] chdir("./90" [pid 6293] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6293] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] newfstatat(AT_FDCWD, "./81/file1", [pid 6295] <... chdir resumed>) = 0 [pid 6293] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6292] <... sync resumed>) = 0 [pid 6295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6294] <... sync resumed>) = 0 [pid 6292] exit_group(0 [pid 5831] umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6295] <... prctl resumed>) = 0 [pid 6292] <... exit_group resumed>) = ? [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6295] setpgid(0, 0 [pid 6294] exit_group(0 [pid 5831] openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6295] <... setpgid resumed>) = 0 [pid 6295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... openat resumed>) = 4 [pid 6294] <... exit_group resumed>) = ? [pid 6295] <... openat resumed>) = 3 [pid 6294] +++ exited with 0 +++ [pid 5831] newfstatat(4, "", [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6294, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6295] write(3, "1000", 4 [pid 6292] +++ exited with 0 +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6292, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5828] <... restart_syscall resumed>) = 0 [pid 6295] <... write resumed>) = 4 [pid 6295] close(3 [pid 5828] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6295] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5828] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6295] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6295] <... symlink resumed>) = 0 [pid 5831] getdents64(4, [pid 5828] <... openat resumed>) = 3 executing program [pid 6295] write(1, "executing program\n", 18 [pid 5828] newfstatat(3, "", [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6295] <... write resumed>) = 18 [pid 5831] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6295] memfd_create("syzkaller", 0 [pid 5831] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 6293] <... link resumed>) = 0 [pid 5831] rmdir("./81/file1" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 6295] <... memfd_create resumed>) = 3 [pid 6295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6293] sync( [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./81/binderfs", [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] unlink("./81/binderfs") = 0 [pid 5828] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5828] newfstatat(AT_FDCWD, "./89/file1", [pid 5831] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./81" [pid 5830] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./91/file1", [pid 5828] openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5830] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(4, "", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] mkdir("./82", 0777 [pid 5830] openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(4, [pid 5830] <... openat resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] newfstatat(4, "", [pid 5828] getdents64(4, [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 5828] close(4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./89/file1" [pid 5830] getdents64(4, [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6293] <... sync resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] close(4 [pid 5831] <... openat resumed>) = 3 [pid 6295] <... write resumed>) = 524288 [pid 6293] exit_group(0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... close resumed>) = 0 [pid 5828] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./91/file1" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... rmdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./89/binderfs" [pid 6295] munmap(0x7ff1eb400000, 138412032 [pid 5830] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... unlink resumed>) = 0 [pid 6295] <... munmap resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./91/binderfs", [pid 5828] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 6293] <... exit_group resumed>) = ? [pid 5831] <... ioctl resumed>) = 0 [pid 5830] unlink("./91/binderfs" [pid 5828] rmdir("./89" [pid 6295] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 5828] mkdir("./90", 0777 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./91" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./92", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6296 attached ./strace-static-x86_64: Process 6297 attached [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6296 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6293] +++ exited with 0 +++ [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6293, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6297 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6298 attached [pid 6297] set_robust_list(0x5555934ed660, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6298 [pid 6297] chdir("./90") = 0 [pid 6297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6296] set_robust_list(0x5555934ed660, 24 [pid 6297] <... prctl resumed>) = 0 [pid 6298] set_robust_list(0x5555934ed660, 24 [pid 6297] setpgid(0, 0 [pid 6296] <... set_robust_list resumed>) = 0 [pid 6298] <... set_robust_list resumed>) = 0 [pid 6297] <... setpgid resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6298] chdir("./92" [pid 6296] chdir("./82" [pid 6295] <... openat resumed>) = 4 [pid 6295] ioctl(4, LOOP_SET_FD, 3 [pid 6297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6296] <... chdir resumed>) = 0 [pid 6298] <... chdir resumed>) = 0 [pid 5829] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6297] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6298] <... prctl resumed>) = 0 [pid 6297] write(3, "1000", 4 [pid 6296] <... prctl resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6298] setpgid(0, 0 [pid 6297] <... write resumed>) = 4 [pid 6296] setpgid(0, 0 [pid 5829] <... openat resumed>) = 3 [pid 6298] <... setpgid resumed>) = 0 [pid 6297] close(3 [pid 5829] newfstatat(3, "", [pid 6296] <... setpgid resumed>) = 0 [pid 6298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6297] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6298] <... openat resumed>) = 3 [pid 6297] symlink("/dev/binderfs", "./binderfs" [pid 6296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] getdents64(3, [pid 6298] write(3, "1000", 4 [pid 6297] <... symlink resumed>) = 0 [pid 6296] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6296] write(3, "1000", 4 [pid 6298] <... write resumed>) = 4 [pid 6297] write(1, "executing program\n", 18 [pid 6296] <... write resumed>) = 4 [pid 5829] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6296] close(3 [pid 6298] close(3 [pid 6297] <... write resumed>) = 18 [pid 6298] <... close resumed>) = 0 [pid 6297] memfd_create("syzkaller", 0 [pid 6296] <... close resumed>) = 0 executing program [pid 6298] symlink("/dev/binderfs", "./binderfs" [pid 6297] <... memfd_create resumed>) = 3 [pid 6296] symlink("/dev/binderfs", "./binderfs" [pid 6298] <... symlink resumed>) = 0 [pid 6297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6296] <... symlink resumed>) = 0 executing program executing program [pid 6298] write(1, "executing program\n", 18 [pid 6296] write(1, "executing program\n", 18 [pid 6295] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6296] <... write resumed>) = 18 [pid 6298] <... write resumed>) = 18 [pid 6297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6295] close(3 [pid 6298] memfd_create("syzkaller", 0 [pid 6295] <... close resumed>) = 0 [pid 6295] close(4 [pid 6298] <... memfd_create resumed>) = 3 [pid 6295] <... close resumed>) = 0 [pid 6295] mkdir("./file1", 0777 [pid 6298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6297] <... write resumed>) = 524288 [pid 6296] memfd_create("syzkaller", 0 [pid 6295] <... mkdir resumed>) = 0 [pid 6298] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6296] <... memfd_create resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5829] newfstatat(AT_FDCWD, "./89/file1", [pid 6295] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [ 131.082721][ T6295] loop4: detected capacity change from 0 to 1024 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./89/file1") = 0 [pid 5829] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6297] munmap(0x7ff1eb400000, 138412032 [pid 6295] <... mount resumed>) = 0 [pid 6297] <... munmap resumed>) = 0 [pid 6295] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6295] chdir("./file1" [pid 5829] newfstatat(AT_FDCWD, "./89/binderfs", [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6295] <... chdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6297] <... openat resumed>) = 4 [pid 6295] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] unlink("./89/binderfs" [pid 6297] ioctl(4, LOOP_SET_FD, 3 [pid 6295] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... unlink resumed>) = 0 [pid 6296] <... write resumed>) = 524288 [pid 6295] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 6298] <... write resumed>) = 524288 [pid 6296] munmap(0x7ff1eb400000, 138412032 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./89" [pid 6296] <... munmap resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./90", 0777 [pid 6298] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6296] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6298] <... openat resumed>) = 4 [pid 6298] ioctl(4, LOOP_SET_FD, 3 [pid 6296] <... openat resumed>) = 4 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6296] ioctl(4, LOOP_SET_FD, 3 [pid 6295] <... link resumed>) = 0 [pid 6295] sync( [pid 6298] <... ioctl resumed>) = 0 [pid 6297] <... ioctl resumed>) = 0 [pid 6297] close(3) = 0 [pid 6297] close(4 [pid 6298] close(3) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6297] <... close resumed>) = 0 [pid 6297] mkdir("./file1", 0777 [pid 6298] close(4 [pid 6297] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6299 attached [pid 6298] <... close resumed>) = 0 [pid 6298] mkdir("./file1", 0777) = 0 [pid 6297] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6299] set_robust_list(0x5555934ed660, 24 [pid 6298] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6299 [pid 6299] <... set_robust_list resumed>) = 0 [pid 6299] chdir("./90") = 0 [pid 6299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6297] <... mount resumed>) = 0 [pid 6296] <... ioctl resumed>) = 0 [pid 6296] close(3) = 0 [pid 6299] <... prctl resumed>) = 0 [pid 6296] close(4 [pid 6299] setpgid(0, 0 [pid 6297] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6296] <... close resumed>) = 0 [pid 6299] <... setpgid resumed>) = 0 [pid 6297] <... openat resumed>) = 3 [ 131.157255][ T6297] loop0: detected capacity change from 0 to 1024 [ 131.182157][ T6298] loop2: detected capacity change from 0 to 1024 [ 131.191957][ T6296] loop3: detected capacity change from 0 to 1024 [pid 6299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6298] <... mount resumed>) = 0 [pid 6297] chdir("./file1" [pid 6296] mkdir("./file1", 0777 [pid 6299] <... openat resumed>) = 3 [pid 6298] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6295] <... sync resumed>) = 0 [pid 6298] <... openat resumed>) = 3 [pid 6297] <... chdir resumed>) = 0 [pid 6296] <... mkdir resumed>) = 0 [pid 6299] write(3, "1000", 4) = 4 [pid 6298] chdir("./file1" [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6295] exit_group(0 [pid 6299] close(3 [pid 6298] <... chdir resumed>) = 0 [pid 6297] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6296] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6295] <... exit_group resumed>) = ? [pid 6299] <... close resumed>) = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6297] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6295] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6295, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6299] symlink("/dev/binderfs", "./binderfs" [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6299] <... symlink resumed>) = 0 executing program [pid 6298] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6299] write(1, "executing program\n", 18 [pid 6298] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6299] <... write resumed>) = 18 [pid 6299] memfd_create("syzkaller", 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6299] <... memfd_create resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... openat resumed>) = 3 [pid 6299] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6297] <... link resumed>) = 0 [pid 6298] <... link resumed>) = 0 [pid 6297] sync( [pid 6298] sync( [pid 6299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 6299] <... write resumed>) = 524288 [pid 5832] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6299] munmap(0x7ff1eb400000, 138412032 [pid 5832] openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6299] <... munmap resumed>) = 0 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] getdents64(4, [pid 6299] <... openat resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6299] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [pid 6299] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] rmdir("./90/file1" [pid 6299] ioctl(4, LOOP_CLR_FD [pid 6296] <... mount resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6299] <... ioctl resumed>) = 0 [pid 6296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6296] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6299] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(AT_FDCWD, "./90/binderfs", [pid 6299] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6296] chdir("./file1" [pid 6299] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6299] <... close resumed>) = 0 [pid 6296] <... chdir resumed>) = 0 [pid 5832] unlink("./90/binderfs" [pid 6299] close(3 [pid 6296] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6298] <... sync resumed>) = 0 [pid 6297] <... sync resumed>) = 0 [pid 6296] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... unlink resumed>) = 0 [pid 6298] exit_group(0 [pid 6297] exit_group(0 [pid 6296] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 6297] <... exit_group resumed>) = ? [pid 5832] rmdir("./90" [pid 6298] <... exit_group resumed>) = ? [pid 6297] +++ exited with 0 +++ [pid 5832] <... rmdir resumed>) = 0 [pid 6298] +++ exited with 0 +++ [pid 5832] mkdir("./91", 0777) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6297, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6298, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6299] <... close resumed>) = 0 [pid 5828] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... openat resumed>) = 3 [pid 6299] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(3, "", [pid 6299] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5832] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6299] sync( [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(3, [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] close(3 [pid 5830] newfstatat(3, "", [pid 5832] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] getdents64(3, ./strace-static-x86_64: Process 6300 attached [pid 6300] set_robust_list(0x5555934ed660, 24 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6300] <... set_robust_list resumed>) = 0 [pid 5830] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6300] chdir("./91" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6300 [pid 6300] <... chdir resumed>) = 0 [pid 6300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6300] setpgid(0, 0) = 0 executing program [pid 6300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6296] <... link resumed>) = 0 [pid 6300] write(3, "1000", 4) = 4 [pid 6300] close(3) = 0 [pid 6300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6300] write(1, "executing program\n", 18) = 18 [pid 6300] memfd_create("syzkaller", 0) = 3 [pid 6300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6296] sync( [pid 5828] <... umount2 resumed>) = 0 [pid 5828] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6296] <... sync resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6296] exit_group(0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6299] <... sync resumed>) = 0 [pid 6296] <... exit_group resumed>) = ? [pid 5830] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6299] exit_group(0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 6300] <... write resumed>) = 524288 [pid 6299] <... exit_group resumed>) = ? [pid 5830] newfstatat(AT_FDCWD, "./92/file1", [pid 5828] rmdir("./90/file1" [pid 6296] +++ exited with 0 +++ [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6300] munmap(0x7ff1eb400000, 138412032 [pid 6299] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6296, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6299, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5830] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6300] <... munmap resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] unlink("./90/binderfs" [pid 5831] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(4, [pid 5831] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(3, [pid 6300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 5830] getdents64(4, [pid 5831] newfstatat(3, "", [pid 5829] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6300] <... openat resumed>) = 4 [pid 6300] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5831] getdents64(3, [pid 5830] close(4 [pid 5829] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] rmdir("./90") = 0 [pid 5828] mkdir("./91", 0777) = 0 [pid 5831] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./92/file1" [pid 5829] newfstatat(3, "", [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] close(3 [pid 5830] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] newfstatat(AT_FDCWD, "./92/binderfs", [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6301 [pid 5829] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6301 attached [pid 6300] <... ioctl resumed>) = 0 [pid 5831] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./90/binderfs", [pid 6300] close(3 [pid 5831] newfstatat(AT_FDCWD, "./82/file1", [pid 5830] unlink("./92/binderfs" [pid 6301] set_robust_list(0x5555934ed660, 24 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6301] <... set_robust_list resumed>) = 0 [pid 6301] chdir("./91" [pid 5831] umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 5829] unlink("./90/binderfs" [pid 6301] <... chdir resumed>) = 0 [pid 6301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6301] setpgid(0, 0) = 0 [pid 6301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6300] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] getdents64(3, [pid 5829] <... unlink resumed>) = 0 [pid 6300] close(4 [pid 5831] openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6300] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 6300] mkdir("./file1", 0777 [pid 5831] <... openat resumed>) = 4 [pid 5830] close(3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6301] <... openat resumed>) = 3 [pid 6300] <... mkdir resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5830] <... close resumed>) = 0 [pid 5829] close(3 [pid 6300] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] rmdir("./92" [pid 5829] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 131.448913][ T6300] loop4: detected capacity change from 0 to 1024 [pid 5829] rmdir("./90" [pid 6301] write(3, "1000", 4 [pid 5831] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6301] <... write resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] mkdir("./91", 0777 [pid 6301] close(3 [pid 6300] <... mount resumed>) = 0 [pid 5830] mkdir("./93", 0777executing program [pid 6301] <... close resumed>) = 0 [pid 6300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6300] <... openat resumed>) = 3 [pid 5831] getdents64(4, [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 6300] chdir("./file1" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6300] <... chdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6301] write(1, "executing program\n", 18 [pid 6300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] rmdir("./82/file1" [pid 5830] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 3 [pid 6301] <... write resumed>) = 18 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6301] memfd_create("syzkaller", 0 [pid 6300] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6300] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] close(3 [pid 5829] close(3 [pid 6301] <... memfd_create resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6302 attached [pid 6301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] unlink("./82/binderfs" [pid 6302] set_robust_list(0x5555934ed660, 24 [pid 6301] <... write resumed>) = 524288 [pid 5831] <... unlink resumed>) = 0 [pid 6302] <... set_robust_list resumed>) = 0 [pid 5831] getdents64(3, [pid 6302] chdir("./91" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6302 ./strace-static-x86_64: Process 6303 attached [pid 6303] set_robust_list(0x5555934ed660, 24 [pid 6302] <... chdir resumed>) = 0 [pid 5831] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6303 [pid 6303] <... set_robust_list resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6303] chdir("./93" [pid 6302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6300] <... link resumed>) = 0 [pid 6303] <... chdir resumed>) = 0 [pid 5831] rmdir("./82" [pid 6303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6303] setpgid(0, 0 [pid 6302] <... prctl resumed>) = 0 [pid 6300] sync( [pid 5831] <... rmdir resumed>) = 0 [pid 6303] <... setpgid resumed>) = 0 [pid 6302] setpgid(0, 0 [pid 5831] mkdir("./83", 0777 [pid 6302] <... setpgid resumed>) = 0 [pid 6302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... mkdir resumed>) = 0 [pid 6301] munmap(0x7ff1eb400000, 138412032 [pid 6303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6301] <... munmap resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6303] <... openat resumed>) = 3 [pid 6302] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 6303] write(3, "1000", 4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6303] <... write resumed>) = 4 [pid 6303] close(3 [pid 6302] write(3, "1000", 4 [pid 6301] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... ioctl resumed>) = 0 [pid 6302] <... write resumed>) = 4 [pid 6301] <... openat resumed>) = 4 [pid 6302] close(3 [pid 6301] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6301] ioctl(4, LOOP_CLR_FD [pid 6302] <... close resumed>) = 0 [pid 6301] <... ioctl resumed>) = 0 [pid 6302] symlink("/dev/binderfs", "./binderfs" [pid 6303] <... close resumed>) = 0 [pid 6302] <... symlink resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6303] symlink("/dev/binderfs", "./binderfs" [pid 6301] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6301] close(4) = 0 [pid 6301] close(3executing program executing program ./strace-static-x86_64: Process 6304 attached [pid 6303] <... symlink resumed>) = 0 [pid 6303] write(1, "executing program\n", 18 [pid 6302] write(1, "executing program\n", 18 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6304 [pid 6303] <... write resumed>) = 18 [pid 6302] <... write resumed>) = 18 [pid 6303] memfd_create("syzkaller", 0 [pid 6302] memfd_create("syzkaller", 0 [pid 6304] set_robust_list(0x5555934ed660, 24 [pid 6303] <... memfd_create resumed>) = 3 [pid 6302] <... memfd_create resumed>) = 3 [pid 6301] <... close resumed>) = 0 [pid 6302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6304] <... set_robust_list resumed>) = 0 [pid 6303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6302] <... mmap resumed>) = 0x7ff1eb400000 [pid 6300] <... sync resumed>) = 0 [pid 6304] chdir("./83" [pid 6303] <... mmap resumed>) = 0x7ff1eb400000 [pid 6302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6300] exit_group(0) = ? [pid 6301] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6301] sync( [pid 6303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6304] <... chdir resumed>) = 0 [pid 6302] <... write resumed>) = 524288 [pid 6300] +++ exited with 0 +++ [pid 6304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6300, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6304] <... prctl resumed>) = 0 [pid 6304] setpgid(0, 0 [pid 6302] munmap(0x7ff1eb400000, 138412032 [pid 6304] <... setpgid resumed>) = 0 [pid 6303] <... write resumed>) = 524288 [pid 6302] <... munmap resumed>) = 0 [pid 6301] <... sync resumed>) = 0 [pid 6302] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6301] exit_group(0 [pid 6304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6302] <... openat resumed>) = 4 [pid 6301] <... exit_group resumed>) = ? [pid 6302] ioctl(4, LOOP_SET_FD, 3 [pid 6301] +++ exited with 0 +++ [pid 6304] <... openat resumed>) = 3 [pid 6303] munmap(0x7ff1eb400000, 138412032 [pid 5832] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6301, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... restart_syscall resumed>) = 0 [pid 6304] write(3, "1000", 4 [pid 6303] <... munmap resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6304] <... write resumed>) = 4 [pid 5828] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6304] close(3 [pid 6303] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6304] <... close resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6303] <... openat resumed>) = 4 [pid 5832] newfstatat(3, "", [pid 6304] symlink("/dev/binderfs", "./binderfs" [pid 6303] ioctl(4, LOOP_SET_FD, 3 [pid 6302] <... ioctl resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6302] close(3) = 0 [pid 6302] close(4executing program [pid 6304] <... symlink resumed>) = 0 [pid 6302] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(3, "", [pid 5832] getdents64(3, [pid 6302] mkdir("./file1", 0777 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6304] write(1, "executing program\n", 18 [pid 5832] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 6304] <... write resumed>) = 18 [pid 6302] <... mkdir resumed>) = 0 [pid 6302] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6304] memfd_create("syzkaller", 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6304] <... memfd_create resumed>) = 3 [pid 5828] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6304] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] newfstatat(AT_FDCWD, "./91/binderfs", [pid 6304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6303] <... ioctl resumed>) = 0 [pid 6303] close(3 [pid 5828] unlink("./91/binderfs" [pid 6303] <... close resumed>) = 0 [pid 6303] close(4 [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6303] <... close resumed>) = 0 [pid 5832] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 6303] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [ 131.663765][ T6302] loop1: detected capacity change from 0 to 1024 [ 131.696310][ T6303] loop2: detected capacity change from 0 to 1024 [pid 6304] <... write resumed>) = 524288 [pid 6303] <... mkdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./91/file1", [pid 5828] close(3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] rmdir("./91" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... rmdir resumed>) = 0 [pid 6304] munmap(0x7ff1eb400000, 138412032 [pid 6303] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] mkdir("./92", 0777 [pid 5832] <... openat resumed>) = 4 [pid 5828] <... mkdir resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5832] getdents64(4, [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] getdents64(4, [pid 5828] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6304] <... munmap resumed>) = 0 [pid 5832] close(4 [pid 5828] <... close resumed>) = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... close resumed>) = 0 ./strace-static-x86_64: Process 6305 attached [pid 6302] <... mount resumed>) = 0 [pid 6302] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6305] set_robust_list(0x5555934ed660, 24 [pid 5832] rmdir("./91/file1" [pid 6304] <... openat resumed>) = 4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6305 [pid 6305] <... set_robust_list resumed>) = 0 [pid 6302] <... openat resumed>) = 3 [pid 6304] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... rmdir resumed>) = 0 [pid 6305] chdir("./92" [pid 6302] chdir("./file1" [pid 6305] <... chdir resumed>) = 0 [pid 6302] <... chdir resumed>) = 0 [pid 5832] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6302] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6302] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6305] <... prctl resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./91/binderfs", [pid 6305] setpgid(0, 0 [pid 6304] <... ioctl resumed>) = 0 [pid 6303] <... mount resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6305] <... setpgid resumed>) = 0 [pid 6304] close(3 [pid 5832] unlink("./91/binderfs" [pid 6305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6304] <... close resumed>) = 0 [pid 6303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... unlink resumed>) = 0 [pid 6304] close(4 [pid 6305] <... openat resumed>) = 3 [pid 6304] <... close resumed>) = 0 [pid 6303] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 6305] write(3, "1000", 4 [pid 6304] mkdir("./file1", 0777 [pid 6305] <... write resumed>) = 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6305] close(3 [pid 6304] <... mkdir resumed>) = 0 [pid 6303] chdir("./file1" [pid 5832] close(3 [pid 6305] <... close resumed>) = 0 [pid 6303] <... chdir resumed>) = 0 [pid 6305] symlink("/dev/binderfs", "./binderfs" [pid 6303] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... close resumed>) = 0 executing program [pid 6305] <... symlink resumed>) = 0 [pid 6304] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6303] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] rmdir("./91" [pid 6305] write(1, "executing program\n", 18) = 18 [pid 6305] memfd_create("syzkaller", 0 [pid 6303] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6302] <... link resumed>) = 0 [pid 6305] <... memfd_create resumed>) = 3 [ 131.768967][ T6304] loop3: detected capacity change from 0 to 1024 [pid 6305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6302] sync( [pid 6305] <... mmap resumed>) = 0x7ff1eb400000 [pid 6303] <... link resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6303] sync( [pid 5832] mkdir("./92", 0777) = 0 [pid 6305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6304] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6306 attached [pid 6304] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6306] set_robust_list(0x5555934ed660, 24 [pid 6304] <... openat resumed>) = 3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6306 [pid 6304] chdir("./file1") = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6304] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6306] <... set_robust_list resumed>) = 0 [pid 6306] chdir("./92") = 0 [pid 6306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6306] setpgid(0, 0) = 0 [pid 6306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6306] write(3, "1000", 4) = 4 [pid 6306] close(3) = 0 [pid 6306] symlink("/dev/binderfs", "./binderfs" [pid 6302] <... sync resumed>) = 0 [pid 6305] <... write resumed>) = 524288 [pid 6302] exit_group(0 [pid 6303] <... sync resumed>) = 0 [pid 6302] <... exit_group resumed>) = ? [pid 6303] exit_group(0) = ? [pid 6306] <... symlink resumed>) = 0 [pid 6302] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6302, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6306] write(1, "executing program\n", 18 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6306] <... write resumed>) = 18 [pid 6305] munmap(0x7ff1eb400000, 138412032 [pid 6306] memfd_create("syzkaller", 0 [pid 6305] <... munmap resumed>) = 0 [pid 6304] <... link resumed>) = 0 [pid 6303] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6303, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6304] sync( [pid 6306] <... memfd_create resumed>) = 3 [pid 6305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6305] <... openat resumed>) = 4 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... restart_syscall resumed>) = 0 [pid 6306] <... mmap resumed>) = 0x7ff1eb400000 [pid 6305] ioctl(4, LOOP_SET_FD, 3 [pid 5829] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6304] <... sync resumed>) = 0 [pid 5830] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6304] exit_group(0 [pid 5830] <... openat resumed>) = 3 [pid 6304] <... exit_group resumed>) = ? [pid 5830] newfstatat(3, "", [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, [pid 6304] +++ exited with 0 +++ [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6304, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] getdents64(3, [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6305] <... ioctl resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6305] close(3 [pid 5831] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6306] <... write resumed>) = 524288 [pid 6305] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6305] close(4 [pid 5831] <... openat resumed>) = 3 [pid 6305] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5830] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6306] munmap(0x7ff1eb400000, 138412032 [ 131.921462][ T6305] loop0: detected capacity change from 0 to 1024 [pid 6305] mkdir("./file1", 0777 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6306] <... munmap resumed>) = 0 [pid 6305] <... mkdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] newfstatat(AT_FDCWD, "./93/file1", [pid 6305] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] newfstatat(AT_FDCWD, "./91/file1", [pid 6306] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6305] <... mount resumed>) = 0 [pid 5831] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6306] <... openat resumed>) = 4 [pid 6305] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6306] ioctl(4, LOOP_SET_FD, 3 [pid 6305] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 5829] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 6305] chdir("./file1" [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6305] <... chdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./83/file1", [pid 5830] getdents64(4, [pid 5829] <... openat resumed>) = 4 [pid 6305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] newfstatat(4, "", [pid 6305] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6305] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] close(4 [pid 5829] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./93/file1" [pid 5829] getdents64(4, [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5829] rmdir("./91/file1" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] unlink("./93/binderfs" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] <... unlink resumed>) = 0 [pid 5829] unlink("./91/binderfs" [pid 5831] newfstatat(4, "", [pid 5830] getdents64(3, [pid 5829] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(3, [pid 5830] close(3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] close(3 [pid 5830] rmdir("./93") = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./91" [pid 6306] <... ioctl resumed>) = 0 [pid 6305] <... link resumed>) = 0 [pid 5830] mkdir("./94", 0777 [pid 6305] sync( [pid 6306] close(3) = 0 [pid 5831] getdents64(4, [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6306] close(4) = 0 [pid 6306] mkdir("./file1", 0777) = 0 [pid 6306] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] mkdir("./92", 0777 [pid 5831] getdents64(4, [pid 5830] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5831] close(4 [pid 5830] <... ioctl resumed>) = 0 [ 132.005195][ T6306] loop4: detected capacity change from 0 to 1024 [pid 5831] <... close resumed>) = 0 [pid 5830] close(3 [pid 5831] rmdir("./83/file1" [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6307 attached [pid 6307] set_robust_list(0x5555934ed660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6307 [pid 5829] <... mkdir resumed>) = 0 [pid 6307] <... set_robust_list resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6307] chdir("./94" [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6307] <... chdir resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6306] <... mount resumed>) = 0 [pid 5831] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = 0 [pid 6307] setpgid(0, 0 [pid 6306] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6305] <... sync resumed>) = 0 [pid 6307] <... setpgid resumed>) = 0 [pid 6305] exit_group(0 [pid 5829] close(3 [pid 6305] <... exit_group resumed>) = ? [pid 6307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6306] <... openat resumed>) = 3 [pid 6306] chdir("./file1" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 6306] <... chdir resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./83/binderfs", [pid 6306] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6306] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] unlink("./83/binderfs" [pid 6306] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... unlink resumed>) = 0 [pid 6305] +++ exited with 0 +++ [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 6307] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./83") = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6305, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] mkdir("./84", 0777) = 0 [pid 6307] write(3, "1000", 4 [pid 6306] <... link resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6307] <... write resumed>) = 4 [pid 6306] sync( [pid 5828] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6307] close(3./strace-static-x86_64: Process 6308 attached [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6307] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3 [pid 6307] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6308 [pid 5828] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6308] set_robust_list(0x5555934ed660, 24) = 0 [pid 6308] chdir("./92" [pid 5828] <... openat resumed>) = 3 [pid 6308] <... chdir resumed>) = 0 [pid 6307] <... symlink resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6307] write(1, "executing program\n", 18executing program [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6307] <... write resumed>) = 18 [pid 6308] <... prctl resumed>) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6307] memfd_create("syzkaller", 0 [pid 5828] getdents64(3, [pid 6308] <... openat resumed>) = 3 [pid 6307] <... memfd_create resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6308] write(3, "1000", 4 [pid 6307] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... close resumed>) = 0 [pid 6308] <... write resumed>) = 4 [pid 5828] <... umount2 resumed>) = 0 [pid 6308] close(3) = 0 [pid 5828] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6308] symlink("/dev/binderfs", "./binderfs" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6309 attached [pid 6308] <... symlink resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6308] write(1, "executing program\n", 18executing program [pid 6307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6309] set_robust_list(0x5555934ed660, 24 [pid 6308] <... write resumed>) = 18 [pid 6309] <... set_robust_list resumed>) = 0 [pid 6308] memfd_create("syzkaller", 0 [pid 5828] newfstatat(AT_FDCWD, "./92/file1", [pid 6309] chdir("./84" [pid 6308] <... memfd_create resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6309 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6306] <... sync resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6309] <... chdir resumed>) = 0 [pid 6306] exit_group(0 [pid 5828] openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6306] <... exit_group resumed>) = ? [pid 5828] <... openat resumed>) = 4 [pid 6309] <... prctl resumed>) = 0 [pid 6306] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6306, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6309] setpgid(0, 0 [pid 5828] newfstatat(4, "", [pid 6309] <... setpgid resumed>) = 0 [pid 6309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6307] <... write resumed>) = 524288 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6309] write(3, "1000", 4 [pid 6307] munmap(0x7ff1eb400000, 138412032 [pid 5828] getdents64(4, [pid 6309] <... write resumed>) = 4 [pid 6309] close(3 [pid 6307] <... munmap resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6307] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6309] <... close resumed>) = 0 [pid 6307] <... openat resumed>) = 4 [pid 5828] getdents64(4, executing program [pid 6307] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] close(4 [pid 6309] write(1, "executing program\n", 18) = 18 [pid 6308] <... write resumed>) = 524288 [pid 6307] <... ioctl resumed>) = 0 [pid 6307] close(3 [pid 5832] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6307] <... close resumed>) = 0 [pid 6307] close(4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6307] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6307] mkdir("./file1", 0777 [pid 6309] memfd_create("syzkaller", 0 [pid 5832] <... openat resumed>) = 3 [pid 6309] <... memfd_create resumed>) = 3 [pid 6309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6307] <... mkdir resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 6309] <... mmap resumed>) = 0x7ff1eb400000 [pid 6308] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... close resumed>) = 0 [pid 6308] <... munmap resumed>) = 0 [pid 6307] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] getdents64(3, [pid 5828] rmdir("./92/file1" [pid 6308] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6308] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... rmdir resumed>) = 0 [pid 6309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6309] <... write resumed>) = 524288 [pid 6308] <... ioctl resumed>) = 0 [pid 5828] unlink("./92/binderfs" [pid 6309] munmap(0x7ff1eb400000, 138412032 [pid 6308] close(3 [pid 6307] <... mount resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6309] <... munmap resumed>) = 0 [pid 6308] <... close resumed>) = 0 [pid 6307] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6308] close(4 [pid 5828] getdents64(3, [pid 6308] <... close resumed>) = 0 [pid 6307] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6308] mkdir("./file1", 0777 [pid 6307] chdir("./file1" [pid 5828] close(3 [pid 6309] <... openat resumed>) = 4 [pid 6308] <... mkdir resumed>) = 0 [pid 6307] <... chdir resumed>) = 0 [pid 5832] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... close resumed>) = 0 [pid 6309] ioctl(4, LOOP_SET_FD, 3 [ 132.212568][ T6307] loop2: detected capacity change from 0 to 1024 [ 132.233991][ T6308] loop1: detected capacity change from 0 to 1024 [pid 6308] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6307] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./92") = 0 [pid 6307] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6307] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] mkdir("./93", 0777) = 0 [pid 6309] <... ioctl resumed>) = 0 [pid 6308] <... mount resumed>) = 0 [pid 6307] <... link resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6307] sync( [pid 6308] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6308] chdir("./file1") = 0 [pid 6308] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6309] close(3 [pid 6308] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 6308] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6309] <... close resumed>) = 0 [pid 6309] close(4 [pid 5832] getdents64(4, [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... ioctl resumed>) = 0 [pid 5832] getdents64(4, [pid 5828] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6309] <... close resumed>) = 0 [ 132.267173][ T6309] loop3: detected capacity change from 0 to 1024 [pid 5832] close(4 [pid 6309] mkdir("./file1", 0777 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./92/file1" [pid 6309] <... mkdir resumed>) = 0 [pid 6308] <... link resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6309] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6308] sync( [pid 6307] <... sync resumed>) = 0 [pid 5832] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6310 attached [pid 6307] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6310] set_robust_list(0x5555934ed660, 24 [pid 6307] <... exit_group resumed>) = ? [pid 5832] newfstatat(AT_FDCWD, "./92/binderfs", [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6310 [pid 6310] <... set_robust_list resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6310] chdir("./93") = 0 [pid 6310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6310] setpgid(0, 0) = 0 [pid 6307] +++ exited with 0 +++ [pid 6310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] unlink("./92/binderfs" [pid 6310] <... openat resumed>) = 3 [pid 5832] <... unlink resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6307, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] getdents64(3, [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6310] write(3, "1000", 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6310] <... write resumed>) = 4 [pid 5832] close(3 [pid 6310] close(3) = 0 [pid 5832] <... close resumed>) = 0 [pid 6310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] rmdir("./92" [pid 6310] write(1, "executing program\n", 18executing program ) = 18 [pid 6310] memfd_create("syzkaller", 0) = 3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 6310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6310] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... openat resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 6309] <... mount resumed>) = 0 [pid 5832] mkdir("./93", 0777 [pid 5830] newfstatat(3, "", [pid 6309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6309] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6309] chdir("./file1" [pid 5832] <... mkdir resumed>) = 0 [pid 5830] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6309] <... chdir resumed>) = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6309] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6309] <... link resumed>) = 0 [pid 6309] sync( [pid 5830] <... umount2 resumed>) = 0 [pid 6310] <... write resumed>) = 524288 [pid 6310] munmap(0x7ff1eb400000, 138412032 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6310] <... munmap resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5830] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6308] <... sync resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6310] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6309] <... sync resumed>) = 0 [pid 6310] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6311 attached [pid 6310] ioctl(4, LOOP_SET_FD, 3 [pid 6309] exit_group(0 [pid 6308] exit_group(0 [pid 5830] newfstatat(AT_FDCWD, "./94/file1", [pid 6311] set_robust_list(0x5555934ed660, 24 [pid 6309] <... exit_group resumed>) = ? [pid 6308] <... exit_group resumed>) = ? [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6311 [pid 6309] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ [pid 5830] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6309, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6311] <... set_robust_list resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6311] chdir("./93" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6311] <... chdir resumed>) = 0 [pid 6310] <... ioctl resumed>) = 0 [pid 6311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... restart_syscall resumed>) = 0 [pid 6311] <... prctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 4 [pid 6311] setpgid(0, 0) = 0 [pid 5830] newfstatat(4, "", [pid 6311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6310] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6310] <... close resumed>) = 0 [pid 6311] <... openat resumed>) = 3 [pid 6310] close(4 [pid 5831] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(4, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6311] write(3, "1000", 4 [pid 6310] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6311] <... write resumed>) = 4 [pid 6310] mkdir("./file1", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6311] close(3 [pid 6310] <... mkdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 6311] <... close resumed>) = 0 [pid 6311] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6311] <... symlink resumed>) = 0 [pid 6310] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] getdents64(3, executing program [pid 6311] write(1, "executing program\n", 18 [pid 5831] newfstatat(3, "", [pid 5830] getdents64(4, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6311] <... write resumed>) = 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6311] memfd_create("syzkaller", 0) = 3 [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] close(4 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... close resumed>) = 0 [ 132.412202][ T6310] loop0: detected capacity change from 0 to 1024 [pid 6311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] rmdir("./94/file1" [pid 5831] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5831] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6310] <... mount resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6310] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6310] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = 0 [pid 6310] chdir("./file1" [pid 5831] getdents64(4, [pid 6310] <... chdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] unlink("./94/binderfs" [pid 5829] newfstatat(AT_FDCWD, "./92/file1", [pid 6311] <... write resumed>) = 524288 [pid 6310] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6310] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] getdents64(4, [pid 5830] getdents64(3, [pid 5829] umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 5829] openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6311] munmap(0x7ff1eb400000, 138412032 [pid 6310] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", [pid 5830] rmdir("./94" [pid 5831] close(4) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] rmdir("./84/file1" [pid 5830] mkdir("./95", 0777 [pid 5829] getdents64(4, [pid 6311] <... munmap resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6311] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] getdents64(4, [pid 6311] <... openat resumed>) = 4 [pid 5831] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6311] ioctl(4, LOOP_SET_FD, 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] close(4 [pid 6311] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6311] ioctl(4, LOOP_CLR_FD [pid 5830] close(3 [pid 5829] rmdir("./92/file1" [pid 5830] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... rmdir resumed>) = 0 [pid 6311] <... ioctl resumed>) = 0 [pid 5831] unlink("./84/binderfs"./strace-static-x86_64: Process 6312 attached ) = 0 [pid 5829] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6312] set_robust_list(0x5555934ed660, 24 [pid 6310] <... link resumed>) = 0 [pid 5831] getdents64(3, [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6312 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6312] <... set_robust_list resumed>) = 0 [pid 6311] ioctl(4, LOOP_SET_FD, 3 [pid 5829] newfstatat(AT_FDCWD, "./92/binderfs", [pid 6311] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6311] close(4 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6311] <... close resumed>) = 0 [pid 6310] sync( [pid 5831] close(3 [pid 6312] chdir("./95" [pid 6311] close(3 [pid 5831] <... close resumed>) = 0 [pid 5829] unlink("./92/binderfs" [pid 5831] rmdir("./84" [pid 6312] <... chdir resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 6312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] getdents64(3, [pid 6312] <... prctl resumed>) = 0 [pid 6311] <... close resumed>) = 0 [pid 5831] mkdir("./85", 0777) = 0 [pid 6312] setpgid(0, 0 [pid 6311] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6310] <... sync resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6312] <... setpgid resumed>) = 0 [pid 6311] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6310] exit_group(0 [pid 5831] <... openat resumed>) = 3 [pid 6312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6311] sync( [pid 5829] close(3 [pid 6312] <... openat resumed>) = 3 [pid 6310] <... exit_group resumed>) = ? [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... close resumed>) = 0 [pid 6312] write(3, "1000", 4) = 4 [pid 5831] <... ioctl resumed>) = 0 [pid 5829] rmdir("./92" [pid 6312] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 6312] <... close resumed>) = 0 [pid 5829] mkdir("./93", 0777 [pid 6312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] close(3 [pid 6312] write(1, "executing program\n", 18executing program [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6312] <... write resumed>) = 18 [pid 5831] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6312] memfd_create("syzkaller", 0 [pid 6310] +++ exited with 0 +++ [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6312] <... memfd_create resumed>) = 3 [pid 5829] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6313 attached [pid 6312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6311] <... sync resumed>) = 0 [pid 5829] close(3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6310, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6313] set_robust_list(0x5555934ed660, 24 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6313] <... set_robust_list resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6313] chdir("./85" [pid 6312] <... mmap resumed>) = 0x7ff1eb400000 [pid 6311] exit_group(0 [pid 6313] <... chdir resumed>) = 0 [pid 6313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6311] <... exit_group resumed>) = ? [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6313 [pid 5828] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6313] setpgid(0, 0 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6313] <... setpgid resumed>) = 0 [pid 6311] +++ exited with 0 +++ [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6314 attached [pid 6313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6311, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6313] <... openat resumed>) = 3 [pid 5832] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6314 [pid 6313] write(3, "1000", 4 [pid 5828] <... openat resumed>) = 3 [pid 6314] set_robust_list(0x5555934ed660, 24 [pid 6313] <... write resumed>) = 4 [pid 5828] newfstatat(3, "", [pid 6313] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6312] <... write resumed>) = 524288 [pid 5832] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(3, [pid 6313] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 6313] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6314] <... set_robust_list resumed>) = 0 [pid 6313] <... symlink resumed>) = 0 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 6314] chdir("./93" [pid 6313] write(1, "executing program\n", 18 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5832] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = -1 EINVAL (Invalid argument) [pid 6314] <... chdir resumed>) = 0 [pid 6313] <... write resumed>) = 18 [pid 6314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6314] <... prctl resumed>) = 0 [pid 6313] memfd_create("syzkaller", 0 [pid 5832] unlink("./93/binderfs" [pid 6312] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... unlink resumed>) = 0 [pid 6312] <... munmap resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./93") = 0 [pid 5832] mkdir("./94", 0777) = 0 [pid 6312] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6314] setpgid(0, 0 [pid 6313] <... memfd_create resumed>) = 3 [pid 6312] ioctl(4, LOOP_SET_FD, 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6314] <... setpgid resumed>) = 0 [pid 6313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6313] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] close(3 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5828] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", [pid 6313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6314] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6315 attached [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6315 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6315] set_robust_list(0x5555934ed660, 24 [pid 5828] close(4 [pid 6315] <... set_robust_list resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6315] chdir("./94" [pid 5828] rmdir("./93/file1") = 0 [pid 6315] <... chdir resumed>) = 0 [pid 6315] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6315] <... prctl resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6314] write(3, "1000", 4 [pid 6313] <... write resumed>) = 524288 [pid 6315] setpgid(0, 0 [pid 5828] newfstatat(AT_FDCWD, "./93/binderfs", [pid 6315] <... setpgid resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6314] <... write resumed>) = 4 [pid 5828] unlink("./93/binderfs" [pid 6315] <... openat resumed>) = 3 [pid 5828] <... unlink resumed>) = 0 [pid 6315] write(3, "1000", 4 [pid 5828] getdents64(3, [pid 6315] <... write resumed>) = 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 6315] close(3 [pid 5828] rmdir("./93"executing program [pid 6315] <... close resumed>) = 0 [pid 6314] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 6314] <... close resumed>) = 0 [pid 6312] <... ioctl resumed>) = 0 [pid 6315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6312] close(3) = 0 [pid 6312] close(4 [pid 5828] mkdir("./94", 0777 [pid 6315] write(1, "executing program\n", 18 [pid 6312] <... close resumed>) = 0 [pid 6315] <... write resumed>) = 18 [pid 6312] mkdir("./file1", 0777 [pid 6315] memfd_create("syzkaller", 0 [pid 6314] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... mkdir resumed>) = 0 executing program [pid 6314] <... symlink resumed>) = 0 [pid 6315] <... memfd_create resumed>) = 3 [pid 6314] write(1, "executing program\n", 18 [pid 6315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6312] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6315] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... openat resumed>) = 3 [pid 6315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6314] <... write resumed>) = 18 [pid 6313] munmap(0x7ff1eb400000, 138412032 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6312] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 6314] memfd_create("syzkaller", 0 [pid 6313] <... munmap resumed>) = 0 [pid 6314] <... memfd_create resumed>) = 3 [pid 6313] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6313] ioctl(4, LOOP_SET_FD, 3 [ 132.672100][ T6312] loop2: detected capacity change from 0 to 1024 [pid 6314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6315] <... write resumed>) = 524288 [pid 6314] <... write resumed>) = 524288 [pid 5828] <... close resumed>) = 0 [pid 6315] munmap(0x7ff1eb400000, 138412032 [pid 6314] munmap(0x7ff1eb400000, 138412032 [pid 6315] <... munmap resumed>) = 0 [pid 6314] <... munmap resumed>) = 0 [pid 6314] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6312] <... mount resumed>) = 0 [pid 6312] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6314] <... openat resumed>) = 4 [pid 6312] <... openat resumed>) = 3 [pid 6315] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6315] <... openat resumed>) = 4 [pid 6314] ioctl(4, LOOP_SET_FD, 3 [pid 6313] <... ioctl resumed>) = 0 [pid 6312] chdir("./file1"./strace-static-x86_64: Process 6316 attached [pid 6315] ioctl(4, LOOP_SET_FD, 3 [pid 6316] set_robust_list(0x5555934ed660, 24 [pid 6312] <... chdir resumed>) = 0 [pid 6313] close(3 [pid 6312] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6316] <... set_robust_list resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6316 [pid 6316] chdir("./94" [pid 6313] <... close resumed>) = 0 [pid 6312] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6316] <... chdir resumed>) = 0 [pid 6313] close(4 [pid 6314] <... ioctl resumed>) = 0 [pid 6312] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6316] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6313] <... close resumed>) = 0 [pid 6316] <... prctl resumed>) = 0 [pid 6313] mkdir("./file1", 0777 [pid 6316] setpgid(0, 0) = 0 [pid 6316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6313] <... mkdir resumed>) = 0 [pid 6316] write(3, "1000", 4) = 4 [pid 6313] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6316] close(3) = 0 [pid 6316] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6316] write(1, "executing program\n", 18) = 18 [pid 6316] memfd_create("syzkaller", 0) = 3 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6314] close(3 [pid 6316] <... mmap resumed>) = 0x7ff1eb400000 [pid 6314] <... close resumed>) = 0 [pid 6316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6315] <... ioctl resumed>) = 0 [pid 6314] close(4) = 0 [pid 6314] mkdir("./file1", 0777 [pid 6315] close(3 [pid 6314] <... mkdir resumed>) = 0 [pid 6315] <... close resumed>) = 0 [pid 6312] <... link resumed>) = 0 [pid 6315] close(4) = 0 [pid 6315] mkdir("./file1", 0777 [pid 6312] sync( [pid 6314] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6315] <... mkdir resumed>) = 0 [ 132.736430][ T6313] loop3: detected capacity change from 0 to 1024 [ 132.756231][ T6314] loop1: detected capacity change from 0 to 1024 [ 132.756731][ T6315] loop4: detected capacity change from 0 to 1024 [pid 6315] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6314] <... mount resumed>) = 0 [pid 6313] <... mount resumed>) = 0 [pid 6314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6314] chdir("./file1") = 0 [pid 6314] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6314] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6316] <... write resumed>) = 524288 [pid 6313] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6313] chdir("./file1") = 0 [pid 6316] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6313] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6314] <... link resumed>) = 0 [pid 6314] sync( [pid 6316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6316] ioctl(4, LOOP_SET_FD, 3 [pid 6313] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6316] <... ioctl resumed>) = 0 [pid 6315] <... mount resumed>) = 0 [pid 6315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6316] close(3) = 0 [pid 6316] close(4) = 0 [pid 6316] mkdir("./file1", 0777) = 0 [pid 6315] chdir("./file1" [pid 6313] <... link resumed>) = 0 [pid 6316] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6315] <... chdir resumed>) = 0 [pid 6313] sync( [pid 6315] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [ 132.856446][ T6316] loop0: detected capacity change from 0 to 1024 [pid 6315] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6315] sync( [pid 6316] <... mount resumed>) = 0 [pid 6316] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6312] <... sync resumed>) = 0 [pid 6314] <... sync resumed>) = 0 [pid 6316] <... openat resumed>) = 3 [pid 6314] exit_group(0 [pid 6312] exit_group(0 [pid 6314] <... exit_group resumed>) = ? [pid 6316] chdir("./file1") = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6316] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6314] +++ exited with 0 +++ [pid 6312] <... exit_group resumed>) = ? [pid 6312] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6312, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6314, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(3, "", [pid 6315] <... sync resumed>) = 0 [pid 6313] <... sync resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6315] exit_group(0 [pid 6313] exit_group(0 [pid 5830] getdents64(3, [pid 6315] <... exit_group resumed>) = ? [pid 6313] <... exit_group resumed>) = ? [pid 5829] <... openat resumed>) = 3 [pid 6315] +++ exited with 0 +++ [pid 6313] +++ exited with 0 +++ [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] newfstatat(3, "", [pid 6316] <... link resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6313, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6315, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] getdents64(3, [pid 5832] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6316] sync( [pid 5830] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5831] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6316] <... sync resumed>) = 0 [pid 5832] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6316] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./93/file1", [pid 6316] <... exit_group resumed>) = ? [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6316] +++ exited with 0 +++ [pid 5829] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./94/file1", [pid 5830] newfstatat(AT_FDCWD, "./95/file1", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6316, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] <... openat resumed>) = 4 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./93/file1") = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5828] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] unlink("./93/binderfs" [pid 5828] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(3, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] close(3 [pid 5828] getdents64(3, [pid 5832] openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5829] rmdir("./93" [pid 5828] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(4, "", [pid 5830] newfstatat(4, "", [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5830] getdents64(4, [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5831] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(4, [pid 5829] mkdir("./94", 0777 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 5831] newfstatat(AT_FDCWD, "./85/file1", [pid 5830] close(4 [pid 5829] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] rmdir("./94/file1" [pid 5830] <... close resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./95/file1" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5832] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./95/binderfs", [pid 5832] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5831] <... openat resumed>) = 4 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(4, "", [pid 5830] unlink("./95/binderfs" [pid 5828] newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 5832] unlink("./94/binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] close(3./strace-static-x86_64: Process 6317 attached [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 5830] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6317 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 5832] close(3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] rmdir("./95" [pid 5828] getdents64(4, [pid 6317] set_robust_list(0x5555934ed660, 24 [pid 5831] close(4 [pid 5830] <... rmdir resumed>) = 0 [pid 6317] <... set_robust_list resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] mkdir("./96", 0777 [pid 6317] chdir("./94") = 0 [pid 6317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6317] setpgid(0, 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6317] <... setpgid resumed>) = 0 [pid 6317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] rmdir("./85/file1" [pid 5830] <... openat resumed>) = 3 [pid 5832] rmdir("./94" [pid 6317] <... openat resumed>) = 3 [pid 6317] write(3, "1000", 4 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6317] <... write resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] getdents64(4, [pid 5830] close(3 [pid 5832] mkdir("./95", 0777 [pid 5830] <... close resumed>) = 0 [pid 6317] close(3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6317] <... close resumed>) = 0 [pid 5828] close(4 [pid 6317] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... close resumed>) = 0 [pid 6317] <... symlink resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] rmdir("./94/file1" [pid 6317] write(1, "executing program\n", 18 [pid 5828] <... rmdir resumed>) = 0 [pid 6317] <... write resumed>) = 18 [pid 5828] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6318 attached [pid 6317] memfd_create("syzkaller", 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6318] set_robust_list(0x5555934ed660, 24 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6318 [pid 5828] newfstatat(AT_FDCWD, "./94/binderfs", [pid 6318] <... set_robust_list resumed>) = 0 [pid 6317] <... memfd_create resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6318] chdir("./96" [pid 6317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5828] unlink("./94/binderfs" [pid 6318] <... chdir resumed>) = 0 [pid 6317] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] close(3 [pid 6318] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... close resumed>) = 0 [pid 5831] unlink("./85/binderfs" [pid 5828] <... unlink resumed>) = 0 [pid 6318] <... prctl resumed>) = 0 [pid 6317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... unlink resumed>) = 0 [pid 6318] setpgid(0, 0./strace-static-x86_64: Process 6319 attached ) = 0 [pid 6317] <... write resumed>) = 524288 [pid 5831] getdents64(3, [pid 5828] getdents64(3, [pid 6319] set_robust_list(0x5555934ed660, 24 [pid 6317] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6319] <... set_robust_list resumed>) = 0 [pid 6317] <... munmap resumed>) = 0 [pid 5828] close(3 [pid 6319] chdir("./95" [pid 6318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... close resumed>) = 0 [pid 6319] <... chdir resumed>) = 0 [pid 6318] <... openat resumed>) = 3 [pid 6317] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] close(3 [pid 5828] rmdir("./94" [pid 6319] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6318] write(3, "1000", 4 [pid 6317] <... openat resumed>) = 4 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6319 [pid 5831] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6319] <... prctl resumed>) = 0 [pid 6319] setpgid(0, 0) = 0 [pid 6317] ioctl(4, LOOP_SET_FD, 3 [pid 6319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] rmdir("./85" [pid 6318] <... write resumed>) = 4 [pid 5828] mkdir("./95", 0777 [pid 6318] close(3) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 6319] <... openat resumed>) = 3 [pid 6319] write(3, "1000", 4) = 4 [pid 6319] close(3) = 0 [pid 6319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6318] symlink("/dev/binderfs", "./binderfs" [pid 5831] mkdir("./86", 0777 [pid 6318] <... symlink resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5831] <... mkdir resumed>) = 0 executing program [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6318] write(1, "executing program\n", 18) = 18 [pid 5831] <... openat resumed>) = 3 [pid 5828] <... ioctl resumed>) = 0 executing program [pid 6319] write(1, "executing program\n", 18 [pid 6318] memfd_create("syzkaller", 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] close(3 [pid 6319] <... write resumed>) = 18 [pid 6318] <... memfd_create resumed>) = 3 [pid 5831] <... ioctl resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6319] memfd_create("syzkaller", 0) = 3 [pid 6319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5831] close(3 [pid 6319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6317] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6318] <... mmap resumed>) = 0x7ff1eb400000 [pid 6317] close(3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6317] <... close resumed>) = 0 [pid 6317] close(4) = 0 [pid 6317] mkdir("./file1", 0777./strace-static-x86_64: Process 6320 attached ) = 0 ./strace-static-x86_64: Process 6321 attached [pid 6320] set_robust_list(0x5555934ed660, 24 [pid 6317] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6320 [pid 6320] <... set_robust_list resumed>) = 0 [ 133.158933][ T6317] loop1: detected capacity change from 0 to 1024 [pid 6321] set_robust_list(0x5555934ed660, 24 [pid 6320] chdir("./86" [pid 6321] <... set_robust_list resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6321 [pid 6318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6321] chdir("./95" [pid 6320] <... chdir resumed>) = 0 [pid 6317] <... mount resumed>) = 0 [pid 6321] <... chdir resumed>) = 0 [pid 6320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6320] <... prctl resumed>) = 0 [pid 6317] <... openat resumed>) = 3 [pid 6321] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6317] chdir("./file1" [pid 6321] <... prctl resumed>) = 0 [pid 6317] <... chdir resumed>) = 0 [pid 6321] setpgid(0, 0 [pid 6317] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6321] <... setpgid resumed>) = 0 [pid 6320] setpgid(0, 0 [pid 6317] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6317] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6320] <... setpgid resumed>) = 0 [pid 6320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6319] <... write resumed>) = 524288 [pid 6321] <... openat resumed>) = 3 [pid 6320] <... openat resumed>) = 3 [pid 6319] munmap(0x7ff1eb400000, 138412032 [pid 6321] write(3, "1000", 4 [pid 6320] write(3, "1000", 4 [pid 6321] <... write resumed>) = 4 [pid 6321] close(3 [pid 6320] <... write resumed>) = 4 [pid 6319] <... munmap resumed>) = 0 [pid 6318] <... write resumed>) = 524288 [pid 6321] <... close resumed>) = 0 executing program [pid 6321] symlink("/dev/binderfs", "./binderfs" [pid 6319] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6321] <... symlink resumed>) = 0 [pid 6319] <... openat resumed>) = 4 [pid 6321] write(1, "executing program\n", 18 [pid 6319] ioctl(4, LOOP_SET_FD, 3 [pid 6321] <... write resumed>) = 18 [pid 6320] close(3 [pid 6318] munmap(0x7ff1eb400000, 138412032 [pid 6317] <... link resumed>) = 0 [pid 6320] <... close resumed>) = 0 [pid 6321] memfd_create("syzkaller", 0 [pid 6317] sync( [pid 6321] <... memfd_create resumed>) = 3 [pid 6321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6320] symlink("/dev/binderfs", "./binderfs" [pid 6319] <... ioctl resumed>) = 0 [pid 6318] <... munmap resumed>) = 0 [pid 6318] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6321] <... write resumed>) = 524288 [pid 6320] <... symlink resumed>) = 0 [pid 6318] <... openat resumed>) = 4 [pid 6319] close(3executing program [pid 6320] write(1, "executing program\n", 18 [pid 6319] <... close resumed>) = 0 [pid 6318] ioctl(4, LOOP_SET_FD, 3 [pid 6320] <... write resumed>) = 18 [pid 6319] close(4) = 0 [pid 6320] memfd_create("syzkaller", 0 [pid 6319] mkdir("./file1", 0777) = 0 [pid 6320] <... memfd_create resumed>) = 3 [pid 6320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6319] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6320] <... mmap resumed>) = 0x7ff1eb400000 [pid 6317] <... sync resumed>) = 0 [pid 6317] exit_group(0) = ? [pid 6317] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6317, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6321] munmap(0x7ff1eb400000, 138412032 [pid 6320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6321] <... munmap resumed>) = 0 [pid 6319] <... mount resumed>) = 0 [pid 5829] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6321] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6319] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6319] <... openat resumed>) = 3 [ 133.254744][ T6319] loop4: detected capacity change from 0 to 1024 [ 133.293392][ T6318] loop2: detected capacity change from 0 to 1024 [pid 5829] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6321] <... openat resumed>) = 4 [pid 6318] <... ioctl resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6321] ioctl(4, LOOP_SET_FD, 3 [pid 5829] newfstatat(3, "", [pid 6321] <... ioctl resumed>) = 0 [pid 6320] <... write resumed>) = 524288 [pid 6319] chdir("./file1" [pid 6318] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6318] <... close resumed>) = 0 [pid 6321] close(3 [pid 6319] <... chdir resumed>) = 0 [pid 6318] close(4 [pid 6321] <... close resumed>) = 0 [pid 6320] munmap(0x7ff1eb400000, 138412032 [pid 6319] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6318] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 6321] close(4 [pid 6320] <... munmap resumed>) = 0 [pid 6319] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6318] mkdir("./file1", 0777 [pid 6321] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6318] <... mkdir resumed>) = 0 [pid 5829] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6321] mkdir("./file1", 0777) = 0 [pid 6319] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6318] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6321] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6320] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6320] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./94/file1", [pid 6318] <... mount resumed>) = 0 [pid 6319] <... link resumed>) = 0 [pid 6318] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6318] <... openat resumed>) = 3 [pid 5829] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6321] <... mount resumed>) = 0 [pid 6321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6321] <... openat resumed>) = 3 [pid 6319] sync( [pid 5829] openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6321] chdir("./file1" [pid 6320] <... ioctl resumed>) = 0 [ 133.332515][ T6321] loop0: detected capacity change from 0 to 1024 [ 133.350223][ T6320] loop3: detected capacity change from 0 to 1024 [pid 5829] <... openat resumed>) = 4 [pid 6321] <... chdir resumed>) = 0 [pid 6318] chdir("./file1" [pid 6320] close(3 [pid 6318] <... chdir resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 6321] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6318] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6321] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] getdents64(4, [pid 6321] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6320] <... close resumed>) = 0 [pid 6318] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6320] close(4 [pid 5829] getdents64(4, [pid 6320] <... close resumed>) = 0 [pid 6320] mkdir("./file1", 0777 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6320] <... mkdir resumed>) = 0 [pid 6318] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] close(4) = 0 [pid 6320] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] rmdir("./94/file1") = 0 [pid 5829] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6321] <... link resumed>) = 0 [pid 6321] sync( [pid 5829] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./94/binderfs") = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./94" [pid 6320] <... mount resumed>) = 0 [pid 6319] <... sync resumed>) = 0 [pid 6318] <... link resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./95", 0777 [pid 6320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6319] exit_group(0 [pid 6320] <... openat resumed>) = 3 [pid 6319] <... exit_group resumed>) = ? [pid 6320] chdir("./file1" [pid 6319] +++ exited with 0 +++ [pid 6318] sync( [pid 5829] <... mkdir resumed>) = 0 [pid 6320] <... chdir resumed>) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6319, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6320] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6320] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", [pid 6320] <... link resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6320] sync( [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... openat resumed>) = 3 [pid 5832] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 6321] <... sync resumed>) = 0 [pid 5829] close(3 [pid 6321] exit_group(0 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6321] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6322 attached [pid 6321] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6321, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6322] set_robust_list(0x5555934ed660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6322 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6322] <... set_robust_list resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6322] chdir("./95" [pid 6318] <... sync resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6320] <... sync resumed>) = 0 [pid 5832] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6320] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6320] <... exit_group resumed>) = ? [pid 5832] newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6318] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6322] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... openat resumed>) = 4 [pid 6322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6320] +++ exited with 0 +++ [pid 6318] <... exit_group resumed>) = ? [pid 5832] newfstatat(4, "", [pid 5828] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6322] <... prctl resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6320, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] getdents64(4, [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6322] setpgid(0, 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6322] <... setpgid resumed>) = 0 [pid 6322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6318] +++ exited with 0 +++ [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] newfstatat(3, "", [pid 5831] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6318, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6322] <... openat resumed>) = 3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] close(4 [pid 5831] <... openat resumed>) = 3 [pid 5828] getdents64(3, [pid 6322] write(3, "1000", 4 [pid 5832] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5832] rmdir("./95/file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6322] <... write resumed>) = 4 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] getdents64(3, [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./95/binderfs" [pid 6322] close(3 [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5828] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6322] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6322] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5830] getdents64(3, [pid 6322] <... symlink resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 executing program [pid 5831] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6322] write(1, "executing program\n", 18 [pid 5832] close(3 [pid 5830] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6322] <... write resumed>) = 18 [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6322] memfd_create("syzkaller", 0 [pid 5831] newfstatat(AT_FDCWD, "./86/file1", [pid 6322] <... memfd_create resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] rmdir("./95" [pid 5831] umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] mkdir("./96", 0777) = 0 [pid 5831] getdents64(4, [pid 5830] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(4 [pid 5830] newfstatat(AT_FDCWD, "./96/file1", [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./86/file1" [pid 5830] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5828] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... ioctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3 [pid 5831] newfstatat(AT_FDCWD, "./86/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] newfstatat(AT_FDCWD, "./95/file1", ./strace-static-x86_64: Process 6323 attached [pid 5831] unlink("./86/binderfs" [pid 5830] getdents64(4, [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6323 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5831] getdents64(3, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 6323] set_robust_list(0x5555934ed660, 24 [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 6323] <... set_robust_list resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] rmdir("./96/file1" [pid 6323] chdir("./96" [pid 5831] rmdir("./86" [pid 5830] <... rmdir resumed>) = 0 [pid 5828] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6323] <... chdir resumed>) = 0 [pid 6322] <... write resumed>) = 524288 [pid 5828] newfstatat(4, "", [pid 6323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6323] setpgid(0, 0 [pid 5830] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6323] <... setpgid resumed>) = 0 [pid 5830] unlink("./96/binderfs" [pid 6323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6322] munmap(0x7ff1eb400000, 138412032 [pid 5831] mkdir("./87", 0777 [pid 5830] <... unlink resumed>) = 0 [pid 5828] getdents64(4, [pid 6322] <... munmap resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] getdents64(3, [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6323] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5828] close(4 [pid 5830] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] rmdir("./96" [pid 5828] rmdir("./95/file1" [pid 6323] write(3, "1000", 4 [pid 6322] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6323] <... write resumed>) = 4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] mkdir("./97", 0777 [pid 6322] <... openat resumed>) = 4 [pid 6323] close(3 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6323] <... close resumed>) = 0 [pid 5831] close(3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6323] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./95/binderfs", [pid 6323] <... symlink resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6324 attached [pid 6323] write(1, "executing program\n", 18executing program [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6323] <... write resumed>) = 18 [pid 6322] ioctl(4, LOOP_SET_FD, 3 [pid 6324] set_robust_list(0x5555934ed660, 24 [pid 6323] memfd_create("syzkaller", 0 [pid 6322] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... ioctl resumed>) = 0 [pid 5828] unlink("./95/binderfs" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6324 [pid 6324] <... set_robust_list resumed>) = 0 [pid 6324] chdir("./87") = 0 [pid 6324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6324] setpgid(0, 0) = 0 [pid 6324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] close(3) = 0 [pid 6324] <... openat resumed>) = 3 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6324] write(3, "1000", 4./strace-static-x86_64: Process 6325 attached ) = 4 [pid 6323] <... memfd_create resumed>) = 3 [pid 6322] ioctl(4, LOOP_CLR_FD [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6325 [pid 5828] <... unlink resumed>) = 0 [pid 6324] close(3 [pid 6323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6324] <... close resumed>) = 0 [pid 6323] <... mmap resumed>) = 0x7ff1eb400000 [pid 6325] set_robust_list(0x5555934ed660, 24 [pid 6324] symlink("/dev/binderfs", "./binderfs" [pid 6323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6322] <... ioctl resumed>) = 0 [pid 5828] getdents64(3, [pid 6325] <... set_robust_list resumed>) = 0 [pid 6324] <... symlink resumed>) = 0 [pid 6324] write(1, "executing program\n", 18 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6324] <... write resumed>) = 18 executing program [pid 6325] chdir("./97" [pid 6324] memfd_create("syzkaller", 0 [pid 5828] close(3 [pid 6325] <... chdir resumed>) = 0 [pid 6324] <... memfd_create resumed>) = 3 [pid 6322] ioctl(4, LOOP_SET_FD, 3 [pid 6325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6322] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... close resumed>) = 0 [pid 6325] <... prctl resumed>) = 0 [pid 6322] close(4 [pid 5828] rmdir("./95" [pid 6324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] <... rmdir resumed>) = 0 [pid 6325] setpgid(0, 0 [pid 5828] mkdir("./96", 0777 [pid 6325] <... setpgid resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... openat resumed>) = 3 [pid 6325] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6323] <... write resumed>) = 524288 [pid 6325] write(3, "1000", 4 [pid 6324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6322] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6325] <... write resumed>) = 4 [pid 5828] close(3 [pid 6325] close(3 [pid 5828] <... close resumed>) = 0 [pid 6325] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6326 attached [pid 6325] symlink("/dev/binderfs", "./binderfs" [pid 6323] munmap(0x7ff1eb400000, 138412032 [pid 6325] <... symlink resumed>) = 0 [pid 6323] <... munmap resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6326 [pid 6323] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6326] set_robust_list(0x5555934ed660, 24) = 0 [pid 6325] write(1, "executing program\n", 18 [pid 6326] chdir("./96" [pid 6323] <... openat resumed>) = 4 executing program [pid 6326] <... chdir resumed>) = 0 [pid 6325] <... write resumed>) = 18 [pid 6323] ioctl(4, LOOP_SET_FD, 3 [pid 6322] close(3 [pid 6324] <... write resumed>) = 524288 [pid 6325] memfd_create("syzkaller", 0 [pid 6324] munmap(0x7ff1eb400000, 138412032 [pid 6326] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6325] <... memfd_create resumed>) = 3 [pid 6323] <... ioctl resumed>) = 0 [pid 6322] <... close resumed>) = 0 [pid 6324] <... munmap resumed>) = 0 [pid 6326] <... prctl resumed>) = 0 [pid 6326] setpgid(0, 0 [pid 6325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6324] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6326] <... setpgid resumed>) = 0 [pid 6325] <... mmap resumed>) = 0x7ff1eb400000 [pid 6323] close(3) = 0 [pid 6323] close(4 [pid 6326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6323] <... close resumed>) = 0 [pid 6323] mkdir("./file1", 0777 [pid 6326] <... openat resumed>) = 3 [pid 6326] write(3, "1000", 4 [pid 6322] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6323] <... mkdir resumed>) = 0 [pid 6323] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6326] <... write resumed>) = 4 [pid 6325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6322] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6326] close(3) = 0 [pid 6322] sync( [pid 6326] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6326] write(1, "executing program\n", 18) = 18 [pid 6326] memfd_create("syzkaller", 0 [pid 6323] <... mount resumed>) = 0 [pid 6323] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6326] <... memfd_create resumed>) = 3 [pid 6324] <... openat resumed>) = 4 [pid 6323] <... openat resumed>) = 3 [pid 6323] chdir("./file1" [pid 6324] ioctl(4, LOOP_SET_FD, 3 [pid 6323] <... chdir resumed>) = 0 [pid 6326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6325] <... write resumed>) = 524288 [pid 6326] <... mmap resumed>) = 0x7ff1eb400000 [pid 6325] munmap(0x7ff1eb400000, 138412032 [pid 6323] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6325] <... munmap resumed>) = 0 [pid 6323] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6323] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6322] <... sync resumed>) = 0 [ 133.719300][ T6323] loop4: detected capacity change from 0 to 1024 [ 133.758965][ T6324] loop3: detected capacity change from 0 to 1024 [pid 6325] ioctl(4, LOOP_SET_FD, 3 [pid 6323] <... link resumed>) = 0 [pid 6322] exit_group(0 [pid 6323] sync( [pid 6324] <... ioctl resumed>) = 0 [pid 6324] close(3) = 0 [pid 6324] close(4) = 0 [pid 6324] mkdir("./file1", 0777) = 0 [pid 6323] <... sync resumed>) = 0 [pid 6323] exit_group(0 [pid 6325] <... ioctl resumed>) = 0 [pid 6322] <... exit_group resumed>) = ? [pid 6323] <... exit_group resumed>) = ? [pid 6324] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6322] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6322, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6326] <... write resumed>) = 524288 [pid 6323] +++ exited with 0 +++ [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6323, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6326] munmap(0x7ff1eb400000, 138412032 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... restart_syscall resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6324] <... mount resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 6326] <... munmap resumed>) = 0 [pid 6326] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6326] <... openat resumed>) = 4 [pid 6324] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6326] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6324] chdir("./file1") = 0 [pid 5832] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6324] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6324] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6325] close(3 [pid 5829] getdents64(3, [pid 6325] <... close resumed>) = 0 [pid 6324] <... link resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6326] <... ioctl resumed>) = 0 [pid 6325] close(4 [pid 6324] sync( [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6325] <... close resumed>) = 0 [pid 5829] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6326] close(3 [pid 6325] mkdir("./file1", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./95/binderfs", [pid 6326] <... close resumed>) = 0 [pid 6325] <... mkdir resumed>) = 0 [pid 5832] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6326] close(4 [ 133.790170][ T6325] loop2: detected capacity change from 0 to 1024 [ 133.824072][ T6326] loop0: detected capacity change from 0 to 1024 [pid 5829] unlink("./95/binderfs" [pid 6326] <... close resumed>) = 0 [pid 6325] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... unlink resumed>) = 0 [pid 6326] mkdir("./file1", 0777 [pid 5829] getdents64(3, [pid 6326] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] newfstatat(AT_FDCWD, "./96/file1", [pid 5829] close(3 [pid 6326] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./95" [pid 5832] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] mkdir("./96", 0777 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5832] getdents64(4, [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6326] <... mount resumed>) = 0 [pid 5832] getdents64(4, [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6326] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] close(4 [pid 5829] close(3 [pid 6326] <... openat resumed>) = 3 [pid 6325] <... mount resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6326] chdir("./file1" [pid 6325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] rmdir("./96/file1" [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6325] <... openat resumed>) = 3 [pid 6324] <... sync resumed>) = 0 [pid 6326] <... chdir resumed>) = 0 [pid 6325] chdir("./file1" [pid 5832] <... rmdir resumed>) = 0 [pid 6326] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6325] <... chdir resumed>) = 0 [pid 6324] exit_group(0./strace-static-x86_64: Process 6327 attached [pid 6326] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6326] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./96/binderfs", [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6327 [pid 6327] set_robust_list(0x5555934ed660, 24 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6327] <... set_robust_list resumed>) = 0 [pid 5832] unlink("./96/binderfs" [pid 6327] chdir("./96" [pid 6325] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6324] <... exit_group resumed>) = ? [pid 5832] <... unlink resumed>) = 0 [pid 6327] <... chdir resumed>) = 0 [pid 6327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6327] setpgid(0, 0 [pid 5832] getdents64(3, [pid 6327] <... setpgid resumed>) = 0 [pid 6327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6325] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6324] +++ exited with 0 +++ [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6327] <... openat resumed>) = 3 [pid 6326] <... link resumed>) = 0 [pid 6325] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] close(3 [pid 6327] write(3, "1000", 4 [pid 5832] <... close resumed>) = 0 [pid 6327] <... write resumed>) = 4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6324, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6327] close(3 [pid 5832] rmdir("./96" [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6327] <... close resumed>) = 0 [pid 6327] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6326] sync( [pid 6327] <... symlink resumed>) = 0 executing program [pid 6327] write(1, "executing program\n", 18 [pid 5832] mkdir("./97", 0777 [pid 6327] <... write resumed>) = 18 [pid 5831] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6327] memfd_create("syzkaller", 0 [pid 5831] <... openat resumed>) = 3 [pid 6327] <... memfd_create resumed>) = 3 [pid 6325] <... link resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6325] sync( [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6327] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] getdents64(3, [pid 6327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6326] <... sync resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6326] exit_group(0) = ? [pid 5832] <... openat resumed>) = 3 [pid 6326] +++ exited with 0 +++ [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6326, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6327] <... write resumed>) = 524288 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 6327] munmap(0x7ff1eb400000, 138412032 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... umount2 resumed>) = 0 [pid 6327] <... munmap resumed>) = 0 [pid 5831] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6328 attached ) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./96/file1", [pid 6327] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6328 [pid 5831] newfstatat(AT_FDCWD, "./87/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6327] <... openat resumed>) = 4 [pid 6328] set_robust_list(0x5555934ed660, 24 [pid 6327] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6328] <... set_robust_list resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6328] chdir("./97" [pid 5828] openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6328] <... chdir resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] newfstatat(4, "", [pid 6328] <... prctl resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6328] setpgid(0, 0 [pid 5828] getdents64(4, [pid 6328] <... setpgid resumed>) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6325] <... sync resumed>) = 0 [pid 5831] umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6325] exit_group(0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 6328] write(3, "1000", 4 [pid 6325] <... exit_group resumed>) = ? [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6328] <... write resumed>) = 4 [pid 6325] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] close(4 [pid 6328] close(3 [pid 5828] <... close resumed>) = 0 [pid 6328] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6325, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6328] symlink("/dev/binderfs", "./binderfs" [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5828] rmdir("./96/file1" [pid 6328] <... symlink resumed>) = 0 [pid 6327] <... ioctl resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5828] <... rmdir resumed>) = 0 [pid 6327] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 6327] <... close resumed>) = 0 [pid 5831] getdents64(4, [pid 6327] close(4executing program [pid 6328] write(1, "executing program\n", 18 [pid 6327] <... close resumed>) = 0 [pid 5828] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6327] mkdir("./file1", 0777 [pid 5830] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6328] <... write resumed>) = 18 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6328] memfd_create("syzkaller", 0 [pid 5828] newfstatat(AT_FDCWD, "./96/binderfs", [pid 6328] <... memfd_create resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./96/binderfs" [pid 5831] getdents64(4, [pid 5830] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6327] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5828] <... unlink resumed>) = 0 [pid 6327] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] close(4 [pid 5830] newfstatat(3, "", [pid 6328] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 5831] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 5831] rmdir("./87/file1" [pid 6328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5828] close(3) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] rmdir("./96" [pid 5831] unlink("./87/binderfs" [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5828] mkdir("./97", 0777 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... mkdir resumed>) = 0 [ 134.054282][ T6327] loop1: detected capacity change from 0 to 1024 [pid 5831] close(3) = 0 [pid 5831] rmdir("./87" [pid 5830] <... umount2 resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6327] <... mount resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6327] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] mkdir("./88", 0777 [pid 5830] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] <... mkdir resumed>) = 0 [pid 6327] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./97/file1", [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6328] <... write resumed>) = 524288 [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6330 attached ./strace-static-x86_64: Process 6329 attached [pid 6327] chdir("./file1" [pid 5830] <... openat resumed>) = 4 [pid 6327] <... chdir resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6330 [pid 5830] newfstatat(4, "", [pid 6329] set_robust_list(0x5555934ed660, 24 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6329 [pid 5830] getdents64(4, [pid 6329] <... set_robust_list resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6330] set_robust_list(0x5555934ed660, 24 [pid 5830] getdents64(4, [pid 6329] chdir("./97" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 6329] <... chdir resumed>) = 0 [pid 6328] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... close resumed>) = 0 [pid 6330] <... set_robust_list resumed>) = 0 [pid 6329] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6328] <... munmap resumed>) = 0 [pid 5830] rmdir("./97/file1" [pid 6329] <... prctl resumed>) = 0 [pid 6329] setpgid(0, 0 [pid 6327] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... rmdir resumed>) = 0 [pid 6329] <... setpgid resumed>) = 0 [pid 6329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6328] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6329] <... openat resumed>) = 3 [pid 6328] <... openat resumed>) = 4 [pid 6330] chdir("./88" [pid 6328] ioctl(4, LOOP_SET_FD, 3 [pid 6327] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6330] <... chdir resumed>) = 0 [pid 6329] write(3, "1000", 4 [pid 6330] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6327] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6329] <... write resumed>) = 4 [pid 6329] close(3) = 0 [pid 6330] <... prctl resumed>) = 0 [pid 6329] symlink("/dev/binderfs", "./binderfs" [pid 5830] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6330] setpgid(0, 0 [pid 6329] <... symlink resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6330] <... setpgid resumed>) = 0 [pid 6329] write(1, "executing program\n", 18 [pid 5830] unlink("./97/binderfs" [pid 6329] <... write resumed>) = 18 [pid 6330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6329] memfd_create("syzkaller", 0 [pid 5830] <... unlink resumed>) = 0 [pid 6330] <... openat resumed>) = 3 [pid 6329] <... memfd_create resumed>) = 3 [pid 5830] getdents64(3, [pid 6330] write(3, "1000", 4) = 4 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 6330] close(3 [pid 5830] rmdir("./97" [pid 6330] <... close resumed>) = 0 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6330] symlink("/dev/binderfs", "./binderfs" [pid 6329] <... mmap resumed>) = 0x7ff1eb400000 [pid 6330] <... symlink resumed>) = 0 executing program [pid 6329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6330] write(1, "executing program\n", 18 [pid 6328] <... ioctl resumed>) = 0 [pid 6327] <... link resumed>) = 0 [pid 5830] mkdir("./98", 0777 [pid 6330] <... write resumed>) = 18 [pid 6330] memfd_create("syzkaller", 0 [pid 6329] <... write resumed>) = 524288 [pid 6327] sync( [pid 5830] <... mkdir resumed>) = 0 [pid 6330] <... memfd_create resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6328] close(3 [pid 5830] <... openat resumed>) = 3 [pid 6330] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6328] <... close resumed>) = 0 [pid 6328] close(4) = 0 [ 134.153183][ T6328] loop4: detected capacity change from 0 to 1024 [pid 6328] mkdir("./file1", 0777 [pid 5830] <... ioctl resumed>) = 0 [pid 6328] <... mkdir resumed>) = 0 [pid 5830] close(3 [pid 6328] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6329] munmap(0x7ff1eb400000, 138412032 [pid 6327] <... sync resumed>) = 0 [pid 6330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6327] exit_group(0 [pid 5830] <... close resumed>) = 0 [pid 6327] <... exit_group resumed>) = ? [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6329] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6331 attached [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6331] set_robust_list(0x5555934ed660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6331 [pid 6331] <... set_robust_list resumed>) = 0 [pid 6329] <... openat resumed>) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3 [pid 6331] chdir("./98" [pid 6327] +++ exited with 0 +++ [pid 6331] <... chdir resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6327, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6330] <... write resumed>) = 524288 [pid 6331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6331] setpgid(0, 0 [pid 6330] munmap(0x7ff1eb400000, 138412032 [pid 5829] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6331] <... setpgid resumed>) = 0 [pid 6331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6331] <... openat resumed>) = 3 [pid 6330] <... munmap resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6331] write(3, "1000", 4 [pid 6330] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... openat resumed>) = 3 [pid 6331] <... write resumed>) = 4 [pid 6331] close(3 [pid 6328] <... mount resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 6331] <... close resumed>) = 0 [pid 6330] <... openat resumed>) = 4 [pid 6328] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6331] symlink("/dev/binderfs", "./binderfs" [pid 6330] ioctl(4, LOOP_SET_FD, 3 [pid 6331] <... symlink resumed>) = 0 [pid 6328] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6328] chdir("./file1") = 0 [pid 6331] write(1, "executing program\n", 18 [pid 6328] openat(AT_FDCWD, "/dev/loop4", O_RDWRexecuting program [pid 6331] <... write resumed>) = 18 [pid 6329] <... ioctl resumed>) = 0 [pid 6328] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6331] memfd_create("syzkaller", 0 [pid 6330] <... ioctl resumed>) = 0 [pid 6328] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6329] close(3) = 0 [pid 6329] close(4) = 0 [pid 6329] mkdir("./file1", 0777) = 0 [pid 6330] close(3 [pid 6329] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... umount2 resumed>) = 0 [pid 6331] <... memfd_create resumed>) = 3 [pid 6330] <... close resumed>) = 0 [pid 6331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6328] <... link resumed>) = 0 [pid 6331] <... mmap resumed>) = 0x7ff1eb400000 [pid 6330] close(4 [pid 6328] sync( [pid 5829] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6330] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6330] mkdir("./file1", 0777 [pid 5829] newfstatat(AT_FDCWD, "./96/file1", [pid 6330] <... mkdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 134.242797][ T6329] loop0: detected capacity change from 0 to 1024 [ 134.261551][ T6330] loop3: detected capacity change from 0 to 1024 [pid 5829] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./96/file1" [pid 6330] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... rmdir resumed>) = 0 [pid 6331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6329] <... mount resumed>) = 0 [pid 6329] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6329] chdir("./file1" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6329] <... chdir resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] unlink("./96/binderfs" [pid 6329] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6329] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./96") = 0 [pid 6331] <... write resumed>) = 524288 [pid 5829] mkdir("./97", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6331] munmap(0x7ff1eb400000, 138412032 [pid 6330] <... mount resumed>) = 0 [pid 6329] <... link resumed>) = 0 [pid 6328] <... sync resumed>) = 0 [pid 6329] sync( [pid 5829] <... openat resumed>) = 3 [pid 6331] <... munmap resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6331] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6328] exit_group(0 [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 6330] <... openat resumed>) = 3 [pid 6328] <... exit_group resumed>) = ? [pid 5829] <... close resumed>) = 0 [pid 6330] chdir("./file1" [pid 6329] <... sync resumed>) = 0 [pid 6328] +++ exited with 0 +++ [pid 6330] <... chdir resumed>) = 0 [pid 6330] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6329] exit_group(0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6328, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6331] <... openat resumed>) = 4 [pid 6330] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6329] <... exit_group resumed>) = ? [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6329] +++ exited with 0 +++ [pid 5832] <... restart_syscall resumed>) = 0 [pid 6330] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6331] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6332 attached [pid 5832] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6332 [pid 6332] set_robust_list(0x5555934ed660, 24 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6329, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6332] <... set_robust_list resumed>) = 0 [pid 5828] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] chdir("./97" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6332] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 5828] newfstatat(3, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6331] <... ioctl resumed>) = 0 [pid 6332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6330] <... link resumed>) = 0 [pid 5828] getdents64(3, [pid 6332] <... prctl resumed>) = 0 [pid 6330] sync( [pid 5832] <... umount2 resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] setpgid(0, 0 [pid 5832] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] <... setpgid resumed>) = 0 [pid 6331] close(3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6331] <... close resumed>) = 0 [pid 6332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] newfstatat(AT_FDCWD, "./97/file1", [pid 6331] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6331] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 134.394580][ T6331] loop2: detected capacity change from 0 to 1024 [pid 6331] mkdir("./file1", 0777) = 0 [pid 5832] openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6332] <... openat resumed>) = 3 [pid 6331] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6332] write(3, "1000", 4 [pid 5832] getdents64(4, [pid 6332] <... write resumed>) = 4 [pid 6332] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6332] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 6332] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6332] <... symlink resumed>) = 0 [pid 6331] <... mount resumed>) = 0 [pid 5832] close(4 [pid 5828] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] write(1, "executing program\n", 18 [pid 6331] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6330] <... sync resumed>) = 0 [pid 5832] <... close resumed>) = 0 executing program [pid 6331] <... openat resumed>) = 3 [pid 6332] <... write resumed>) = 18 [pid 6330] exit_group(0 [pid 5832] rmdir("./97/file1" [pid 6331] chdir("./file1") = 0 [pid 6332] memfd_create("syzkaller", 0 [pid 6331] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6330] <... exit_group resumed>) = ? [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6331] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6331] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] <... memfd_create resumed>) = 3 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6332] <... mmap resumed>) = 0x7ff1eb400000 [pid 6330] +++ exited with 0 +++ [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] unlink("./97/binderfs" [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6330, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5832] getdents64(3, [pid 5828] newfstatat(4, "", [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6331] <... link resumed>) = 0 [pid 5832] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 6331] sync( [pid 5832] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] rmdir("./97" [pid 5831] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] newfstatat(3, "", [pid 6332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 5832] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./97/file1") = 0 [pid 6332] <... write resumed>) = 524288 [pid 5832] mkdir("./98", 0777 [pid 5831] <... umount2 resumed>) = 0 [pid 6331] <... sync resumed>) = 0 [pid 5828] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6331] exit_group(0) = ? [pid 5832] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6331] +++ exited with 0 +++ [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./88/file1", [pid 5828] unlink("./97/binderfs" [pid 5832] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6331, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5828] <... unlink resumed>) = 0 [pid 5831] umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5828] getdents64(3, [pid 6332] munmap(0x7ff1eb400000, 138412032 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6332] <... munmap resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] close(3 [pid 5831] close(4 [pid 5832] close(3 [pid 5828] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./88/file1" [pid 5830] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5828] rmdir("./97" [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5831] newfstatat(AT_FDCWD, "./88/binderfs", [pid 5830] newfstatat(3, "", [pid 6332] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] unlink("./88/binderfs" [pid 5830] getdents64(3, ./strace-static-x86_64: Process 6333 attached [pid 6332] <... openat resumed>) = 4 [pid 5831] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] mkdir("./98", 0777 [pid 6333] set_robust_list(0x5555934ed660, 24 [pid 6332] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6333 [pid 5831] getdents64(3, [pid 5830] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... mkdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6333] <... set_robust_list resumed>) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./88" [pid 6333] chdir("./98" [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./89", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6333] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6334 attached [pid 6333] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6334] set_robust_list(0x5555934ed660, 24 [pid 6333] <... prctl resumed>) = 0 [pid 6332] <... ioctl resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6334 [pid 6333] setpgid(0, 0) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6334] <... set_robust_list resumed>) = 0 [pid 6333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6332] close(3 [pid 5828] close(3 [pid 6334] chdir("./89" [pid 6333] <... openat resumed>) = 3 [pid 6332] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6333] write(3, "1000", 4 [pid 6332] close(4 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6333] <... write resumed>) = 4 [pid 6332] <... close resumed>) = 0 [pid 6334] <... chdir resumed>) = 0 [pid 6334] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] <... prctl resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6334] setpgid(0, 0 [pid 5830] newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6332] mkdir("./file1", 0777./strace-static-x86_64: Process 6335 attached [pid 6333] close(3 [pid 6334] <... setpgid resumed>) = 0 [pid 5830] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6333] <... close resumed>) = 0 [pid 6332] <... mkdir resumed>) = 0 [pid 6335] set_robust_list(0x5555934ed660, 24 [pid 6334] <... openat resumed>) = 3 executing program [pid 6333] symlink("/dev/binderfs", "./binderfs" [pid 6332] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6335 [pid 6334] write(3, "1000", 4 [pid 6333] <... symlink resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6334] <... write resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 6334] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6334] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 6335] <... set_robust_list resumed>) = 0 [pid 6334] symlink("/dev/binderfs", "./binderfs" [pid 6333] write(1, "executing program\n", 18 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 executing program [pid 6335] chdir("./98" [pid 6334] <... symlink resumed>) = 0 [pid 6333] <... write resumed>) = 18 [pid 5830] getdents64(4, [pid 6335] <... chdir resumed>) = 0 [pid 6334] write(1, "executing program\n", 18 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6335] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6334] <... write resumed>) = 18 [pid 6333] memfd_create("syzkaller", 0 [pid 5830] close(4 [pid 6335] <... prctl resumed>) = 0 [ 134.570789][ T6332] loop1: detected capacity change from 0 to 1024 [pid 6334] memfd_create("syzkaller", 0 [pid 6333] <... memfd_create resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 6335] setpgid(0, 0 [pid 6334] <... memfd_create resumed>) = 3 [pid 6333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6335] <... setpgid resumed>) = 0 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] rmdir("./98/file1" [pid 6335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6334] <... mmap resumed>) = 0x7ff1eb400000 [pid 6333] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6335] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6335] write(3, "1000", 4 [pid 6334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6332] <... mount resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./98/binderfs", [pid 6335] <... write resumed>) = 4 [pid 6335] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./98/binderfs" [pid 6332] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6335] <... close resumed>) = 0 [pid 6335] symlink("/dev/binderfs", "./binderfs" [pid 6332] <... openat resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 6335] <... symlink resumed>) = 0 [pid 6332] chdir("./file1" [pid 5830] getdents64(3, executing program [pid 6335] write(1, "executing program\n", 18 [pid 6332] <... chdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6335] <... write resumed>) = 18 [pid 6332] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6335] memfd_create("syzkaller", 0 [pid 6332] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] close(3 [pid 6332] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... close resumed>) = 0 [pid 6335] <... memfd_create resumed>) = 3 [pid 5830] rmdir("./98" [pid 6335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6335] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] mkdir("./99", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 6334] <... write resumed>) = 524288 [pid 6332] <... link resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6332] sync(./strace-static-x86_64: Process 6336 attached [pid 6334] munmap(0x7ff1eb400000, 138412032 [pid 6333] <... write resumed>) = 524288 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6336 [pid 6334] <... munmap resumed>) = 0 [pid 6333] munmap(0x7ff1eb400000, 138412032 [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3 [pid 6333] <... munmap resumed>) = 0 [pid 6335] <... write resumed>) = 524288 [pid 6333] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6336] set_robust_list(0x5555934ed660, 24) = 0 [pid 6335] munmap(0x7ff1eb400000, 138412032 [pid 6333] <... openat resumed>) = 4 [pid 6336] chdir("./99" [pid 6333] ioctl(4, LOOP_SET_FD, 3 [pid 6336] <... chdir resumed>) = 0 [pid 6333] <... ioctl resumed>) = 0 [pid 6336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6336] setpgid(0, 0) = 0 [pid 6336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6335] <... munmap resumed>) = 0 [pid 6336] <... openat resumed>) = 3 [pid 6335] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6336] write(3, "1000", 4) = 4 [pid 6336] close(3) = 0 [pid 6336] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6335] <... openat resumed>) = 4 [pid 6332] <... sync resumed>) = 0 [pid 6335] ioctl(4, LOOP_SET_FD, 3 [pid 6332] exit_group(0 [pid 6334] <... ioctl resumed>) = 0 [pid 6336] write(1, "executing program\n", 18) = 18 [pid 6336] memfd_create("syzkaller", 0 [pid 6334] close(3 [pid 6332] <... exit_group resumed>) = ? [pid 6334] <... close resumed>) = 0 [pid 6336] <... memfd_create resumed>) = 3 [pid 6334] close(4) = 0 [pid 6334] mkdir("./file1", 0777 [pid 6336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6334] <... mkdir resumed>) = 0 [pid 6336] <... mmap resumed>) = 0x7ff1eb400000 [pid 6332] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6332, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6334] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6333] close(3 [pid 5829] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6333] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 6333] close(4 [pid 6335] <... ioctl resumed>) = 0 [pid 6333] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6333] mkdir("./file1", 0777 [pid 5829] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6333] <... mkdir resumed>) = 0 [ 134.704290][ T6334] loop3: detected capacity change from 0 to 1024 [ 134.721697][ T6333] loop4: detected capacity change from 0 to 1024 [ 134.740153][ T6335] loop0: detected capacity change from 0 to 1024 [pid 6334] <... mount resumed>) = 0 [pid 6333] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6335] close(3) = 0 [pid 6334] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6335] close(4 [pid 6336] <... write resumed>) = 524288 [pid 6334] <... openat resumed>) = 3 [pid 6336] munmap(0x7ff1eb400000, 138412032 [pid 6334] chdir("./file1" [pid 6336] <... munmap resumed>) = 0 [pid 6335] <... close resumed>) = 0 [pid 6334] <... chdir resumed>) = 0 [pid 6336] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6336] <... openat resumed>) = 4 [pid 6334] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6336] ioctl(4, LOOP_SET_FD, 3 [pid 6335] mkdir("./file1", 0777 [pid 6334] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... umount2 resumed>) = 0 [pid 6335] <... mkdir resumed>) = 0 [pid 6333] <... mount resumed>) = 0 [pid 6333] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6333] chdir("./file1") = 0 [pid 6334] <... link resumed>) = 0 [pid 6334] sync( [pid 6333] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6335] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6333] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6333] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6336] <... ioctl resumed>) = 0 [pid 6336] close(3 [pid 5829] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6336] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6336] close(4) = 0 [pid 5829] newfstatat(AT_FDCWD, "./97/file1", [pid 6336] mkdir("./file1", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6336] <... mkdir resumed>) = 0 [pid 5829] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6336] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6333] <... link resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6333] sync( [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 6336] <... mount resumed>) = 0 [pid 6335] <... mount resumed>) = 0 [pid 6336] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6336] <... openat resumed>) = 3 [pid 6335] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 6336] chdir("./file1") = 0 [ 134.805144][ T6336] loop2: detected capacity change from 0 to 1024 [pid 6336] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6335] chdir("./file1" [pid 5829] <... close resumed>) = 0 [pid 6336] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6335] <... chdir resumed>) = 0 [pid 5829] rmdir("./97/file1" [pid 6335] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6334] <... sync resumed>) = 0 [pid 6333] <... sync resumed>) = 0 [pid 6335] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6334] exit_group(0 [pid 6333] exit_group(0 [pid 5829] <... rmdir resumed>) = 0 [pid 6334] <... exit_group resumed>) = ? [pid 6333] <... exit_group resumed>) = ? [pid 6335] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6333] +++ exited with 0 +++ [pid 5829] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6333, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6334, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5832] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./97/binderfs", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... restart_syscall resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] unlink("./97/binderfs" [pid 5831] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6336] <... link resumed>) = 0 [pid 5832] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... unlink resumed>) = 0 [pid 6336] sync( [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", [pid 5829] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5831] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] close(3 [pid 5832] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./97" [pid 5831] <... umount2 resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6336] <... sync resumed>) = 0 [pid 6335] <... link resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 6336] exit_group(0) = ? [pid 6336] +++ exited with 0 +++ [pid 5831] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6336, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5831] newfstatat(AT_FDCWD, "./89/file1", [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6335] sync( [pid 5832] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] mkdir("./98", 0777 [pid 5831] umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5832] newfstatat(AT_FDCWD, "./98/file1", [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 5832] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 5830] newfstatat(3, "", [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 5832] close(4 [pid 5831] getdents64(4, [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] rmdir("./98/file1" [pid 5831] close(4 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./89/file1" [pid 5832] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./98/binderfs" [pid 5831] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = 0 [pid 6335] <... sync resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./89/binderfs", [pid 6335] exit_group(0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6337 attached [pid 6335] <... exit_group resumed>) = ? [pid 5832] close(3 [pid 5831] unlink("./89/binderfs" [pid 5832] <... close resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./98" [pid 5830] newfstatat(AT_FDCWD, "./99/file1", [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6335] +++ exited with 0 +++ [pid 5831] getdents64(3, [pid 5830] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6337] set_robust_list(0x5555934ed660, 24 [pid 5832] mkdir("./99", 0777) = 0 [pid 5830] openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... restart_syscall resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] close(3 [pid 5830] newfstatat(4, "", [pid 6337] <... set_robust_list resumed>) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6337] chdir("./98" [pid 5832] <... ioctl resumed>) = 0 [pid 5831] rmdir("./89" [pid 5830] getdents64(4, [pid 6337] <... chdir resumed>) = 0 [pid 5832] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6337 [pid 5832] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6338 attached [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6338 [pid 5831] mkdir("./90", 0777 [pid 5830] close(4 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./99/file1") = 0 [pid 6338] set_robust_list(0x5555934ed660, 24 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6338] <... set_robust_list resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./99/binderfs", [pid 6338] chdir("./99" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] unlink("./99/binderfs" [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 6338] <... chdir resumed>) = 0 [pid 5831] close(3 [pid 5830] getdents64(3, [pid 6337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6337] <... prctl resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6337] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6337] <... setpgid resumed>) = 0 [pid 6338] <... prctl resumed>) = 0 [pid 5830] close(3 [pid 6338] setpgid(0, 0 [pid 5830] <... close resumed>) = 0 [pid 6338] <... setpgid resumed>) = 0 [pid 5830] rmdir("./99" [pid 6338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... rmdir resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6337] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6337] write(3, "1000", 4 [pid 5828] getdents64(3, [pid 6337] <... write resumed>) = 4 [pid 6338] write(3, "1000", 4 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6337] close(3 [pid 5828] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6337] <... close resumed>) = 0 [pid 6338] <... write resumed>) = 4 [pid 5830] mkdir("./100", 0777 [pid 6338] close(3 [pid 6337] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... mkdir resumed>) = 0 [pid 6338] <... close resumed>) = 0 [pid 6338] symlink("/dev/binderfs", "./binderfs" [pid 6337] <... symlink resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6338] <... symlink resumed>) = 0 [pid 6338] write(1, "executing program\n", 18 executing program [pid 6337] write(1, "executing program\n", 18 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 6337] <... write resumed>) = 18 [pid 6338] <... write resumed>) = 18 [pid 6338] memfd_create("syzkaller", 0 [pid 6337] memfd_create("syzkaller", 0 [pid 6338] <... memfd_create resumed>) = 3 [pid 6338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... openat resumed>) = 3 [pid 6337] <... memfd_create resumed>) = 3 [pid 5828] <... umount2 resumed>) = 0 [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6337] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [pid 5830] close(3 [pid 6337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6339 attached [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6339 [pid 6339] set_robust_list(0x5555934ed660, 24 [pid 5828] openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6339] <... set_robust_list resumed>) = 0 [pid 6339] chdir("./90"executing program ) = 0 [pid 5830] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6339] setpgid(0, 0) = 0 [pid 6339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6339] <... openat resumed>) = 3 [pid 6339] write(3, "1000", 4) = 4 [pid 6339] close(3) = 0 [pid 6339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6339] write(1, "executing program\n", 18) = 18 [pid 6339] memfd_create("syzkaller", 0 [pid 6338] <... write resumed>) = 524288 ./strace-static-x86_64: Process 6340 attached [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6340 [pid 5828] newfstatat(4, "", [pid 6340] set_robust_list(0x5555934ed660, 24 [pid 6338] munmap(0x7ff1eb400000, 138412032 [pid 6340] <... set_robust_list resumed>) = 0 [pid 6339] <... memfd_create resumed>) = 3 [pid 6338] <... munmap resumed>) = 0 [pid 6340] chdir("./100" [pid 6339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6338] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6340] <... chdir resumed>) = 0 [pid 6339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6338] <... openat resumed>) = 4 [pid 5828] getdents64(4, [pid 6340] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6338] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6340] <... prctl resumed>) = 0 [pid 6337] <... write resumed>) = 524288 [pid 5828] getdents64(4, [pid 6337] munmap(0x7ff1eb400000, 138412032 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6340] setpgid(0, 0 [pid 5828] close(4 [pid 6340] <... setpgid resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] rmdir("./98/file1" [pid 6340] <... openat resumed>) = 3 [pid 6337] <... munmap resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6340] write(3, "1000", 4 [pid 6337] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6340] <... write resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./98/binderfs", [pid 6337] <... openat resumed>) = 4 [pid 6340] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6337] ioctl(4, LOOP_SET_FD, 3 [pid 6340] <... close resumed>) = 0 [pid 5828] unlink("./98/binderfs" [pid 6340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6340] write(1, "executing program\n", 18) = 18 [pid 6340] memfd_create("syzkaller", 0) = 3 [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6339] <... write resumed>) = 524288 [pid 6340] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] getdents64(3, executing program [pid 6340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6338] <... ioctl resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./98" [pid 6338] close(3) = 0 [pid 6338] close(4 [pid 5828] <... rmdir resumed>) = 0 [pid 6339] munmap(0x7ff1eb400000, 138412032 [pid 6338] <... close resumed>) = 0 [pid 5828] mkdir("./99", 0777 [pid 6340] <... write resumed>) = 524288 [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6339] <... munmap resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6338] mkdir("./file1", 0777 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6337] <... ioctl resumed>) = 0 [pid 6339] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6338] <... mkdir resumed>) = 0 [pid 6337] close(3 [pid 5828] <... ioctl resumed>) = 0 [pid 6339] <... openat resumed>) = 4 [pid 6338] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6339] ioctl(4, LOOP_SET_FD, 3 [pid 6337] <... close resumed>) = 0 [pid 5828] close(3 [pid 6337] close(4) = 0 [pid 5828] <... close resumed>) = 0 [ 135.087955][ T6338] loop4: detected capacity change from 0 to 1024 [ 135.107984][ T6337] loop1: detected capacity change from 0 to 1024 [pid 6337] mkdir("./file1", 0777 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6337] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6341 attached [pid 6340] munmap(0x7ff1eb400000, 138412032 [pid 6337] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6341] set_robust_list(0x5555934ed660, 24 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6341 [pid 6341] <... set_robust_list resumed>) = 0 [pid 6341] chdir("./99" [pid 6338] <... mount resumed>) = 0 [pid 6338] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6341] <... chdir resumed>) = 0 [pid 6340] <... munmap resumed>) = 0 [pid 6338] <... openat resumed>) = 3 [pid 6338] chdir("./file1") = 0 [pid 6338] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6338] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6341] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6339] <... ioctl resumed>) = 0 [pid 6341] <... prctl resumed>) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6338] <... link resumed>) = 0 [pid 6340] <... openat resumed>) = 4 [pid 6341] setpgid(0, 0 [pid 6340] ioctl(4, LOOP_SET_FD, 3 [pid 6339] close(3 [pid 6338] sync( [pid 6339] <... close resumed>) = 0 [ 135.146138][ T6339] loop3: detected capacity change from 0 to 1024 [pid 6341] <... setpgid resumed>) = 0 [pid 6339] close(4) = 0 [pid 6339] mkdir("./file1", 0777 [pid 6341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6339] <... mkdir resumed>) = 0 [pid 6341] <... openat resumed>) = 3 [pid 6337] <... mount resumed>) = 0 [pid 6341] write(3, "1000", 4) = 4 [pid 6337] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6341] close(3) = 0 [pid 6339] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6337] <... openat resumed>) = 3 [pid 6341] symlink("/dev/binderfs", "./binderfs" [pid 6340] <... ioctl resumed>) = 0 [pid 6337] chdir("./file1"executing program [pid 6341] <... symlink resumed>) = 0 [pid 6340] close(3 [pid 6337] <... chdir resumed>) = 0 [pid 6341] write(1, "executing program\n", 18 [pid 6340] <... close resumed>) = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6341] <... write resumed>) = 18 [pid 6337] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6341] memfd_create("syzkaller", 0 [pid 6340] close(4 [pid 6337] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6339] <... mount resumed>) = 0 [pid 6341] <... memfd_create resumed>) = 3 [pid 6340] <... close resumed>) = 0 [pid 6341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6339] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6341] <... mmap resumed>) = 0x7ff1eb400000 [pid 6340] mkdir("./file1", 0777 [pid 6339] <... openat resumed>) = 3 [pid 6341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6340] <... mkdir resumed>) = 0 [pid 6339] chdir("./file1" [pid 6338] <... sync resumed>) = 0 [pid 6339] <... chdir resumed>) = 0 [pid 6338] exit_group(0 [pid 6339] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6338] <... exit_group resumed>) = ? [pid 6339] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6340] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [ 135.189721][ T6340] loop2: detected capacity change from 0 to 1024 [pid 6339] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6338] +++ exited with 0 +++ [pid 6337] <... link resumed>) = 0 [pid 6337] sync( [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6338, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6341] <... write resumed>) = 524288 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 6341] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6340] <... mount resumed>) = 0 [pid 6339] <... link resumed>) = 0 [pid 6341] ioctl(4, LOOP_SET_FD, 3 [pid 6339] sync( [pid 5832] <... umount2 resumed>) = 0 [pid 6340] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6340] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6340] <... chdir resumed>) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6340] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(AT_FDCWD, "./99/file1", [pid 6339] <... sync resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6339] exit_group(0 [pid 5832] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6339] <... exit_group resumed>) = ? [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6339] +++ exited with 0 +++ [pid 5832] openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6339, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5832] <... openat resumed>) = 4 [pid 6337] <... sync resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 6337] exit_group(0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6337] <... exit_group resumed>) = ? [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] getdents64(4, [pid 6337] +++ exited with 0 +++ [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6337, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5831] newfstatat(3, "", [pid 5832] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 5832] rmdir("./99/file1" [pid 5829] <... restart_syscall resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5831] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6340] <... link resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6340] sync( [pid 5829] <... openat resumed>) = 3 [pid 6341] <... ioctl resumed>) = 0 [pid 6341] close(3 [pid 5829] newfstatat(3, "", [pid 6341] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6341] close(4 [pid 5829] getdents64(3, [pid 6341] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6341] mkdir("./file1", 0777 [pid 5829] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6341] <... mkdir resumed>) = 0 [pid 6341] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = 0 [ 135.299838][ T6341] loop0: detected capacity change from 0 to 1024 [pid 5832] unlink("./99/binderfs") = 0 [pid 5832] getdents64(3, [pid 5831] <... umount2 resumed>) = 0 [pid 5829] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] close(3 [pid 5829] newfstatat(AT_FDCWD, "./98/file1", [pid 5832] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] rmdir("./99" [pid 5831] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] mkdir("./100", 0777 [pid 5829] openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 3 [pid 5831] newfstatat(AT_FDCWD, "./90/file1", [pid 5829] newfstatat(4, "", [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5832] close(3 [pid 5831] umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(4, [pid 6341] <... mount resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] getdents64(4, ./strace-static-x86_64: Process 6342 attached [pid 6341] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6342] set_robust_list(0x5555934ed660, 24 [pid 6341] <... openat resumed>) = 3 [pid 5831] newfstatat(4, "", [pid 5829] close(4 [pid 6342] <... set_robust_list resumed>) = 0 [pid 6341] chdir("./file1" [pid 5829] <... close resumed>) = 0 [pid 6342] chdir("./100" [pid 6341] <... chdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] rmdir("./98/file1" [pid 6342] <... chdir resumed>) = 0 [pid 6341] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6340] <... sync resumed>) = 0 [pid 6342] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6340] exit_group(0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6342 [pid 5831] getdents64(4, [pid 5829] <... rmdir resumed>) = 0 [pid 6342] <... prctl resumed>) = 0 [pid 6340] <... exit_group resumed>) = ? [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6341] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6342] setpgid(0, 0 [pid 6341] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6340] +++ exited with 0 +++ [pid 5831] getdents64(4, [pid 5829] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6342] <... setpgid resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6340, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5831] close(4 [pid 5829] newfstatat(AT_FDCWD, "./98/binderfs", [pid 5831] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6342] <... openat resumed>) = 3 [pid 5830] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] unlink("./98/binderfs" [pid 6342] write(3, "1000", 4 [pid 5831] rmdir("./90/file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6342] <... write resumed>) = 4 [pid 6341] <... link resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5829] getdents64(3, [pid 6342] close(3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6342] <... close resumed>) = 0 [pid 5829] close(3 [pid 5831] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6341] sync( [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5829] <... close resumed>) = 0 [pid 6342] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] rmdir("./98"executing program [pid 6342] <... symlink resumed>) = 0 [pid 6341] <... sync resumed>) = 0 [pid 5831] unlink("./90/binderfs" [pid 5830] <... openat resumed>) = 3 [pid 5829] <... rmdir resumed>) = 0 [pid 6342] write(1, "executing program\n", 18) = 18 [pid 6341] exit_group(0 [pid 6342] memfd_create("syzkaller", 0 [pid 5831] <... unlink resumed>) = 0 [pid 5830] newfstatat(3, "", [pid 5829] mkdir("./99", 0777 [pid 6342] <... memfd_create resumed>) = 3 [pid 6341] <... exit_group resumed>) = ? [pid 5829] <... mkdir resumed>) = 0 [pid 6342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6341] +++ exited with 0 +++ [pid 5831] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6342] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(3, [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6341, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5831] close(3 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... close resumed>) = 0 [pid 5830] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5831] rmdir("./90" [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5831] mkdir("./91", 0777 [pid 5829] close(3 [pid 5828] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6342] <... write resumed>) = 524288 [pid 5831] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 5831] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6342] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... umount2 resumed>) = 0 [pid 6342] <... munmap resumed>) = 0 [pid 6342] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6342] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6343 [pid 5828] <... umount2 resumed>) = 0 [pid 6342] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6343 attached [pid 5830] newfstatat(AT_FDCWD, "./100/file1", [pid 5828] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6343] set_robust_list(0x5555934ed660, 24) = 0 ./strace-static-x86_64: Process 6344 attached [pid 6343] chdir("./99" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6344] set_robust_list(0x5555934ed660, 24 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6344 [pid 5830] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6344] <... set_robust_list resumed>) = 0 [pid 6343] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6344] chdir("./91" [pid 6343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6343] <... prctl resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 6344] <... chdir resumed>) = 0 [pid 6342] <... ioctl resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 6344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6342] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6344] <... prctl resumed>) = 0 [pid 6342] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 6344] setpgid(0, 0 [pid 6343] setpgid(0, 0 [pid 6342] close(4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6344] <... setpgid resumed>) = 0 [pid 6342] <... close resumed>) = 0 [pid 5830] getdents64(4, [pid 6344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6343] <... setpgid resumed>) = 0 [pid 6342] mkdir("./file1", 0777 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(AT_FDCWD, "./99/file1", [pid 5830] close(4 [pid 6343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... close resumed>) = 0 [pid 6342] <... mkdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6343] <... openat resumed>) = 3 [pid 6342] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] rmdir("./100/file1" [pid 5828] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6343] write(3, "1000", 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6343] <... write resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6343] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 4 [pid 6343] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./100/binderfs", [pid 5828] newfstatat(4, "", [pid 6344] <... openat resumed>) = 3 [pid 6343] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] unlink("./100/binderfs"executing program [pid 6344] write(3, "1000", 4 [pid 6343] <... symlink resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5828] getdents64(4, [pid 6344] <... write resumed>) = 4 [pid 6342] <... mount resumed>) = 0 [pid 5830] getdents64(3, [pid 6344] close(3 [pid 6342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6344] <... close resumed>) = 0 [pid 5830] close(3 [pid 6344] symlink("/dev/binderfs", "./binderfs" [pid 6343] write(1, "executing program\n", 18 [pid 5830] <... close resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6343] <... write resumed>) = 18 [pid 6342] <... openat resumed>) = 3 [pid 5828] getdents64(4, [pid 6344] <... symlink resumed>) = 0 [pid 6343] memfd_create("syzkaller", 0 [pid 6342] chdir("./file1" [pid 5830] rmdir("./100" [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6344] write(1, "executing program\n", 18 [pid 6343] <... memfd_create resumed>) = 3 executing program [pid 6342] <... chdir resumed>) = 0 [pid 6344] <... write resumed>) = 18 [ 135.571211][ T6342] loop4: detected capacity change from 0 to 1024 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] close(4 [pid 6342] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./99/file1" [pid 6343] <... mmap resumed>) = 0x7ff1eb400000 [pid 6342] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] mkdir("./101", 0777 [pid 5828] <... rmdir resumed>) = 0 [pid 6344] memfd_create("syzkaller", 0 [pid 6342] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... mkdir resumed>) = 0 [pid 5828] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] newfstatat(AT_FDCWD, "./99/binderfs", [pid 5830] <... openat resumed>) = 3 [pid 6344] <... memfd_create resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 6344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] close(3 [pid 5828] unlink("./99/binderfs") = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./99") = 0 [pid 6343] <... write resumed>) = 524288 [pid 6342] <... link resumed>) = 0 [pid 5828] mkdir("./100", 0777 [pid 5830] <... close resumed>) = 0 [pid 6342] sync( [pid 5828] <... mkdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 6345 attached [pid 6343] munmap(0x7ff1eb400000, 138412032 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 6345] set_robust_list(0x5555934ed660, 24 [pid 6343] <... munmap resumed>) = 0 [pid 5828] close(3 [pid 6345] <... set_robust_list resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6345 [pid 5828] <... close resumed>) = 0 [pid 6345] chdir("./101" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6346 attached [pid 6346] set_robust_list(0x5555934ed660, 24 [pid 6345] <... chdir resumed>) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6346] <... set_robust_list resumed>) = 0 [pid 6343] <... openat resumed>) = 4 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6346 [pid 6346] chdir("./100" [pid 6343] ioctl(4, LOOP_SET_FD, 3 [pid 6346] <... chdir resumed>) = 0 [pid 6345] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6344] <... write resumed>) = 524288 [pid 6343] <... ioctl resumed>) = 0 [pid 6342] <... sync resumed>) = 0 [pid 6346] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6345] <... prctl resumed>) = 0 [pid 6346] <... prctl resumed>) = 0 [pid 6345] setpgid(0, 0 [pid 6342] exit_group(0 [pid 6346] setpgid(0, 0 [pid 6345] <... setpgid resumed>) = 0 [pid 6342] <... exit_group resumed>) = ? [pid 6346] <... setpgid resumed>) = 0 [pid 6345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6345] <... openat resumed>) = 3 [pid 6346] <... openat resumed>) = 3 [pid 6345] write(3, "1000", 4 [pid 6342] +++ exited with 0 +++ [pid 6346] write(3, "1000", 4 [pid 6345] <... write resumed>) = 4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6342, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6346] <... write resumed>) = 4 [pid 6345] close(3 [pid 6344] munmap(0x7ff1eb400000, 138412032 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6346] close(3 [pid 6345] <... close resumed>) = 0 [pid 6344] <... munmap resumed>) = 0 [pid 6346] <... close resumed>) = 0 [pid 6345] symlink("/dev/binderfs", "./binderfs" [pid 6346] symlink("/dev/binderfs", "./binderfs" [pid 6345] <... symlink resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 6346] <... symlink resumed>) = 0 [pid 6345] write(1, "executing program\n", 18executing program ) = 18 [pid 6344] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6346] write(1, "executing program\n", 18 [pid 6345] memfd_create("syzkaller", 0 [pid 6344] <... openat resumed>) = 4 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6346] <... write resumed>) = 18 [pid 6345] <... memfd_create resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 6346] memfd_create("syzkaller", 0 [pid 6345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6344] ioctl(4, LOOP_SET_FD, 3 [pid 5832] newfstatat(3, "", [pid 6345] <... mmap resumed>) = 0x7ff1eb400000 [pid 6343] close(3 [pid 6346] <... memfd_create resumed>) = 3 [pid 6345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6343] <... close resumed>) = 0 [pid 6346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6343] close(4 [pid 6346] <... mmap resumed>) = 0x7ff1eb400000 [pid 6343] <... close resumed>) = 0 [pid 6346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6343] mkdir("./file1", 0777) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6343] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6344] <... ioctl resumed>) = 0 [pid 6344] close(3) = 0 [pid 6344] close(4) = 0 [pid 6344] mkdir("./file1", 0777 [pid 6346] <... write resumed>) = 524288 [pid 6344] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [ 135.701304][ T6343] loop1: detected capacity change from 0 to 1024 [ 135.738823][ T6344] loop3: detected capacity change from 0 to 1024 [pid 6345] <... write resumed>) = 524288 [pid 6346] munmap(0x7ff1eb400000, 138412032 [pid 6344] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6343] <... mount resumed>) = 0 [pid 5832] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6346] <... munmap resumed>) = 0 [pid 6345] munmap(0x7ff1eb400000, 138412032 [pid 6343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6345] <... munmap resumed>) = 0 [pid 6343] <... openat resumed>) = 3 [pid 6345] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6343] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6345] <... openat resumed>) = 4 [pid 6343] <... chdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./100/file1", [pid 6345] ioctl(4, LOOP_SET_FD, 3 [pid 6343] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6343] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6343] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", [pid 6346] <... openat resumed>) = 4 [pid 6346] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, [pid 6346] <... ioctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 6346] close(3) = 0 [pid 6346] close(4 [pid 5832] rmdir("./100/file1" [pid 6344] <... mount resumed>) = 0 [pid 6344] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 6344] chdir("./file1") = 0 [pid 6344] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6344] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6345] <... ioctl resumed>) = 0 [pid 5832] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6345] close(3) = 0 [pid 6345] close(4) = 0 [pid 6345] mkdir("./file1", 0777) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6345] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./100/binderfs") = 0 [pid 6346] <... close resumed>) = 0 [pid 6345] <... mount resumed>) = 0 [pid 5832] getdents64(3, [pid 6346] mkdir("./file1", 0777) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [ 135.802102][ T6345] loop2: detected capacity change from 0 to 1024 [ 135.820988][ T6346] loop0: detected capacity change from 0 to 1024 [pid 6346] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] close(3) = 0 [pid 6345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6344] <... link resumed>) = 0 [pid 6343] <... link resumed>) = 0 [pid 6345] <... openat resumed>) = 3 [pid 6344] sync( [pid 5832] rmdir("./100" [pid 6345] chdir("./file1") = 0 [pid 6345] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] <... rmdir resumed>) = 0 [pid 6345] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6343] sync( [pid 5832] mkdir("./101", 0777) = 0 [pid 6346] <... mount resumed>) = 0 [pid 6345] <... link resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6345] sync( [pid 6346] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 6346] <... openat resumed>) = 3 [pid 6346] chdir("./file1" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6346] <... chdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] close(3 [pid 6346] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6346] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... close resumed>) = 0 [pid 6345] <... sync resumed>) = 0 [pid 6345] exit_group(0) = ? [pid 6343] <... sync resumed>) = 0 [pid 6343] exit_group(0) = ? [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6343] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6343, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6345] +++ exited with 0 +++ [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6345, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6344] <... sync resumed>) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6347 attached [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6347 [pid 5829] newfstatat(3, "", [pid 6344] exit_group(0) = ? [pid 6347] set_robust_list(0x5555934ed660, 24 [pid 6344] +++ exited with 0 +++ [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6344, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6347] <... set_robust_list resumed>) = 0 [pid 6346] <... link resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] chdir("./101" [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] <... chdir resumed>) = 0 [pid 6346] sync( [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] <... prctl resumed>) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6347] setpgid(0, 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6347] <... setpgid resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6347] write(3, "1000", 4 [pid 5831] <... openat resumed>) = 3 [pid 6347] <... write resumed>) = 4 [pid 6347] close(3 [pid 5831] newfstatat(3, "", [pid 6347] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6347] symlink("/dev/binderfs", "./binderfs" [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6347] <... symlink resumed>) = 0 [pid 5831] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] write(1, "executing program\n", 18executing program ) = 18 [pid 6347] memfd_create("syzkaller", 0) = 3 [pid 6347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5830] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6346] <... sync resumed>) = 0 [pid 5830] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = 0 [pid 6347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6346] exit_group(0 [pid 5831] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./101/file1", [pid 6346] <... exit_group resumed>) = ? [pid 5831] newfstatat(AT_FDCWD, "./91/file1", [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6346] +++ exited with 0 +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6346, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 4 [pid 5829] newfstatat(AT_FDCWD, "./99/file1", [pid 5831] <... openat resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(4, "", [pid 5830] newfstatat(4, "", [pid 5829] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] <... write resumed>) = 524288 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6347] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, [pid 5829] openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6347] <... munmap resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] getdents64(4, [pid 5830] getdents64(4, [pid 5829] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6347] <... openat resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] newfstatat(4, "", [pid 5828] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6347] ioctl(4, LOOP_SET_FD, 3 [pid 5831] close(4 [pid 5830] close(4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] newfstatat(3, "", [pid 5831] rmdir("./91/file1" [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5829] close(4 [pid 5831] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] rmdir("./101/file1" [pid 5828] <... umount2 resumed>) = 0 [pid 5829] rmdir("./99/file1" [pid 5831] newfstatat(AT_FDCWD, "./91/binderfs", [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./91/binderfs") = 0 [pid 5830] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5829] newfstatat(AT_FDCWD, "./99/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] newfstatat(AT_FDCWD, "./100/file1", [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./91" [pid 5830] unlink("./101/binderfs" [pid 5829] unlink("./99/binderfs" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5830] getdents64(3, [pid 5828] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] mkdir("./92", 0777 [pid 5830] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] rmdir("./101" [pid 5828] openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] close(3 [pid 5828] <... openat resumed>) = 4 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 5830] mkdir("./102", 0777 [pid 5829] rmdir("./99" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... rmdir resumed>) = 0 [pid 5828] getdents64(4, [pid 5831] <... openat resumed>) = 3 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] getdents64(4, [pid 5831] <... ioctl resumed>) = 0 [pid 5829] mkdir("./100", 0777 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] close(4 [pid 5831] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] rmdir("./100/file1"./strace-static-x86_64: Process 6348 attached [pid 6347] <... ioctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... rmdir resumed>) = 0 [pid 6348] set_robust_list(0x5555934ed660, 24 [pid 6347] close(3 [pid 5830] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6347] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... openat resumed>) = 3 [pid 6348] <... set_robust_list resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6348] chdir("./92" [pid 6347] close(4 [pid 5830] close(3) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6347] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6348] <... chdir resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./100/binderfs", [pid 6348] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6348 [pid 5829] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6349 attached [pid 6348] <... prctl resumed>) = 0 [ 136.018008][ T6347] loop4: detected capacity change from 0 to 1024 [pid 6349] set_robust_list(0x5555934ed660, 24 [pid 6347] mkdir("./file1", 0777 [pid 6349] <... set_robust_list resumed>) = 0 [pid 6348] setpgid(0, 0) = 0 [pid 6348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6347] <... mkdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6349 [pid 6349] chdir("./102" [pid 6348] <... openat resumed>) = 3 [pid 5828] unlink("./100/binderfs" executing program [pid 6349] <... chdir resumed>) = 0 [pid 6347] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... close resumed>) = 0 [pid 6348] write(3, "1000", 4 [pid 5828] <... unlink resumed>) = 0 [pid 6348] <... write resumed>) = 4 [pid 5828] getdents64(3, [pid 6348] close(3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6348] <... close resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./100") = 0 [pid 6348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6348] write(1, "executing program\n", 18) = 18 [pid 6348] memfd_create("syzkaller", 0 [pid 5828] mkdir("./101", 0777) = 0 [pid 6348] <... memfd_create resumed>) = 3 [pid 6348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 6349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... close resumed>) = 0 [pid 6349] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 6350 attached [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6350 [pid 6350] set_robust_list(0x5555934ed660, 24 [pid 6349] setpgid(0, 0 [pid 6348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6350] <... set_robust_list resumed>) = 0 [pid 6349] <... setpgid resumed>) = 0 [pid 6350] chdir("./100" [pid 6349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6350] <... chdir resumed>) = 0 [pid 6349] <... openat resumed>) = 3 [pid 6350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6349] write(3, "1000", 4) = 4 [pid 6349] close(3 [pid 6350] setpgid(0, 0 [pid 6349] <... close resumed>) = 0 [pid 6349] symlink("/dev/binderfs", "./binderfs"executing program [pid 6350] <... setpgid resumed>) = 0 [pid 6349] <... symlink resumed>) = 0 [pid 6348] <... write resumed>) = 524288 [pid 6347] <... mount resumed>) = 0 [pid 6349] write(1, "executing program\n", 18) = 18 [pid 6347] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6349] memfd_create("syzkaller", 0 [pid 6347] <... openat resumed>) = 3 [pid 6350] <... openat resumed>) = 3 [pid 6349] <... memfd_create resumed>) = 3 [pid 6347] chdir("./file1"./strace-static-x86_64: Process 6351 attached [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6351 [pid 6351] set_robust_list(0x5555934ed660, 24 [pid 6350] write(3, "1000", 4 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6347] <... chdir resumed>) = 0 [pid 6350] <... write resumed>) = 4 [pid 6347] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6350] close(3 [pid 6349] <... mmap resumed>) = 0x7ff1eb400000 [pid 6351] <... set_robust_list resumed>) = 0 [pid 6351] chdir("./101" [pid 6350] <... close resumed>) = 0 [pid 6347] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6347] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6350] symlink("/dev/binderfs", "./binderfs" [pid 6351] <... chdir resumed>) = 0 [pid 6351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6348] munmap(0x7ff1eb400000, 138412032 [pid 6350] <... symlink resumed>) = 0 [pid 6351] setpgid(0, 0 [pid 6348] <... munmap resumed>) = 0 [pid 6351] <... setpgid resumed>) = 0 [pid 6348] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6348] <... openat resumed>) = 4 [pid 6351] <... openat resumed>) = 3 [pid 6348] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6351] write(3, "1000", 4 [pid 6348] ioctl(4, LOOP_CLR_FD) = 0 [pid 6351] <... write resumed>) = 4 [pid 6351] close(3) = 0 [pid 6351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6348] ioctl(4, LOOP_SET_FD, 3executing program [pid 6350] write(1, "executing program\n", 18) = 18 executing program [pid 6350] memfd_create("syzkaller", 0 [pid 6351] write(1, "executing program\n", 18 [pid 6348] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6351] <... write resumed>) = 18 [pid 6348] close(4 [pid 6351] memfd_create("syzkaller", 0 [pid 6348] <... close resumed>) = 0 [pid 6351] <... memfd_create resumed>) = 3 [pid 6351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6350] <... memfd_create resumed>) = 3 [pid 6350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6350] <... mmap resumed>) = 0x7ff1eb400000 [pid 6349] <... write resumed>) = 524288 [pid 6348] close(3 [pid 6347] <... link resumed>) = 0 [pid 6350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6349] munmap(0x7ff1eb400000, 138412032 [pid 6348] <... close resumed>) = 0 [pid 6347] sync( [pid 6349] <... munmap resumed>) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_SET_FD, 3 [pid 6351] <... write resumed>) = 524288 [pid 6350] <... write resumed>) = 524288 [pid 6351] munmap(0x7ff1eb400000, 138412032 [pid 6348] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6347] <... sync resumed>) = 0 [pid 6351] <... munmap resumed>) = 0 [pid 6347] exit_group(0 [pid 6351] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6348] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6347] <... exit_group resumed>) = ? [pid 6351] <... openat resumed>) = 4 [pid 6348] sync( [pid 6347] +++ exited with 0 +++ [pid 6351] ioctl(4, LOOP_SET_FD, 3 [pid 6350] munmap(0x7ff1eb400000, 138412032 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6347, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6350] <... munmap resumed>) = 0 [pid 6348] <... sync resumed>) = 0 [pid 6348] exit_group(0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5832] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6348] <... exit_group resumed>) = ? [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6350] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6349] <... ioctl resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6350] <... openat resumed>) = 4 [pid 5832] <... openat resumed>) = 3 [pid 6350] ioctl(4, LOOP_SET_FD, 3 [pid 6349] close(3 [pid 5832] newfstatat(3, "", [pid 6348] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6348, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5831] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./92/binderfs" [pid 6351] <... ioctl resumed>) = 0 [pid 6350] <... ioctl resumed>) = 0 [pid 6349] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 6349] close(4) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6351] close(3 [pid 6350] close(3 [pid 6349] mkdir("./file1", 0777 [pid 5832] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 6351] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6351] close(4 [pid 5831] close(3 [pid 6351] <... close resumed>) = 0 [pid 6349] <... mkdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6351] mkdir("./file1", 0777 [pid 6350] <... close resumed>) = 0 [pid 5831] rmdir("./92" [pid 6351] <... mkdir resumed>) = 0 [pid 6350] close(4 [pid 6349] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6351] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6350] <... close resumed>) = 0 [pid 5831] mkdir("./93", 0777 [pid 6350] mkdir("./file1", 0777 [pid 5832] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... mkdir resumed>) = 0 [pid 6350] <... mkdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6350] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] <... openat resumed>) = 4 [pid 5831] close(3 [pid 5832] newfstatat(4, "", [pid 5831] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6352 attached [ 136.217855][ T6349] loop2: detected capacity change from 0 to 1024 [ 136.233870][ T6351] loop0: detected capacity change from 0 to 1024 [ 136.251843][ T6350] loop1: detected capacity change from 0 to 1024 [pid 5832] getdents64(4, [pid 6352] set_robust_list(0x5555934ed660, 24 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6352 [pid 6352] <... set_robust_list resumed>) = 0 [pid 5832] getdents64(4, [pid 6352] chdir("./93" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4 [pid 6352] <... chdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 6352] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] rmdir("./101/file1" [pid 6352] <... prctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6352] setpgid(0, 0) = 0 [pid 6352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6351] <... mount resumed>) = 0 [pid 6350] <... mount resumed>) = 0 [pid 6349] <... mount resumed>) = 0 [pid 5832] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6349] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6350] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] newfstatat(AT_FDCWD, "./101/binderfs", [pid 6352] <... openat resumed>) = 3 [pid 6351] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6351] chdir("./file1" [pid 5832] unlink("./101/binderfs" [pid 6351] <... chdir resumed>) = 0 [pid 6352] write(3, "1000", 4 [pid 6351] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... unlink resumed>) = 0 [pid 6352] <... write resumed>) = 4 [pid 6351] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6350] <... openat resumed>) = 3 [pid 6349] <... openat resumed>) = 3 [pid 6352] close(3 [pid 5832] getdents64(3, [pid 6352] <... close resumed>) = 0 [pid 6351] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6350] chdir("./file1" [pid 6349] chdir("./file1" [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6350] <... chdir resumed>) = 0 [pid 6349] <... chdir resumed>) = 0 [pid 5832] close(3 [pid 6352] symlink("/dev/binderfs", "./binderfs" [pid 6350] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6349] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... close resumed>) = 0 [pid 6352] <... symlink resumed>) = 0 executing program [pid 6352] write(1, "executing program\n", 18) = 18 [pid 6352] memfd_create("syzkaller", 0 [pid 6350] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6349] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] rmdir("./101" [pid 6350] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6349] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... rmdir resumed>) = 0 [pid 6352] <... memfd_create resumed>) = 3 [pid 6352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5832] mkdir("./102", 0777 [pid 6351] <... link resumed>) = 0 [pid 6351] sync( [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 6352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6349] <... link resumed>) = 0 [pid 6349] sync( [pid 6352] <... write resumed>) = 524288 [pid 6350] <... link resumed>) = 0 [pid 6350] sync( [pid 5832] <... close resumed>) = 0 [pid 6352] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6352] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 ./strace-static-x86_64: Process 6353 attached [pid 6352] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6353 [pid 6351] <... sync resumed>) = 0 [pid 6351] exit_group(0) = ? [pid 6353] set_robust_list(0x5555934ed660, 24 [pid 6351] +++ exited with 0 +++ [pid 6350] <... sync resumed>) = 0 [pid 6349] <... sync resumed>) = 0 [pid 6349] exit_group(0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6351, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6353] <... set_robust_list resumed>) = 0 [pid 6350] exit_group(0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6353] chdir("./102" [pid 6350] <... exit_group resumed>) = ? [pid 6349] <... exit_group resumed>) = ? [pid 6353] <... chdir resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6350] +++ exited with 0 +++ [pid 6353] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... openat resumed>) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6350, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6353] <... prctl resumed>) = 0 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6353] setpgid(0, 0) = 0 [pid 6352] <... ioctl resumed>) = 0 [pid 6353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6352] close(3 [pid 5829] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = 0 [pid 6353] <... openat resumed>) = 3 [pid 6352] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6352] close(4 [pid 5829] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6352] <... close resumed>) = 0 [pid 6352] mkdir("./file1", 0777 [pid 5829] <... openat resumed>) = 3 [pid 6352] <... mkdir resumed>) = 0 [pid 6349] +++ exited with 0 +++ [pid 5829] newfstatat(3, "", [pid 5828] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6349, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5829] getdents64(3, [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6353] write(3, "1000", 4 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6353] <... write resumed>) = 4 [pid 6352] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] newfstatat(4, "", [pid 6353] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6353] <... close resumed>) = 0 [pid 5830] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 6353] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [ 136.405429][ T6352] loop3: detected capacity change from 0 to 1024 [pid 6353] <... symlink resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = 0 [pid 5828] getdents64(4, executing program [pid 6353] write(1, "executing program\n", 18 [pid 5830] <... openat resumed>) = 3 [pid 5829] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6353] <... write resumed>) = 18 [pid 5830] getdents64(3, [pid 5828] close(4 [pid 6353] memfd_create("syzkaller", 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... close resumed>) = 0 [pid 6353] <... memfd_create resumed>) = 3 [pid 5830] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./100/file1", [pid 5828] rmdir("./101/file1" [pid 6353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6352] <... mount resumed>) = 0 [pid 6353] <... mmap resumed>) = 0x7ff1eb400000 [pid 6352] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6352] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] newfstatat(AT_FDCWD, "./101/binderfs", [pid 6352] chdir("./file1" [pid 5830] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6352] <... chdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6352] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6352] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6352] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... close resumed>) = 0 [pid 5828] unlink("./101/binderfs" [pid 5829] rmdir("./100/file1" [pid 5828] <... unlink resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, [pid 5830] openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5829] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 5830] newfstatat(4, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(AT_FDCWD, "./100/binderfs", [pid 5828] rmdir("./101" [pid 5830] getdents64(4, [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] unlink("./100/binderfs" [pid 5828] mkdir("./102", 0777 [pid 5830] getdents64(4, [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(3, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] close(4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5829] close(3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] rmdir("./102/file1" [pid 5829] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] rmdir("./100" [pid 5828] close(3 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5829] mkdir("./101", 0777 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6354 attached [pid 6353] <... write resumed>) = 524288 [pid 6352] <... link resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6354 [pid 6352] sync( [pid 6354] set_robust_list(0x5555934ed660, 24 [pid 5830] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... openat resumed>) = 3 [pid 6354] <... set_robust_list resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./102/binderfs", [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6354] chdir("./102" [pid 6353] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 6354] <... chdir resumed>) = 0 [pid 6353] <... munmap resumed>) = 0 [pid 5830] unlink("./102/binderfs" [pid 5829] close(3 [pid 6354] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6353] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... unlink resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6353] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 6353] ioctl(4, LOOP_SET_FD, 3 [pid 5830] rmdir("./102" [pid 6354] <... prctl resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6355 attached [pid 6354] setpgid(0, 0 [pid 5830] mkdir("./103", 0777 [pid 6354] <... setpgid resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6355 [pid 6355] set_robust_list(0x5555934ed660, 24 [pid 5830] <... openat resumed>) = 3 [pid 6355] <... set_robust_list resumed>) = 0 [pid 6354] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6355] chdir("./101" [pid 6354] write(3, "1000", 4 [pid 5830] <... ioctl resumed>) = 0 [pid 6354] <... write resumed>) = 4 [pid 5830] close(3 [pid 6354] close(3) = 0 [pid 5830] <... close resumed>) = 0 [pid 6354] symlink("/dev/binderfs", "./binderfs" [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6356 attached [pid 6355] <... chdir resumed>) = 0 [pid 6354] <... symlink resumed>) = 0 [pid 6352] <... sync resumed>) = 0 [pid 6355] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6356 [pid 6355] <... prctl resumed>) = 0 [pid 6355] setpgid(0, 0 [pid 6354] write(1, "executing program\n", 18 [pid 6355] <... setpgid resumed>) = 0 [pid 6354] <... write resumed>) = 18 [pid 6355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6354] memfd_create("syzkaller", 0 [pid 6352] exit_group(0 [pid 6355] <... openat resumed>) = 3 [pid 6354] <... memfd_create resumed>) = 3 [pid 6354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 executing program [pid 6354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6352] <... exit_group resumed>) = ? [pid 6356] set_robust_list(0x5555934ed660, 24 [pid 6355] write(3, "1000", 4 [pid 6356] <... set_robust_list resumed>) = 0 [pid 6355] <... write resumed>) = 4 [pid 6356] chdir("./103" [pid 6355] close(3) = 0 [pid 6355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6355] write(1, "executing program\n", 18 [pid 6352] +++ exited with 0 +++ [pid 6355] <... write resumed>) = 18 [pid 6355] memfd_create("syzkaller", 0 [pid 6353] <... ioctl resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6355] <... memfd_create resumed>) = 3 [pid 6353] close(3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6356] <... chdir resumed>) = 0 [pid 6355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6353] <... close resumed>) = 0 [pid 6356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6355] <... mmap resumed>) = 0x7ff1eb400000 [pid 6353] close(4 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6353] <... close resumed>) = 0 [pid 6353] mkdir("./file1", 0777) = 0 [pid 6356] setpgid(0, 0 [pid 6354] <... write resumed>) = 524288 [pid 5831] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6356] <... setpgid resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6353] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6356] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6356] write(3, "1000", 4 [pid 5831] getdents64(3, [pid 6356] <... write resumed>) = 4 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [ 136.554210][ T6353] loop4: detected capacity change from 0 to 1024 [pid 6356] close(3 [pid 6355] <... write resumed>) = 524288 [pid 5831] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6356] <... close resumed>) = 0 [pid 6356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6356] write(1, "executing program\n", 18executing program ) = 18 [pid 6356] memfd_create("syzkaller", 0 [pid 6353] <... mount resumed>) = 0 [pid 6354] munmap(0x7ff1eb400000, 138412032 [pid 6356] <... memfd_create resumed>) = 3 [pid 6354] <... munmap resumed>) = 0 [pid 6356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6354] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6356] <... mmap resumed>) = 0x7ff1eb400000 [pid 6354] <... openat resumed>) = 4 [pid 6356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6354] ioctl(4, LOOP_SET_FD, 3 [pid 6355] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6356] <... write resumed>) = 524288 [pid 6353] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6353] chdir("./file1" [pid 6355] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6353] <... chdir resumed>) = 0 [pid 6355] <... openat resumed>) = 4 [pid 6356] munmap(0x7ff1eb400000, 138412032 [pid 6355] ioctl(4, LOOP_SET_FD, 3 [pid 6353] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = 0 [pid 6356] <... munmap resumed>) = 0 [pid 6353] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6353] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6356] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6356] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6356] ioctl(4, LOOP_SET_FD, 3 [pid 5831] newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6354] <... ioctl resumed>) = 0 [pid 6354] close(3) = 0 [pid 6354] close(4 [pid 5831] umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 6354] <... close resumed>) = 0 [pid 6353] <... link resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6354] mkdir("./file1", 0777 [pid 5831] getdents64(4, [pid 6354] <... mkdir resumed>) = 0 [pid 6353] sync( [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6354] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] close(4) = 0 [pid 6355] <... ioctl resumed>) = 0 [pid 5831] rmdir("./93/file1") = 0 [pid 5831] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./93/binderfs") = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 6355] close(3 [pid 5831] rmdir("./93" [pid 6355] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6355] close(4 [pid 5831] mkdir("./94", 0777 [pid 6355] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6355] mkdir("./file1", 0777) = 0 [pid 6356] <... ioctl resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6355] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... openat resumed>) = 3 [pid 6356] close(3) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6356] close(4 [pid 5831] <... ioctl resumed>) = 0 [pid 6356] <... close resumed>) = 0 [ 136.631166][ T6354] loop0: detected capacity change from 0 to 1024 [ 136.652023][ T6355] loop1: detected capacity change from 0 to 1024 [ 136.663082][ T6356] loop2: detected capacity change from 0 to 1024 [pid 5831] close(3 [pid 6356] mkdir("./file1", 0777) = 0 [pid 6356] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6357 attached , child_tidptr=0x5555934ed650) = 6357 [pid 6357] set_robust_list(0x5555934ed660, 24) = 0 [pid 6357] chdir("./94") = 0 [pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6355] <... mount resumed>) = 0 [pid 6354] <... mount resumed>) = 0 [pid 6355] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6357] <... prctl resumed>) = 0 [pid 6356] <... mount resumed>) = 0 [pid 6355] <... openat resumed>) = 3 [pid 6354] <... openat resumed>) = 3 [pid 6357] setpgid(0, 0 [pid 6356] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6355] chdir("./file1" [pid 6354] chdir("./file1" [pid 6357] <... setpgid resumed>) = 0 [pid 6356] <... openat resumed>) = 3 [pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6354] <... chdir resumed>) = 0 [pid 6356] chdir("./file1" [pid 6355] <... chdir resumed>) = 0 [pid 6354] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6356] <... chdir resumed>) = 0 [pid 6355] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6354] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6355] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6357] <... openat resumed>) = 3 [pid 6354] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6355] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6357] write(3, "1000", 4 [pid 6356] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6357] <... write resumed>) = 4 [pid 6356] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6357] close(3) = 0 [pid 6357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6356] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"executing program [pid 6357] write(1, "executing program\n", 18) = 18 [pid 6357] memfd_create("syzkaller", 0) = 3 [pid 6357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6354] <... link resumed>) = 0 [pid 6355] <... link resumed>) = 0 [pid 6354] sync( [pid 6355] sync( [pid 6357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6356] <... link resumed>) = 0 [pid 6353] <... sync resumed>) = 0 [pid 6357] <... write resumed>) = 524288 [pid 6353] exit_group(0 [pid 6357] munmap(0x7ff1eb400000, 138412032 [pid 6356] sync( [pid 6353] <... exit_group resumed>) = ? [pid 6357] <... munmap resumed>) = 0 [pid 6353] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6353, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6357] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6355] <... sync resumed>) = 0 [pid 6354] <... sync resumed>) = 0 [pid 6357] <... openat resumed>) = 4 [pid 6355] exit_group(0) = ? [pid 6354] exit_group(0 [pid 6357] ioctl(4, LOOP_SET_FD, 3 [pid 6355] +++ exited with 0 +++ [pid 6354] <... exit_group resumed>) = ? [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6355, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6354] +++ exited with 0 +++ [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6354, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] <... restart_syscall resumed>) = 0 [pid 6356] <... sync resumed>) = 0 [pid 5832] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6356] exit_group(0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6356] <... exit_group resumed>) = ? [pid 5828] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6356] +++ exited with 0 +++ [pid 5832] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6356, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] newfstatat(3, "", [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5830] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5828] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = 0 [pid 5832] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6357] <... ioctl resumed>) = 0 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6357] close(3 [pid 5832] getdents64(4, [pid 6357] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6357] close(4 [pid 5832] getdents64(4, [pid 6357] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6357] mkdir("./file1", 0777 [pid 5832] close(4 [pid 6357] <... mkdir resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./102/file1") = 0 [pid 6357] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./102/binderfs") = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./102") = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [ 136.868045][ T6357] loop3: detected capacity change from 0 to 1024 [pid 5828] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] mkdir("./103", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./102/file1", [pid 5832] <... mkdir resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./103/file1", [pid 5829] newfstatat(AT_FDCWD, "./101/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6357] <... mount resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6357] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6357] chdir("./file1" [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... openat resumed>) = 4 [pid 6357] <... chdir resumed>) = 0 [pid 6357] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 5829] <... openat resumed>) = 4 [pid 5828] newfstatat(4, "", [pid 6357] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] newfstatat(4, "", [pid 5829] newfstatat(4, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] getdents64(4, [pid 6357] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... ioctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5828] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, [pid 5832] close(3 [pid 5830] getdents64(4, [pid 5829] getdents64(4, [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5830] close(4 [pid 5829] close(4 [pid 5828] rmdir("./102/file1") = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] rmdir("./101/file1" [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6358 attached [pid 5830] rmdir("./103/file1" [pid 5829] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6358] set_robust_list(0x5555934ed660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6358 [pid 6358] <... set_robust_list resumed>) = 0 [pid 6358] chdir("./103") = 0 [pid 6358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6358] setpgid(0, 0) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5828] newfstatat(AT_FDCWD, "./102/binderfs", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6358] <... openat resumed>) = 3 [pid 5830] newfstatat(AT_FDCWD, "./103/binderfs", [pid 5829] unlink("./101/binderfs" [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6357] <... link resumed>) = 0 [pid 6357] sync( [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5828] unlink("./102/binderfs" [pid 6358] write(3, "1000", 4 [pid 5830] unlink("./103/binderfs" [pid 5829] getdents64(3, [pid 6358] <... write resumed>) = 4 [pid 6358] close(3) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5829] close(3 [pid 5828] getdents64(3, [pid 6358] write(1, "executing program\n", 18 [pid 5829] <... close resumed>) = 0 [pid 5830] getdents64(3, [pid 5829] rmdir("./101" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 executing program [pid 6358] <... write resumed>) = 18 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] close(3 [pid 6357] <... sync resumed>) = 0 [pid 6357] exit_group(0 [pid 5830] close(3 [pid 5829] mkdir("./102", 0777 [pid 5828] <... close resumed>) = 0 [pid 6357] <... exit_group resumed>) = ? [pid 6358] memfd_create("syzkaller", 0) = 3 [pid 6358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6357] +++ exited with 0 +++ [pid 5830] <... close resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] rmdir("./102" [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6357, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5830] rmdir("./103" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5830] mkdir("./104", 0777 [pid 5829] <... ioctl resumed>) = 0 [pid 5831] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 5829] close(3 [pid 5828] mkdir("./103", 0777 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6359 attached [pid 6358] <... write resumed>) = 524288 [pid 5831] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... mkdir resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5830] <... openat resumed>) = 3 [pid 6359] set_robust_list(0x5555934ed660, 24 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6359 [pid 6359] <... set_robust_list resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... ioctl resumed>) = 0 [pid 6359] chdir("./102" [pid 5831] getdents64(3, [pid 5830] close(3 [pid 5828] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... close resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6359] <... chdir resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6360 attached [pid 6359] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] close(3 [pid 6360] set_robust_list(0x5555934ed660, 24 [pid 6359] <... prctl resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6360 [pid 5828] <... close resumed>) = 0 [pid 6358] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6358] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6359] setpgid(0, 0 [pid 6358] <... openat resumed>) = 4 [pid 6358] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6358] ioctl(4, LOOP_CLR_FD) = 0 [pid 6360] <... set_robust_list resumed>) = 0 [pid 6359] <... setpgid resumed>) = 0 [pid 6358] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6358] close(4) = 0 [pid 6358] close(3./strace-static-x86_64: Process 6361 attached [pid 6360] chdir("./104" [pid 6359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6358] <... close resumed>) = 0 [pid 6360] <... chdir resumed>) = 0 [pid 6358] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6361 [pid 6359] <... openat resumed>) = 3 [pid 6358] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6360] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6359] write(3, "1000", 4 [pid 6358] sync( [pid 6361] set_robust_list(0x5555934ed660, 24 [pid 6360] <... prctl resumed>) = 0 [pid 6359] <... write resumed>) = 4 [pid 6361] <... set_robust_list resumed>) = 0 [pid 6360] setpgid(0, 0 [pid 6359] close(3 [pid 6361] chdir("./103" [pid 6360] <... setpgid resumed>) = 0 [pid 6359] <... close resumed>) = 0 [pid 6361] <... chdir resumed>) = 0 [pid 6359] symlink("/dev/binderfs", "./binderfs" [pid 6361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6361] setpgid(0, 0 [pid 6360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6361] <... setpgid resumed>) = 0 [pid 6361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6359] <... symlink resumed>) = 0 [pid 6361] <... openat resumed>) = 3 [pid 6360] <... openat resumed>) = 3 [pid 6361] write(3, "1000", 4) = 4 [pid 6361] close(3) = 0 [pid 6360] write(3, "1000", 4 [pid 6359] write(1, "executing program\n", 18 [pid 5831] <... umount2 resumed>) = 0 [pid 6361] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6361] write(1, "executing program\n", 18 [pid 6359] <... write resumed>) = 18 [pid 6360] <... write resumed>) = 4 [pid 6360] close(3executing program [pid 6361] <... write resumed>) = 18 [pid 6360] <... close resumed>) = 0 [pid 6359] memfd_create("syzkaller", 0 [pid 6361] memfd_create("syzkaller", 0 [pid 6360] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6361] <... memfd_create resumed>) = 3 [pid 6360] <... symlink resumed>) = 0 [pid 6359] <... memfd_create resumed>) = 3 [pid 6358] <... sync resumed>) = 0 executing program [pid 5831] newfstatat(AT_FDCWD, "./94/file1", [pid 6360] write(1, "executing program\n", 18 [pid 6359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6360] <... write resumed>) = 18 [pid 6360] memfd_create("syzkaller", 0 [pid 6359] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6358] exit_group(0 [pid 6361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6358] <... exit_group resumed>) = ? [pid 6361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6360] <... memfd_create resumed>) = 3 [pid 6359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... openat resumed>) = 4 [pid 6360] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] newfstatat(4, "", [pid 6360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6358] +++ exited with 0 +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6358, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(4 [pid 5832] <... openat resumed>) = 3 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./94/file1" [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5832] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./103/binderfs") = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./103") = 0 [pid 5832] mkdir("./104", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 6361] <... write resumed>) = 524288 [pid 6360] <... write resumed>) = 524288 [pid 6359] <... write resumed>) = 524288 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6361] munmap(0x7ff1eb400000, 138412032 [pid 6360] munmap(0x7ff1eb400000, 138412032 [pid 5832] close(3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6359] munmap(0x7ff1eb400000, 138412032 [pid 5831] newfstatat(AT_FDCWD, "./94/binderfs", [pid 6361] <... munmap resumed>) = 0 [pid 6360] <... munmap resumed>) = 0 [pid 6359] <... munmap resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6359] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] unlink("./94/binderfs" [pid 6361] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6360] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6359] <... openat resumed>) = 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... unlink resumed>) = 0 [pid 6361] <... openat resumed>) = 4 [pid 6360] <... openat resumed>) = 4 [pid 6359] ioctl(4, LOOP_SET_FD, 3 [pid 5831] getdents64(3, ./strace-static-x86_64: Process 6362 attached [pid 6361] ioctl(4, LOOP_SET_FD, 3 [pid 6362] set_robust_list(0x5555934ed660, 24 [pid 6361] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6361] ioctl(4, LOOP_CLR_FD) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6362 [pid 6362] <... set_robust_list resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6361] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6361] close(4) = 0 [pid 6361] close(3 [pid 5831] close(3 [pid 6360] ioctl(4, LOOP_SET_FD, 3 [pid 6362] chdir("./104") = 0 [pid 6359] <... ioctl resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6362] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6359] close(3 [pid 5831] rmdir("./94" [pid 6362] <... prctl resumed>) = 0 [pid 6359] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6359] close(4 [pid 6362] setpgid(0, 0) = 0 [pid 6359] <... close resumed>) = 0 [pid 6359] mkdir("./file1", 0777 [pid 6362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6361] <... close resumed>) = 0 [pid 5831] mkdir("./95", 0777 [pid 6362] <... openat resumed>) = 3 [pid 6361] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6359] <... mkdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6362] write(3, "1000", 4 [pid 6361] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6362] <... write resumed>) = 4 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6361] sync( [pid 6362] close(3 [pid 6360] <... ioctl resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6362] <... close resumed>) = 0 [pid 6359] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6362] symlink("/dev/binderfs", "./binderfs" [pid 6360] close(3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 6360] <... close resumed>) = 0 [pid 6362] <... symlink resumed>) = 0 [pid 6360] close(4) = 0 [pid 6360] mkdir("./file1", 0777 [pid 5831] close(3executing program [pid 6362] write(1, "executing program\n", 18 [pid 6360] <... mkdir resumed>) = 0 [pid 6362] <... write resumed>) = 18 [pid 6360] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6362] memfd_create("syzkaller", 0) = 3 [pid 5831] <... close resumed>) = 0 [pid 6362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6363 attached [pid 6362] <... mmap resumed>) = 0x7ff1eb400000 [pid 6362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6363] set_robust_list(0x5555934ed660, 24) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6363 [pid 6363] chdir("./95") = 0 [pid 6363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6363] setpgid(0, 0) = 0 [pid 6363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 137.184780][ T6359] loop1: detected capacity change from 0 to 1024 [ 137.210261][ T6360] loop2: detected capacity change from 0 to 1024 [pid 6363] write(3, "1000", 4) = 4 [pid 6363] close(3) = 0 [pid 6363] symlink("/dev/binderfs", "./binderfs" [pid 6360] <... mount resumed>) = 0 [pid 6359] <... mount resumed>) = 0 [pid 6363] <... symlink resumed>) = 0 [pid 6360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6359] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORYexecuting program [pid 6363] write(1, "executing program\n", 18 [pid 6360] <... openat resumed>) = 3 [pid 6359] <... openat resumed>) = 3 [pid 6363] <... write resumed>) = 18 [pid 6362] <... write resumed>) = 524288 [pid 6360] chdir("./file1" [pid 6359] chdir("./file1" [pid 6360] <... chdir resumed>) = 0 [pid 6359] <... chdir resumed>) = 0 [pid 6363] memfd_create("syzkaller", 0 [pid 6360] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6363] <... memfd_create resumed>) = 3 [pid 6362] munmap(0x7ff1eb400000, 138412032 [pid 6360] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6359] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6361] <... sync resumed>) = 0 [pid 6360] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6363] <... mmap resumed>) = 0x7ff1eb400000 [pid 6362] <... munmap resumed>) = 0 [pid 6361] exit_group(0 [pid 6359] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6359] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6361] <... exit_group resumed>) = ? [pid 6362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6361] +++ exited with 0 +++ [pid 6362] <... openat resumed>) = 4 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6361, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6362] ioctl(4, LOOP_SET_FD, 3 [pid 6363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6362] <... ioctl resumed>) = 0 [pid 6360] <... link resumed>) = 0 [pid 6359] <... link resumed>) = 0 [pid 5828] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6360] sync( [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6359] sync( [pid 5828] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6363] <... write resumed>) = 524288 [pid 6362] close(3 [pid 5828] <... openat resumed>) = 3 [pid 6363] munmap(0x7ff1eb400000, 138412032 [pid 6362] <... close resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6363] <... munmap resumed>) = 0 [pid 6362] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6362] <... close resumed>) = 0 [pid 6362] mkdir("./file1", 0777 [pid 5828] getdents64(3, [pid 6363] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6363] <... openat resumed>) = 4 [pid 5828] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6363] ioctl(4, LOOP_SET_FD, 3 [pid 6362] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 137.313406][ T6362] loop4: detected capacity change from 0 to 1024 [pid 5828] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./103/binderfs" [pid 6362] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... unlink resumed>) = 0 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./103") = 0 [pid 6360] <... sync resumed>) = 0 [pid 6360] exit_group(0) = ? [pid 5828] mkdir("./104", 0777 [pid 6360] +++ exited with 0 +++ [pid 5828] <... mkdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6360, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6362] <... mount resumed>) = 0 [pid 6362] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6359] <... sync resumed>) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6362] <... openat resumed>) = 3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6362] chdir("./file1" [pid 5830] <... openat resumed>) = 3 [pid 6362] <... chdir resumed>) = 0 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6359] exit_group(0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6362] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6359] <... exit_group resumed>) = ? [pid 5830] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6359] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6359, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5828] <... openat resumed>) = 3 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... umount2 resumed>) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6362] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 5830] newfstatat(AT_FDCWD, "./104/file1", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] getdents64(3, [pid 5830] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] <... close resumed>) = 0 [pid 5829] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6364 attached [pid 5830] openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6364] set_robust_list(0x5555934ed660, 24 [ 137.366133][ T6363] loop3: detected capacity change from 0 to 1024 [pid 5830] newfstatat(4, "", [pid 6364] <... set_robust_list resumed>) = 0 [pid 6363] <... ioctl resumed>) = 0 [pid 6362] <... link resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6364 [pid 6362] sync( [pid 5829] <... umount2 resumed>) = 0 [pid 5829] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6363] close(3 [pid 5830] getdents64(4, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./102/file1", [pid 6364] chdir("./104" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6363] <... close resumed>) = 0 [pid 6364] <... chdir resumed>) = 0 [pid 6363] close(4 [pid 5830] getdents64(4, [pid 5829] umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6364] <... prctl resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6364] setpgid(0, 0 [pid 5829] <... openat resumed>) = 4 [pid 6364] <... setpgid resumed>) = 0 [pid 6363] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] newfstatat(4, "", [pid 6363] mkdir("./file1", 0777 [pid 5830] close(4 [pid 6364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6363] <... mkdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6364] <... openat resumed>) = 3 [pid 6363] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] rmdir("./104/file1" [pid 5829] getdents64(4, [pid 6364] write(3, "1000", 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6364] <... write resumed>) = 4 [pid 5829] getdents64(4, [pid 6364] close(3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6364] <... close resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] close(4 [pid 6364] symlink("/dev/binderfs", "./binderfs" [pid 5829] <... close resumed>) = 0 [pid 6364] <... symlink resumed>) = 0 [pid 5830] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] rmdir("./102/file1" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 6364] write(1, "executing program\n", 18 [pid 5830] newfstatat(AT_FDCWD, "./104/binderfs", [pid 5829] <... rmdir resumed>) = 0 [pid 6364] <... write resumed>) = 18 [pid 6364] memfd_create("syzkaller", 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6364] <... memfd_create resumed>) = 3 [pid 5830] unlink("./104/binderfs" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] newfstatat(AT_FDCWD, "./102/binderfs", [pid 6364] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] <... unlink resumed>) = 0 [pid 6364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] getdents64(3, [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3 [pid 5829] unlink("./102/binderfs" [pid 5830] <... close resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5830] rmdir("./104" [pid 5829] getdents64(3, [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./105", 0777 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./102" [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./103", 0777 [pid 6364] <... write resumed>) = 524288 [pid 6363] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6363] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6362] <... sync resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... mkdir resumed>) = 0 [pid 6363] <... openat resumed>) = 3 [pid 6362] exit_group(0) = ? [pid 6363] chdir("./file1" [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6364] munmap(0x7ff1eb400000, 138412032 [pid 6363] <... chdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... ioctl resumed>) = 0 [pid 6364] <... munmap resumed>) = 0 [pid 6363] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6362] +++ exited with 0 +++ [pid 5830] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6362, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... ioctl resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5829] close(3 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6363] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6364] <... openat resumed>) = 4 [pid 6363] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6364] ioctl(4, LOOP_SET_FD, 3 [pid 5832] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6365 attached [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6365] set_robust_list(0x5555934ed660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6365 [pid 6365] <... set_robust_list resumed>) = 0 [pid 6365] chdir("./105"./strace-static-x86_64: Process 6366 attached ) = 0 [pid 6365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6365] setpgid(0, 0 [pid 6366] set_robust_list(0x5555934ed660, 24 [pid 6365] <... setpgid resumed>) = 0 [pid 6363] <... link resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6366 [pid 6365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6363] sync( [pid 6365] <... openat resumed>) = 3 [pid 6366] <... set_robust_list resumed>) = 0 [pid 6365] write(3, "1000", 4 [pid 6366] chdir("./103" [pid 6365] <... write resumed>) = 4 [pid 6366] <... chdir resumed>) = 0 [pid 6365] close(3 [pid 6366] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6365] <... close resumed>) = 0 [pid 6366] <... prctl resumed>) = 0 [pid 6365] symlink("/dev/binderfs", "./binderfs" [pid 6366] setpgid(0, 0 [pid 6365] <... symlink resumed>) = 0 [pid 6366] <... setpgid resumed>) = 0 executing program [pid 6366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6365] write(1, "executing program\n", 18 [pid 6364] <... ioctl resumed>) = 0 [pid 6365] <... write resumed>) = 18 [pid 6365] memfd_create("syzkaller", 0 [pid 6364] close(3 [pid 5832] <... umount2 resumed>) = 0 [pid 6366] <... openat resumed>) = 3 [pid 6365] <... memfd_create resumed>) = 3 [pid 6364] <... close resumed>) = 0 [pid 6366] write(3, "1000", 4 [pid 6365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6364] close(4 [pid 5832] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6365] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6364] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6364] mkdir("./file1", 0777 [pid 5832] openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6366] <... write resumed>) = 4 [pid 6364] <... mkdir resumed>) = 0 [pid 6363] <... sync resumed>) = 0 [pid 5832] getdents64(4, [pid 6366] close(3 [pid 6364] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6363] exit_group(0) = ? [pid 6366] <... close resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [ 137.533763][ T6364] loop0: detected capacity change from 0 to 1024 [pid 6366] symlink("/dev/binderfs", "./binderfs"executing program [pid 5832] getdents64(4, [pid 6366] <... symlink resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6366] write(1, "executing program\n", 18 [pid 5832] close(4 [pid 6366] <... write resumed>) = 18 [pid 5832] <... close resumed>) = 0 [pid 5832] rmdir("./104/file1" [pid 6366] memfd_create("syzkaller", 0 [pid 6364] <... mount resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 6366] <... memfd_create resumed>) = 3 [pid 6365] <... write resumed>) = 524288 [pid 6364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6363] +++ exited with 0 +++ [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6364] <... openat resumed>) = 3 [pid 6366] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6365] munmap(0x7ff1eb400000, 138412032 [pid 6364] chdir("./file1" [pid 5832] newfstatat(AT_FDCWD, "./104/binderfs", [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6363, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6364] <... chdir resumed>) = 0 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6364] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] unlink("./104/binderfs") = 0 [pid 5831] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(3, [pid 5831] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./104") = 0 [pid 5832] mkdir("./105", 0777) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6365] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6367 attached [pid 6367] set_robust_list(0x5555934ed660, 24) = 0 [pid 6367] chdir("./105" [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6367 [pid 6367] <... chdir resumed>) = 0 [pid 6367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6367] setpgid(0, 0 [pid 6365] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6365] ioctl(4, LOOP_SET_FD, 3 [pid 6367] <... setpgid resumed>) = 0 [pid 6367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6366] <... write resumed>) = 524288 [pid 6364] <... link resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 6366] munmap(0x7ff1eb400000, 138412032 [pid 6365] <... ioctl resumed>) = 0 [pid 6364] sync(executing program [pid 6367] write(3, "1000", 4 [pid 5831] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6367] <... write resumed>) = 4 [pid 6366] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6367] close(3 [pid 5831] newfstatat(AT_FDCWD, "./95/file1", [pid 6367] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6367] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6367] <... symlink resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6367] write(1, "executing program\n", 18 [pid 5831] newfstatat(4, "", [pid 6367] <... write resumed>) = 18 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6367] memfd_create("syzkaller", 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 6367] <... memfd_create resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] close(4 [pid 6367] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./95/file1" [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6365] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 5831] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./95/binderfs") = 0 [ 137.644310][ T6365] loop2: detected capacity change from 0 to 1024 [pid 6367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] getdents64(3, [pid 6366] <... openat resumed>) = 4 [pid 6365] <... close resumed>) = 0 [pid 6366] ioctl(4, LOOP_SET_FD, 3 [pid 6365] close(4 [pid 6364] <... sync resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6367] <... write resumed>) = 524288 [pid 6364] exit_group(0 [pid 5831] close(3 [pid 6365] <... close resumed>) = 0 [pid 6364] <... exit_group resumed>) = ? [pid 5831] <... close resumed>) = 0 [pid 6365] mkdir("./file1", 0777) = 0 [pid 6364] +++ exited with 0 +++ [pid 5831] rmdir("./95" [pid 6365] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... rmdir resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6364, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] mkdir("./96", 0777 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 6365] <... mount resumed>) = 0 [pid 6365] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6365] chdir("./file1" [pid 5828] <... restart_syscall resumed>) = 0 [pid 5831] close(3) = 0 [pid 5828] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6367] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6365] <... chdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6365] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 6365] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6365] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6366] <... ioctl resumed>) = 0 [pid 5828] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6367] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6367] ioctl(4, LOOP_SET_FD, 3 [pid 6366] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6366] close(4./strace-static-x86_64: Process 6368 attached ) = 0 [pid 6368] set_robust_list(0x5555934ed660, 24 [pid 6366] mkdir("./file1", 0777 [pid 6368] <... set_robust_list resumed>) = 0 [pid 6368] chdir("./96" [pid 6366] <... mkdir resumed>) = 0 [pid 6366] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6368 [pid 6368] <... chdir resumed>) = 0 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6368] setpgid(0, 0) = 0 [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6365] <... link resumed>) = 0 [pid 6368] <... openat resumed>) = 3 [pid 6368] write(3, "1000", 4 [pid 6365] sync( [pid 6368] <... write resumed>) = 4 [pid 6368] close(3) = 0 [pid 6368] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6368] write(1, "executing program\n", 18) = 18 [ 137.691225][ T6366] loop1: detected capacity change from 0 to 1024 [pid 6368] memfd_create("syzkaller", 0) = 3 [pid 6366] <... mount resumed>) = 0 [pid 5828] <... umount2 resumed>) = 0 [pid 6368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./104/file1", [pid 6366] chdir("./file1" [pid 6367] <... ioctl resumed>) = 0 [pid 6367] close(3) = 0 [pid 6367] close(4) = 0 [pid 6367] mkdir("./file1", 0777) = 0 [pid 6366] <... chdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6366] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6366] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6365] <... sync resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6367] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] newfstatat(4, "", [pid 6365] exit_group(0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6368] <... write resumed>) = 524288 [pid 5828] getdents64(4, [pid 6365] <... exit_group resumed>) = ? [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 6368] munmap(0x7ff1eb400000, 138412032 [pid 5828] rmdir("./104/file1" [pid 6368] <... munmap resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6367] <... mount resumed>) = 0 [pid 5828] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6366] <... link resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6367] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6366] sync( [ 137.751826][ T6367] loop4: detected capacity change from 0 to 1024 [pid 5828] newfstatat(AT_FDCWD, "./104/binderfs", [pid 6368] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6367] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6365] +++ exited with 0 +++ [pid 6368] <... openat resumed>) = 4 [pid 5828] unlink("./104/binderfs" [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6365, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6368] ioctl(4, LOOP_SET_FD, 3 [pid 6367] chdir("./file1" [pid 5830] <... restart_syscall resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6367] <... chdir resumed>) = 0 [pid 5828] getdents64(3, [pid 6367] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6367] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 6367] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] rmdir("./104" [pid 5830] <... openat resumed>) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5828] <... rmdir resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] mkdir("./105", 0777 [pid 5830] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6368] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6369 attached [pid 6366] <... sync resumed>) = 0 [pid 6368] close(3) = 0 [pid 6368] close(4) = 0 [pid 6368] mkdir("./file1", 0777) = 0 [pid 6368] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6369] set_robust_list(0x5555934ed660, 24 [pid 6367] <... link resumed>) = 0 [pid 6366] exit_group(0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6369 [ 137.814756][ T6368] loop3: detected capacity change from 0 to 1024 [pid 6367] sync( [pid 6369] <... set_robust_list resumed>) = 0 [pid 6368] <... mount resumed>) = 0 [pid 6366] <... exit_group resumed>) = ? [pid 5830] <... umount2 resumed>) = 0 [pid 6369] chdir("./105" [pid 6368] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6369] <... chdir resumed>) = 0 [pid 6368] <... openat resumed>) = 3 [pid 6368] chdir("./file1" [pid 6369] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6368] <... chdir resumed>) = 0 [pid 6366] +++ exited with 0 +++ [pid 6368] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6366, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6369] <... prctl resumed>) = 0 [pid 6368] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6369] setpgid(0, 0 [pid 6368] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6367] <... sync resumed>) = 0 [pid 5830] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6369] <... setpgid resumed>) = 0 [pid 6369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... openat resumed>) = 3 [pid 6367] exit_group(0 [pid 5830] newfstatat(AT_FDCWD, "./105/file1", [pid 6369] write(3, "1000", 4) = 4 [pid 6367] <... exit_group resumed>) = ? [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6369] close(3) = 0 [pid 6367] +++ exited with 0 +++ [pid 5830] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6369] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6367, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] write(1, "executing program\n", 18) = 18 [pid 5830] openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6369] memfd_create("syzkaller", 0 [pid 6368] <... link resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... memfd_create resumed>) = 3 [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6368] sync( [pid 5832] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] newfstatat(4, "", [pid 5829] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6369] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5832] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] getdents64(4, [pid 5829] newfstatat(3, "", [pid 5832] <... openat resumed>) = 3 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] newfstatat(3, "", [pid 5830] getdents64(4, [pid 5829] getdents64(3, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] getdents64(3, [pid 5830] close(4 [pid 5829] umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... close resumed>) = 0 [pid 5832] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] rmdir("./105/file1") = 0 [pid 6369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 5830] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./105/binderfs", [pid 5829] <... umount2 resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./105/file1", [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./105/binderfs" [pid 5832] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... unlink resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... write resumed>) = 524288 [pid 6368] <... sync resumed>) = 0 [pid 5830] getdents64(3, [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./103/file1", [pid 6368] exit_group(0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6368] <... exit_group resumed>) = ? [pid 5829] umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] close(3 [pid 5829] openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5830] rmdir("./105" [pid 5829] newfstatat(4, "", [pid 6368] +++ exited with 0 +++ [pid 5830] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6368, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] getdents64(4, [pid 5832] <... openat resumed>) = 4 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5830] mkdir("./106", 0777 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] newfstatat(4, "", [pid 5830] <... mkdir resumed>) = 0 [pid 5829] getdents64(4, [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] getdents64(4, [pid 5829] close(4 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] rmdir("./103/file1" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] close(4 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... close resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./105/file1" [pid 5830] close(3 [pid 5829] newfstatat(AT_FDCWD, "./103/binderfs", [pid 6369] munmap(0x7ff1eb400000, 138412032 [pid 5832] <... rmdir resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] unlink("./103/binderfs" [pid 6369] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6370 attached [pid 5831] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] getdents64(3, [pid 5832] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(3, "", [pid 5829] close(3 [pid 5832] newfstatat(AT_FDCWD, "./105/binderfs", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] getdents64(3, [pid 5829] rmdir("./103" [pid 6370] set_robust_list(0x5555934ed660, 24 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] unlink("./105/binderfs" [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6370 [pid 5829] <... rmdir resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5831] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] mkdir("./104", 0777) = 0 [pid 6370] <... set_robust_list resumed>) = 0 [pid 6369] <... openat resumed>) = 4 [pid 5832] getdents64(3, [pid 5831] <... umount2 resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6369] ioctl(4, LOOP_SET_FD, 3 [pid 6370] chdir("./106" [pid 5832] close(3 [pid 5829] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6370] <... chdir resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] getdents64(4, [pid 5832] rmdir("./105" [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... ioctl resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] close(3 [pid 5831] getdents64(4, [pid 5829] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] close(4 [pid 5832] mkdir("./106", 0777 [pid 5831] <... close resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] rmdir("./96/file1"./strace-static-x86_64: Process 6371 attached ) = 0 [pid 6370] <... prctl resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6371 [pid 5831] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6370] setpgid(0, 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] newfstatat(AT_FDCWD, "./96/binderfs", [pid 6370] <... setpgid resumed>) = 0 [pid 6371] set_robust_list(0x5555934ed660, 24 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6371] <... set_robust_list resumed>) = 0 [pid 6370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... ioctl resumed>) = 0 [pid 5831] unlink("./96/binderfs" [pid 6371] chdir("./104" [pid 5832] close(3 [pid 5831] <... unlink resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 6370] <... openat resumed>) = 3 [pid 6371] <... chdir resumed>) = 0 [pid 6370] write(3, "1000", 4 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6372 attached [pid 6371] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6370] <... write resumed>) = 4 [pid 5831] close(3 [pid 6371] <... prctl resumed>) = 0 [pid 6370] close(3 [pid 5831] <... close resumed>) = 0 executing program [pid 6372] set_robust_list(0x5555934ed660, 24 [pid 6371] setpgid(0, 0 [pid 6370] <... close resumed>) = 0 [pid 5831] rmdir("./96" [pid 6371] <... setpgid resumed>) = 0 [pid 6370] symlink("/dev/binderfs", "./binderfs" [pid 6369] <... ioctl resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6370] <... symlink resumed>) = 0 [pid 6372] <... set_robust_list resumed>) = 0 [pid 6370] write(1, "executing program\n", 18 [pid 6369] close(3 [pid 6372] chdir("./106" [pid 6370] <... write resumed>) = 18 [pid 5831] mkdir("./97", 0777 [pid 6372] <... chdir resumed>) = 0 [pid 6371] <... openat resumed>) = 3 [pid 6370] memfd_create("syzkaller", 0 [pid 6369] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 6372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6371] write(3, "1000", 4 [pid 6370] <... memfd_create resumed>) = 3 [pid 6369] close(4 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6372 [pid 6372] <... prctl resumed>) = 0 [pid 6371] <... write resumed>) = 4 [pid 6372] setpgid(0, 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6369] <... close resumed>) = 0 [pid 6372] <... setpgid resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 6372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6371] close(3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6371] <... close resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 6371] symlink("/dev/binderfs", "./binderfs" [pid 5831] close(3executing program [pid 6372] <... openat resumed>) = 3 [pid 6371] <... symlink resumed>) = 0 [pid 6370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6369] mkdir("./file1", 0777 [pid 6372] write(3, "1000", 4 [pid 6371] write(1, "executing program\n", 18 [pid 6370] <... mmap resumed>) = 0x7ff1eb400000 [pid 6372] <... write resumed>) = 4 [pid 6371] <... write resumed>) = 18 [pid 6372] close(3 [pid 6371] memfd_create("syzkaller", 0 [pid 6369] <... mkdir resumed>) = 0 [pid 6372] <... close resumed>) = 0 [pid 6371] <... memfd_create resumed>) = 3 [pid 6372] symlink("/dev/binderfs", "./binderfs" [ 137.999928][ T6369] loop0: detected capacity change from 0 to 1024 [pid 6371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 6372] <... symlink resumed>) = 0 [pid 6371] <... mmap resumed>) = 0x7ff1eb400000 [pid 6370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6369] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6372] write(1, "executing program\n", 18) = 18 [pid 6372] memfd_create("syzkaller", 0) = 3 [pid 6372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... close resumed>) = 0 [pid 6372] <... write resumed>) = 524288 [pid 6370] <... write resumed>) = 524288 [pid 6369] <... mount resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6369] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 6373 attached [pid 6373] set_robust_list(0x5555934ed660, 24 [pid 6371] <... write resumed>) = 524288 [pid 6373] <... set_robust_list resumed>) = 0 [pid 6369] chdir("./file1" [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6373 [pid 6373] chdir("./97" [pid 6369] <... chdir resumed>) = 0 [pid 6373] <... chdir resumed>) = 0 [pid 6371] munmap(0x7ff1eb400000, 138412032 [pid 6373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6371] <... munmap resumed>) = 0 [pid 6373] <... prctl resumed>) = 0 [pid 6371] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6373] setpgid(0, 0 [pid 6371] <... openat resumed>) = 4 [pid 6373] <... setpgid resumed>) = 0 [pid 6371] ioctl(4, LOOP_SET_FD, 3 [pid 6373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6370] munmap(0x7ff1eb400000, 138412032 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6372] munmap(0x7ff1eb400000, 138412032 [pid 6370] <... munmap resumed>) = 0 [pid 6372] <... munmap resumed>) = 0 [pid 6370] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6370] ioctl(4, LOOP_SET_FD, 3 [pid 6373] <... openat resumed>) = 3 [pid 6372] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6369] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6373] write(3, "1000", 4 [pid 6372] <... openat resumed>) = 4 [pid 6369] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6373] <... write resumed>) = 4 [pid 6372] ioctl(4, LOOP_SET_FD, 3 [pid 6373] close(3 [pid 6372] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6373] <... close resumed>) = 0 [pid 6372] ioctl(4, LOOP_CLR_FD [pid 6373] symlink("/dev/binderfs", "./binderfs" [pid 6372] <... ioctl resumed>) = 0 executing program [pid 6373] <... symlink resumed>) = 0 [pid 6373] write(1, "executing program\n", 18) = 18 [pid 6373] memfd_create("syzkaller", 0 [pid 6372] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6372] close(4) = 0 [pid 6373] <... memfd_create resumed>) = 3 [pid 6372] close(3 [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6369] <... link resumed>) = 0 [pid 6369] sync( [pid 6371] <... ioctl resumed>) = 0 [pid 6370] <... ioctl resumed>) = 0 [pid 6371] close(3 [pid 6370] close(3 [pid 6371] <... close resumed>) = 0 [pid 6370] <... close resumed>) = 0 [pid 6371] close(4 [pid 6370] close(4 [pid 6372] <... close resumed>) = 0 [pid 6371] <... close resumed>) = 0 [pid 6370] <... close resumed>) = 0 [pid 6371] mkdir("./file1", 0777 [pid 6370] mkdir("./file1", 0777 [pid 6373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6372] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6371] <... mkdir resumed>) = 0 [pid 6370] <... mkdir resumed>) = 0 [pid 6372] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6372] sync( [pid 6371] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6370] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "") = 0 [pid 6370] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6370] chdir("./file1") = 0 [pid 6370] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [ 138.103882][ T6371] loop1: detected capacity change from 0 to 1024 [ 138.129726][ T6370] loop2: detected capacity change from 0 to 1024 [pid 6370] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6371] <... mount resumed>) = 0 [pid 6373] <... write resumed>) = 524288 [pid 6372] <... sync resumed>) = 0 [pid 6370] <... link resumed>) = 0 [pid 6369] <... sync resumed>) = 0 [pid 6372] exit_group(0 [pid 6371] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6369] exit_group(0 [pid 6373] munmap(0x7ff1eb400000, 138412032 [pid 6372] <... exit_group resumed>) = ? [pid 6371] <... openat resumed>) = 3 [pid 6370] sync( [pid 6369] <... exit_group resumed>) = ? [pid 6373] <... munmap resumed>) = 0 [pid 6372] +++ exited with 0 +++ [pid 6371] chdir("./file1" [pid 6369] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6372, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6369, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6371] <... chdir resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6371] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6371] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6373] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] <... openat resumed>) = 3 [pid 5828] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6373] <... openat resumed>) = 4 [pid 6371] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] newfstatat(3, "", [pid 6373] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5828] getdents64(3, [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6370] <... sync resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./106/binderfs", [pid 6370] exit_group(0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6370] <... exit_group resumed>) = ? [pid 5832] unlink("./106/binderfs") = 0 [pid 6371] <... link resumed>) = 0 [pid 5832] getdents64(3, [pid 6371] sync( [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5832] close(3) = 0 [pid 5832] rmdir("./106" [pid 6370] +++ exited with 0 +++ [pid 5832] <... rmdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6370, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5832] mkdir("./107", 0777 [pid 5828] <... umount2 resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 6373] <... ioctl resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6373] close(3 [pid 5830] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6373] <... close resumed>) = 0 [pid 6373] close(4 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6374 ./strace-static-x86_64: Process 6374 attached [pid 6373] <... close resumed>) = 0 [pid 6371] <... sync resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] set_robust_list(0x5555934ed660, 24 [pid 6373] mkdir("./file1", 0777 [ 138.216287][ T6373] loop3: detected capacity change from 0 to 1024 [pid 6371] exit_group(0 [pid 5830] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./105/file1", [pid 6374] <... set_robust_list resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] chdir("./107" [pid 6373] <... mkdir resumed>) = 0 [pid 6371] <... exit_group resumed>) = ? [pid 5830] newfstatat(AT_FDCWD, "./106/file1", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6374] <... chdir resumed>) = 0 [pid 5828] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6373] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6374] <... prctl resumed>) = 0 [pid 5830] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... openat resumed>) = 4 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(4, "", [pid 6374] setpgid(0, 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6374] <... setpgid resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(4, [pid 6371] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6371, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", [pid 5829] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] getdents64(4, [pid 5829] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] getdents64(4, [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6374] <... openat resumed>) = 3 [pid 5828] close(4 [pid 6374] write(3, "1000", 4 [pid 5830] getdents64(4, [pid 6374] <... write resumed>) = 4 [pid 5828] <... close resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] rmdir("./105/file1" [pid 5830] close(4 [pid 5829] newfstatat(3, "", [pid 5830] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] rmdir("./106/file1" [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] close(3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6374] <... close resumed>) = 0 [pid 5829] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] newfstatat(AT_FDCWD, "./105/binderfs", [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./106/binderfs", executing program [pid 6373] <... mount resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6374] write(1, "executing program\n", 18 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6374] <... write resumed>) = 18 [pid 5828] unlink("./105/binderfs" [pid 6373] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6374] memfd_create("syzkaller", 0 [pid 5830] unlink("./106/binderfs" [pid 5828] <... unlink resumed>) = 0 [pid 5829] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6374] <... memfd_create resumed>) = 3 [pid 5830] <... unlink resumed>) = 0 [pid 5829] getdents64(4, [pid 5828] getdents64(3, [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./104/file1") = 0 [pid 5828] close(3 [pid 6374] <... mmap resumed>) = 0x7ff1eb400000 [pid 6373] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 5828] <... close resumed>) = 0 [pid 6373] chdir("./file1" [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] rmdir("./105" [pid 5829] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6373] <... chdir resumed>) = 0 [pid 5830] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6373] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... close resumed>) = 0 [pid 5828] mkdir("./106", 0777 [pid 5829] newfstatat(AT_FDCWD, "./104/binderfs", [pid 6373] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] rmdir("./106" [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5829] unlink("./104/binderfs") = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] mkdir("./107", 0777) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5830] <... openat resumed>) = 3 [pid 5829] close(3 [pid 5828] <... ioctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5829] rmdir("./104" [pid 5828] close(3 [pid 5830] <... ioctl resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 6373] <... link resumed>) = 0 [pid 5830] close(3 [pid 5829] mkdir("./105", 0777 [pid 5828] <... close resumed>) = 0 [pid 6374] <... write resumed>) = 524288 [pid 6373] sync( [pid 5830] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6375 attached ./strace-static-x86_64: Process 6376 attached [pid 6375] set_robust_list(0x5555934ed660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6376 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6375 [pid 6375] <... set_robust_list resumed>) = 0 [pid 6375] chdir("./106" [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6375] <... chdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 6376] set_robust_list(0x5555934ed660, 24 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6376] <... set_robust_list resumed>) = 0 [pid 6375] <... prctl resumed>) = 0 [pid 6374] munmap(0x7ff1eb400000, 138412032 [pid 6376] chdir("./107" [pid 6375] setpgid(0, 0 [pid 6374] <... munmap resumed>) = 0 [pid 6375] <... setpgid resumed>) = 0 [pid 6376] <... chdir resumed>) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6374] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... close resumed>) = 0 [pid 6376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6374] <... openat resumed>) = 4 [pid 6375] <... openat resumed>) = 3 [pid 6376] setpgid(0, 0 [pid 6374] ioctl(4, LOOP_SET_FD, 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6376] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 6377 attached [pid 6376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6375] write(3, "1000", 4 [pid 6376] <... openat resumed>) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6377 [pid 6375] <... write resumed>) = 4 [pid 6376] write(3, "1000", 4 [pid 6375] close(3 [pid 6376] <... write resumed>) = 4 [pid 6376] close(3 [pid 6375] <... close resumed>) = 0 [pid 6377] set_robust_list(0x5555934ed660, 24 [pid 6376] <... close resumed>) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6377] <... set_robust_list resumed>) = 0 [pid 6376] symlink("/dev/binderfs", "./binderfs" [pid 6374] <... ioctl resumed>) = 0 [pid 6373] <... sync resumed>) = 0 [pid 6375] write(1, "executing program\n", 18 [pid 6374] close(3 [pid 6375] <... write resumed>) = 18 [pid 6374] <... close resumed>) = 0 [pid 6377] chdir("./105" [pid 6375] memfd_create("syzkaller", 0 [pid 6373] exit_group(0 [pid 6377] <... chdir resumed>) = 0 [pid 6376] <... symlink resumed>) = 0 [pid 6375] <... memfd_create resumed>) = 3 [pid 6374] close(4 [pid 6373] <... exit_group resumed>) = ? [pid 6377] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6374] <... close resumed>) = 0 [pid 6377] <... prctl resumed>) = 0 [pid 6377] setpgid(0, 0) = 0 [pid 6377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6373] +++ exited with 0 +++ [pid 6377] write(3, "1000", 4 [pid 6375] <... mmap resumed>) = 0x7ff1eb400000 [pid 6374] mkdir("./file1", 0777 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6373, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6377] <... write resumed>) = 4 [pid 6374] <... mkdir resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6376] write(1, "executing program\n", 18 [pid 6374] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... restart_syscall resumed>) = 0 [pid 6376] <... write resumed>) = 18 [pid 5831] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6376] memfd_create("syzkaller", 0 [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6377] close(3 [pid 6375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] getdents64(3, [pid 6377] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6377] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6377] <... symlink resumed>) = 0 executing program [pid 6377] write(1, "executing program\n", 18) = 18 [pid 6377] memfd_create("syzkaller", 0) = 3 [pid 6376] <... memfd_create resumed>) = 3 [pid 6377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6374] <... mount resumed>) = 0 [pid 6376] <... mmap resumed>) = 0x7ff1eb400000 [pid 6374] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 138.414142][ T6374] loop4: detected capacity change from 0 to 1024 [pid 6377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6375] <... write resumed>) = 524288 [pid 6374] chdir("./file1" [pid 5831] <... umount2 resumed>) = 0 [pid 6377] <... write resumed>) = 524288 [pid 6374] <... chdir resumed>) = 0 [pid 6374] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6374] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6374] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./97/file1" [pid 6374] <... link resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6374] sync( [pid 6377] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5831] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./97/binderfs") = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6377] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] close(3 [pid 6377] <... openat resumed>) = 4 [pid 5831] <... close resumed>) = 0 [pid 6377] ioctl(4, LOOP_SET_FD, 3 [pid 5831] rmdir("./97" [pid 6376] <... write resumed>) = 524288 [pid 6375] munmap(0x7ff1eb400000, 138412032 [pid 5831] <... rmdir resumed>) = 0 [pid 6375] <... munmap resumed>) = 0 [pid 5831] mkdir("./98", 0777) = 0 [pid 6376] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6375] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6375] <... openat resumed>) = 4 [pid 5831] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = 0 [pid 6375] ioctl(4, LOOP_SET_FD, 3 [pid 6376] <... openat resumed>) = 4 [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6378 attached [pid 6377] <... ioctl resumed>) = 0 [pid 6376] ioctl(4, LOOP_SET_FD, 3 [pid 6374] <... sync resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6378 [pid 6378] set_robust_list(0x5555934ed660, 24 [pid 6377] close(3 [ 138.524568][ T6377] loop1: detected capacity change from 0 to 1024 [ 138.563709][ T6375] loop0: detected capacity change from 0 to 1024 [pid 6374] exit_group(0 [pid 6377] <... close resumed>) = 0 [pid 6374] <... exit_group resumed>) = ? [pid 6378] <... set_robust_list resumed>) = 0 [pid 6377] close(4) = 0 [pid 6377] mkdir("./file1", 0777 [pid 6378] chdir("./98" [pid 6377] <... mkdir resumed>) = 0 [pid 6377] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6378] <... chdir resumed>) = 0 [pid 6374] +++ exited with 0 +++ [pid 6378] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6374, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6378] <... prctl resumed>) = 0 [pid 6377] <... mount resumed>) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6377] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6378] setpgid(0, 0 [pid 6377] chdir("./file1" [pid 6375] <... ioctl resumed>) = 0 [pid 6377] <... chdir resumed>) = 0 [pid 6378] <... setpgid resumed>) = 0 [pid 6376] <... ioctl resumed>) = 0 [pid 6375] close(3 [pid 5832] <... restart_syscall resumed>) = 0 [pid 6375] <... close resumed>) = 0 [pid 6377] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6375] close(4 [pid 6378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6377] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6376] close(3 [pid 6375] <... close resumed>) = 0 [pid 5832] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6377] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6376] <... close resumed>) = 0 [pid 6375] mkdir("./file1", 0777 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6378] <... openat resumed>) = 3 [pid 6376] close(4 [pid 6375] <... mkdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6378] write(3, "1000", 4 [pid 6376] <... close resumed>) = 0 [pid 6375] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] <... openat resumed>) = 3 [pid 6378] <... write resumed>) = 4 [pid 6376] mkdir("./file1", 0777 [pid 5832] newfstatat(3, "", [pid 6378] close(3) = 0 [pid 6377] <... link resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6377] sync( [pid 6378] symlink("/dev/binderfs", "./binderfs" [pid 6376] <... mkdir resumed>) = 0 [pid 6378] <... symlink resumed>) = 0 [pid 5832] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6378] write(1, "executing program\n", 18executing program ) = 18 [pid 6378] memfd_create("syzkaller", 0 [ 138.578265][ T6376] loop2: detected capacity change from 0 to 1024 [pid 6376] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6378] <... memfd_create resumed>) = 3 [pid 6378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6375] <... mount resumed>) = 0 [pid 6378] <... mmap resumed>) = 0x7ff1eb400000 [pid 6378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... umount2 resumed>) = 0 [pid 6375] <... openat resumed>) = 3 [pid 5832] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6376] <... mount resumed>) = 0 [pid 6375] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6375] <... chdir resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./107/file1", [pid 6376] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6376] <... openat resumed>) = 3 [pid 5832] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6376] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6376] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6376] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... openat resumed>) = 4 [pid 6376] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(4, "", [pid 6376] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6375] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(4, [pid 6375] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6375] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5832] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./107/file1") = 0 [pid 5832] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6377] <... sync resumed>) = 0 [pid 5832] unlink("./107/binderfs") = 0 [pid 6376] <... link resumed>) = 0 [pid 5832] getdents64(3, [pid 6377] exit_group(0) = ? [pid 6378] <... write resumed>) = 524288 [pid 6377] +++ exited with 0 +++ [pid 6376] sync( [pid 6375] <... link resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6377, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6375] sync( [pid 5832] close(3 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5832] <... close resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6378] munmap(0x7ff1eb400000, 138412032 [pid 5832] rmdir("./107" [pid 5829] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6378] <... munmap resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 5832] mkdir("./108", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6378] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] getdents64(3, [pid 5832] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6378] <... openat resumed>) = 4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6378] ioctl(4, LOOP_SET_FD, 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555934ed650) = 6379 ./strace-static-x86_64: Process 6379 attached [pid 6379] set_robust_list(0x5555934ed660, 24 [pid 6378] <... ioctl resumed>) = 0 [pid 6379] <... set_robust_list resumed>) = 0 [pid 6378] close(3 [pid 6379] chdir("./108" [pid 6378] <... close resumed>) = 0 [pid 6379] <... chdir resumed>) = 0 [pid 6378] close(4 [pid 6379] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6378] <... close resumed>) = 0 [pid 6379] <... prctl resumed>) = 0 [pid 6379] setpgid(0, 0 [pid 6378] mkdir("./file1", 0777 [pid 6379] <... setpgid resumed>) = 0 [pid 6379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6378] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 6379] write(3, "1000", 4 [pid 6378] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6379] <... write resumed>) = 4 [pid 5829] newfstatat(AT_FDCWD, "./105/file1", [pid 6379] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6379] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6379] write(1, "executing program\n", 18executing program [pid 5829] <... openat resumed>) = 4 [pid 6379] <... write resumed>) = 18 [pid 5829] newfstatat(4, "", [pid 6379] memfd_create("syzkaller", 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6379] <... memfd_create resumed>) = 3 [ 138.739276][ T6378] loop3: detected capacity change from 0 to 1024 [pid 5829] getdents64(4, [pid 6379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6378] <... mount resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6379] <... mmap resumed>) = 0x7ff1eb400000 [pid 6378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] getdents64(4, [pid 6379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6378] <... openat resumed>) = 3 [pid 6376] <... sync resumed>) = 0 [pid 6375] <... sync resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6375] exit_group(0 [pid 6378] chdir("./file1" [pid 6375] <... exit_group resumed>) = ? [pid 5829] close(4 [pid 6375] +++ exited with 0 +++ [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./105/file1" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6375, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6378] <... chdir resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6376] exit_group(0 [pid 5829] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6378] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6376] <... exit_group resumed>) = ? [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6378] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./105/binderfs", [pid 6378] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6379] <... write resumed>) = 524288 [pid 5829] unlink("./105/binderfs" [pid 5828] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6376] +++ exited with 0 +++ [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5829] getdents64(3, [pid 5828] newfstatat(3, "", [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6376, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] close(3 [pid 5828] getdents64(3, [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./105" [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] mkdir("./106", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] close(3 [pid 5830] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", ./strace-static-x86_64: Process 6380 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6380] set_robust_list(0x5555934ed660, 24 [pid 5830] getdents64(3, [pid 6380] <... set_robust_list resumed>) = 0 [pid 6379] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6380] chdir("./106" [pid 6379] <... munmap resumed>) = 0 [pid 5830] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6380 [pid 6380] <... chdir resumed>) = 0 [pid 6380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6380] setpgid(0, 0 [pid 6379] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6380] <... setpgid resumed>) = 0 [pid 6379] <... openat resumed>) = 4 [pid 6380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6379] ioctl(4, LOOP_SET_FD, 3 [pid 6380] <... openat resumed>) = 3 [pid 6380] write(3, "1000", 4) = 4 [pid 6380] close(3) = 0 [pid 6380] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6380] write(1, "executing program\n", 18) = 18 [pid 5828] <... umount2 resumed>) = 0 [pid 6380] memfd_create("syzkaller", 0) = 3 [pid 6380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5828] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./106/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6378] <... link resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 6378] sync( [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6380] <... write resumed>) = 524288 [pid 6379] <... ioctl resumed>) = 0 [pid 5830] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 5830] newfstatat(AT_FDCWD, "./107/file1", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6379] close(3 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] close(4 [pid 6379] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6379] close(4 [pid 5828] rmdir("./106/file1" [pid 6379] <... close resumed>) = 0 [pid 5830] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... rmdir resumed>) = 0 [pid 6379] mkdir("./file1", 0777 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6379] <... mkdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 138.854883][ T6379] loop4: detected capacity change from 0 to 1024 [pid 6380] munmap(0x7ff1eb400000, 138412032 [pid 5830] <... openat resumed>) = 4 [pid 5828] newfstatat(AT_FDCWD, "./106/binderfs", [pid 6380] <... munmap resumed>) = 0 [pid 5830] newfstatat(4, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6379] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] unlink("./106/binderfs" [pid 5830] getdents64(4, [pid 5828] <... unlink resumed>) = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] getdents64(4, [pid 5828] close(3 [pid 6380] <... openat resumed>) = 4 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... close resumed>) = 0 [pid 6380] ioctl(4, LOOP_SET_FD, 3 [pid 5830] close(4 [pid 5828] rmdir("./106" [pid 5830] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5830] rmdir("./107/file1") = 0 [pid 5828] mkdir("./107", 0777) = 0 [pid 5830] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6379] <... mount resumed>) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 6379] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] newfstatat(AT_FDCWD, "./107/binderfs", [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6378] <... sync resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 6378] exit_group(0 [pid 5830] unlink("./107/binderfs" [pid 6378] <... exit_group resumed>) = ? [pid 5830] <... unlink resumed>) = 0 [pid 6379] <... openat resumed>) = 3 [pid 6378] +++ exited with 0 +++ [pid 5830] getdents64(3, [pid 5828] close(3 [pid 6379] chdir("./file1" [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6378, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6379] <... chdir resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5828] <... close resumed>) = 0 [pid 6379] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] close(3 [pid 6379] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... restart_syscall resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 6379] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] rmdir("./107") = 0 [pid 5831] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] mkdir("./108", 0777 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6380] <... ioctl resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6380] close(3 [pid 5831] newfstatat(3, "", [pid 5830] <... openat resumed>) = 3 [ 138.927718][ T6380] loop1: detected capacity change from 0 to 1024 [pid 6380] <... close resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6380] close(4 [pid 5831] getdents64(3, [pid 5830] <... ioctl resumed>) = 0 [pid 6380] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5830] close(3 [pid 6380] mkdir("./file1", 0777 [pid 5830] <... close resumed>) = 0 [pid 6380] <... mkdir resumed>) = 0 [pid 5831] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6382 attached [pid 6379] <... link resumed>) = 0 ./strace-static-x86_64: Process 6381 attached [pid 6379] sync( [pid 6381] set_robust_list(0x5555934ed660, 24) = 0 [pid 6380] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6382] set_robust_list(0x5555934ed660, 24 [pid 6381] chdir("./107" [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6381 [pid 6382] <... set_robust_list resumed>) = 0 [pid 6381] <... chdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6382 [pid 6382] chdir("./108") = 0 [pid 6381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6379] <... sync resumed>) = 0 [pid 6381] <... prctl resumed>) = 0 [pid 6382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6379] exit_group(0 [pid 6381] setpgid(0, 0) = 0 [pid 6379] <... exit_group resumed>) = ? [pid 6382] setpgid(0, 0 [pid 6381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6382] <... setpgid resumed>) = 0 [pid 6382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6379] +++ exited with 0 +++ [pid 6382] <... openat resumed>) = 3 [pid 6381] <... openat resumed>) = 3 [pid 6381] write(3, "1000", 4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6379, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6381] <... write resumed>) = 4 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6382] write(3, "1000", 4) = 4 [pid 6381] close(3 [pid 5831] <... umount2 resumed>) = 0 [pid 6382] close(3 [pid 6381] <... close resumed>) = 0 [pid 6380] <... mount resumed>) = 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 6382] <... close resumed>) = 0 [pid 6381] symlink("/dev/binderfs", "./binderfs" [pid 5831] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6382] symlink("/dev/binderfs", "./binderfs" [pid 6381] <... symlink resumed>) = 0 [pid 6380] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6382] <... symlink resumed>) = 0 [pid 6381] write(1, "executing program\n", 18 [pid 6380] <... openat resumed>) = 3 [pid 5832] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./98/file1", [pid 6381] <... write resumed>) = 18 [pid 6380] chdir("./file1" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6381] memfd_create("syzkaller", 0 [pid 6380] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6382] write(1, "executing program\n", 18 [pid 6381] <... memfd_create resumed>) = 3 [pid 6380] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6382] <... write resumed>) = 18 [pid 6380] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6382] memfd_create("syzkaller", 0 [pid 6380] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6382] <... memfd_create resumed>) = 3 [pid 6381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] newfstatat(3, "", [pid 6381] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] getdents64(3, [pid 5831] openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... openat resumed>) = 4 [pid 5831] newfstatat(4, "", [pid 6382] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 6380] <... link resumed>) = 0 [pid 6380] sync( [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./98/file1") = 0 [pid 5831] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6381] <... write resumed>) = 524288 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] unlink("./98/binderfs" [pid 6381] munmap(0x7ff1eb400000, 138412032 [pid 5832] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... unlink resumed>) = 0 [pid 6381] <... munmap resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(3, [pid 5832] newfstatat(AT_FDCWD, "./108/file1", [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6381] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] close(3 [pid 6381] <... openat resumed>) = 4 [pid 5832] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 6381] ioctl(4, LOOP_SET_FD, 3 [pid 6380] <... sync resumed>) = 0 [pid 6380] exit_group(0) = ? [pid 6382] <... write resumed>) = 524288 [pid 6380] +++ exited with 0 +++ [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./98" [pid 6382] munmap(0x7ff1eb400000, 138412032 [pid 5832] openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 6381] <... ioctl resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6380, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6382] <... munmap resumed>) = 0 [pid 6381] close(3 [pid 5832] <... openat resumed>) = 4 [pid 5831] mkdir("./99", 0777 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6381] <... close resumed>) = 0 [pid 5832] newfstatat(4, "", [pid 6382] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6381] close(4 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6382] <... openat resumed>) = 4 [pid 6381] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6382] ioctl(4, LOOP_SET_FD, 3 [pid 6381] mkdir("./file1", 0777 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] <... openat resumed>) = 3 [pid 5829] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] getdents64(4, [pid 6381] <... mkdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6381] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5832] close(4 [pid 5831] <... ioctl resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(3) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] rmdir("./108/file1" [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] <... rmdir resumed>) = 0 [ 139.118199][ T6381] loop0: detected capacity change from 0 to 1024 ./strace-static-x86_64: Process 6383 attached [pid 5832] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6383 [pid 5829] getdents64(3, [pid 6383] set_robust_list(0x5555934ed660, 24 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6383] <... set_robust_list resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./108/binderfs", [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6383] chdir("./99" [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] unlink("./108/binderfs" [pid 6383] <... chdir resumed>) = 0 [pid 6383] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... unlink resumed>) = 0 [pid 6383] <... prctl resumed>) = 0 [pid 6381] <... mount resumed>) = 0 [pid 5832] getdents64(3, [pid 5829] <... umount2 resumed>) = 0 [pid 6383] setpgid(0, 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5829] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6383] <... setpgid resumed>) = 0 [pid 6381] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] close(3 [pid 6383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6381] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] rmdir("./108" [pid 6381] chdir("./file1" [pid 5829] newfstatat(AT_FDCWD, "./106/file1", [pid 6381] <... chdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6383] <... openat resumed>) = 3 [pid 6381] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... rmdir resumed>) = 0 [pid 5829] umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6383] write(3, "1000", 4) = 4 [pid 6381] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] mkdir("./109", 0777 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6383] close(3) = 0 [pid 6381] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6383] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6382] <... ioctl resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 6383] write(1, "executing program\n", 18 [pid 5832] <... mkdir resumed>) = 0 [pid 5829] newfstatat(4, "", [pid 6383] <... write resumed>) = 18 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6383] memfd_create("syzkaller", 0 [pid 6382] close(3 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] getdents64(4, [pid 6383] <... memfd_create resumed>) = 3 [pid 6382] <... close resumed>) = 0 [pid 6381] <... link resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6381] sync( [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5829] getdents64(4, [pid 6383] <... mmap resumed>) = 0x7ff1eb400000 [pid 6382] close(4 [pid 5832] <... ioctl resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6382] <... close resumed>) = 0 [pid 6382] mkdir("./file1", 0777) = 0 [pid 5832] close(3 [pid 5829] close(4 [pid 5832] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 139.164552][ T6382] loop2: detected capacity change from 0 to 1024 [pid 5829] rmdir("./106/file1" [pid 6382] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""./strace-static-x86_64: Process 6384 attached [pid 5829] <... rmdir resumed>) = 0 [pid 6384] set_robust_list(0x5555934ed660, 24 [pid 5829] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6384] <... set_robust_list resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6384] chdir("./109" [pid 5829] newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6384] <... chdir resumed>) = 0 [pid 5829] unlink("./106/binderfs" [pid 6384] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6382] <... mount resumed>) = 0 [pid 6384] <... prctl resumed>) = 0 [pid 6383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6382] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6384 [pid 6384] setpgid(0, 0 [pid 6382] <... openat resumed>) = 3 [pid 5829] <... unlink resumed>) = 0 [pid 6384] <... setpgid resumed>) = 0 [pid 6382] chdir("./file1" [pid 5829] getdents64(3, [pid 6384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6382] <... chdir resumed>) = 0 [pid 6384] <... openat resumed>) = 3 [pid 6382] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6381] <... sync resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6384] write(3, "1000", 4) = 4 [pid 6381] exit_group(0 [pid 5829] close(3 [pid 6384] close(3 [pid 6382] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6381] <... exit_group resumed>) = ? [pid 5829] <... close resumed>) = 0 [pid 6382] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6384] <... close resumed>) = 0 [pid 6381] +++ exited with 0 +++ [pid 5829] rmdir("./106" [pid 6384] symlink("/dev/binderfs", "./binderfs" [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6381, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6384] <... symlink resumed>) = 0 [pid 6383] <... write resumed>) = 524288 [pid 5829] <... rmdir resumed>) = 0 [pid 6384] write(1, "executing program\n", 18executing program ) = 18 [pid 6383] munmap(0x7ff1eb400000, 138412032 [pid 5829] mkdir("./107", 0777 [pid 6384] memfd_create("syzkaller", 0 [pid 5828] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6384] <... memfd_create resumed>) = 3 [pid 6383] <... munmap resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6384] <... mmap resumed>) = 0x7ff1eb400000 [pid 6383] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6382] <... link resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6382] sync( [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 6384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6385 attached [pid 6385] set_robust_list(0x5555934ed660, 24 [pid 6384] <... write resumed>) = 524288 [pid 6383] <... openat resumed>) = 4 [pid 6382] <... sync resumed>) = 0 [pid 6385] <... set_robust_list resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6385 [pid 6385] chdir("./107" [pid 5828] <... umount2 resumed>) = 0 [pid 6385] <... chdir resumed>) = 0 [pid 6383] ioctl(4, LOOP_SET_FD, 3 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6383] <... ioctl resumed>) = 0 [pid 6382] exit_group(0 [pid 5828] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./107/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6385] <... prctl resumed>) = 0 [pid 6384] munmap(0x7ff1eb400000, 138412032 [pid 6382] <... exit_group resumed>) = ? [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6385] setpgid(0, 0 [pid 5828] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] close(4 [pid 6382] +++ exited with 0 +++ [pid 5828] <... close resumed>) = 0 [pid 6385] <... setpgid resumed>) = 0 [pid 6384] <... munmap resumed>) = 0 [pid 5828] rmdir("./107/file1" [pid 6384] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6384] <... openat resumed>) = 4 [pid 6383] close(3 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6382, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5828] <... rmdir resumed>) = 0 [pid 6383] <... close resumed>) = 0 [pid 5830] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6384] ioctl(4, LOOP_SET_FD, 3 [pid 6383] close(4) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./107/binderfs", [pid 5830] newfstatat(3, "", [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6385] <... openat resumed>) = 3 [pid 6384] <... ioctl resumed>) = 0 [pid 6383] mkdir("./file1", 0777 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] unlink("./107/binderfs" [pid 6385] write(3, "1000", 4) = 4 [pid 6383] <... mkdir resumed>) = 0 [pid 5830] getdents64(3, [pid 5828] <... unlink resumed>) = 0 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] getdents64(3, [pid 5830] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 6385] close(3 [pid 6383] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./107" [pid 6385] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./108", 0777 [pid 6385] symlink("/dev/binderfs", "./binderfs" [pid 6384] close(3 [pid 5830] <... umount2 resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] close(3 [pid 5830] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6385] <... symlink resumed>) = 0 [pid 6384] <... close resumed>) = 0 [pid 6383] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6385] write(1, "executing program\n", 18 [pid 6384] close(4 [pid 6383] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6384] <... close resumed>) = 0 [ 139.311357][ T6383] loop3: detected capacity change from 0 to 1024 [ 139.351294][ T6384] loop4: detected capacity change from 0 to 1024 executing program [pid 6384] mkdir("./file1", 0777 [pid 6383] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 6383] chdir("./file1" [pid 5830] newfstatat(4, "", [pid 6385] <... write resumed>) = 18 [pid 6384] <... mkdir resumed>) = 0 [pid 6383] <... chdir resumed>) = 0 [pid 6385] memfd_create("syzkaller", 0 [pid 6384] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6383] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6385] <... memfd_create resumed>) = 3 [pid 6383] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] getdents64(4, [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6383] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6385] <... mmap resumed>) = 0x7ff1eb400000 [pid 5830] getdents64(4, [pid 5828] <... close resumed>) = 0 [pid 6385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./108/file1" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6386 attached [pid 6386] set_robust_list(0x5555934ed660, 24 [pid 6385] <... write resumed>) = 524288 [pid 5830] <... rmdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6386 [pid 6386] <... set_robust_list resumed>) = 0 [pid 6386] chdir("./108") = 0 [pid 6383] <... link resumed>) = 0 [pid 5830] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6386] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6383] sync( [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6386] <... prctl resumed>) = 0 [pid 6386] setpgid(0, 0 [pid 5830] newfstatat(AT_FDCWD, "./108/binderfs", [pid 6386] <... setpgid resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./108/binderfs" [pid 6386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] <... unlink resumed>) = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6384] <... mount resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./108" [pid 6386] <... openat resumed>) = 3 [pid 6386] write(3, "1000", 4 [pid 6384] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5830] <... rmdir resumed>) = 0 [pid 6384] <... openat resumed>) = 3 [pid 6386] <... write resumed>) = 4 [pid 5830] mkdir("./109", 0777 [pid 6386] close(3 [pid 6384] chdir("./file1" [pid 6386] <... close resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 6386] symlink("/dev/binderfs", "./binderfs" [pid 6385] munmap(0x7ff1eb400000, 138412032 [pid 6384] <... chdir resumed>) = 0 [pid 6386] <... symlink resumed>) = 0 [pid 6385] <... munmap resumed>) = 0 [pid 6384] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 6386] write(1, "executing program\n", 18 [pid 6385] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6384] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6383] <... sync resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 6386] <... write resumed>) = 18 [pid 6384] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6383] exit_group(0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6385] <... openat resumed>) = 4 [pid 6386] memfd_create("syzkaller", 0 [pid 6385] ioctl(4, LOOP_SET_FD, 3 [pid 6383] <... exit_group resumed>) = ? [pid 5830] <... ioctl resumed>) = 0 [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6387 attached , child_tidptr=0x5555934ed650) = 6387 [pid 6386] <... memfd_create resumed>) = 3 [pid 6387] set_robust_list(0x5555934ed660, 24) = 0 [pid 6387] chdir("./109" [pid 6386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6387] <... chdir resumed>) = 0 [pid 6387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6387] setpgid(0, 0) = 0 [pid 6387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6386] <... mmap resumed>) = 0x7ff1eb400000 [pid 6387] write(3, "1000", 4) = 4 [pid 6383] +++ exited with 0 +++ [pid 6387] close(3) = 0 [pid 6386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6387] symlink("/dev/binderfs", "./binderfs" [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6383, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6387] <... symlink resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6384] <... link resumed>) = 0 [pid 6384] sync( [pid 5831] <... restart_syscall resumed>) = 0 executing program [pid 6387] write(1, "executing program\n", 18) = 18 [pid 6387] memfd_create("syzkaller", 0 [pid 5831] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6387] <... memfd_create resumed>) = 3 [pid 6387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6387] <... mmap resumed>) = 0x7ff1eb400000 [pid 5831] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6385] <... ioctl resumed>) = 0 [pid 6385] close(3 [pid 5831] <... openat resumed>) = 3 [pid 6385] <... close resumed>) = 0 [pid 6384] <... sync resumed>) = 0 [pid 5831] newfstatat(3, "", [ 139.471095][ T6385] loop1: detected capacity change from 0 to 1024 [pid 6385] close(4 [pid 6387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6385] <... close resumed>) = 0 [pid 6384] exit_group(0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6385] mkdir("./file1", 0777 [pid 5831] getdents64(3, [pid 6386] <... write resumed>) = 524288 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6386] munmap(0x7ff1eb400000, 138412032 [pid 6385] <... mkdir resumed>) = 0 [pid 6384] <... exit_group resumed>) = ? [pid 5831] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6386] <... munmap resumed>) = 0 [pid 6385] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6387] <... write resumed>) = 524288 [pid 6387] munmap(0x7ff1eb400000, 138412032 [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6384] +++ exited with 0 +++ [pid 6387] <... munmap resumed>) = 0 [pid 6386] <... openat resumed>) = 4 [pid 6387] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6386] ioctl(4, LOOP_SET_FD, 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6384, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6387] <... openat resumed>) = 4 [pid 6387] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6387] ioctl(4, LOOP_CLR_FD) = 0 [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 6387] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5832] <... restart_syscall resumed>) = 0 [pid 6387] close(4) = 0 [pid 6387] close(3) = 0 [pid 5832] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6385] <... mount resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6387] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6385] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 6387] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 5832] newfstatat(3, "", [pid 6387] sync( [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6386] <... ioctl resumed>) = 0 [pid 6385] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = 0 [pid 6386] close(3 [pid 6385] chdir("./file1" [pid 5832] getdents64(3, [pid 5831] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6386] <... close resumed>) = 0 [pid 6385] <... chdir resumed>) = 0 [pid 6386] close(4 [pid 6385] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6386] <... close resumed>) = 0 [pid 6386] mkdir("./file1", 0777 [pid 6385] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./99/file1", [pid 6386] <... mkdir resumed>) = 0 [pid 6385] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6386] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [ 139.556630][ T6386] loop0: detected capacity change from 0 to 1024 [pid 5831] close(4) = 0 [pid 5831] rmdir("./99/file1") = 0 [pid 5831] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6386] <... mount resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./99/binderfs") = 0 [pid 6387] <... sync resumed>) = 0 [pid 5831] getdents64(3, [pid 6386] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6387] exit_group(0 [pid 6386] <... openat resumed>) = 3 [pid 5831] close(3 [pid 6387] <... exit_group resumed>) = ? [pid 6387] +++ exited with 0 +++ [pid 6386] chdir("./file1" [pid 6385] <... link resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6387, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 6386] <... chdir resumed>) = 0 [pid 6385] sync( [pid 5831] rmdir("./99" [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5830] getdents64(3, [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5831] mkdir("./100", 0777 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6386] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... mkdir resumed>) = 0 [pid 5830] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./109/binderfs" [pid 6386] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] <... unlink resumed>) = 0 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] getdents64(3, [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5832] umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./109" [pid 5831] <... close resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] newfstatat(AT_FDCWD, "./109/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 5830] mkdir("./110", 0777./strace-static-x86_64: Process 6388 attached [pid 5832] umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... mkdir resumed>) = 0 [pid 6388] set_robust_list(0x5555934ed660, 24 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6388 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] openat(AT_FDCWD, "./109/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5830] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 4 [pid 5832] newfstatat(4, "", [pid 6388] <... set_robust_list resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6388] chdir("./100" [pid 5832] getdents64(4, [pid 6388] <... chdir resumed>) = 0 [pid 6386] <... link resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6386] sync( [pid 5832] getdents64(4, [pid 6388] <... prctl resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6388] setpgid(0, 0 [pid 5832] close(4 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6388] <... setpgid resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5830] close(3) = 0 [pid 5832] rmdir("./109/file1" [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... rmdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6389 attached [pid 6385] <... sync resumed>) = 0 [pid 6388] <... openat resumed>) = 3 [pid 6385] exit_group(0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3 [pid 6389] set_robust_list(0x5555934ed660, 24 [pid 6388] <... close resumed>) = 0 [pid 5832] newfstatat(AT_FDCWD, "./109/binderfs", [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6389 [pid 6389] <... set_robust_list resumed>) = 0 [pid 6389] chdir("./110") = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs" [pid 6386] <... sync resumed>) = 0 [pid 6385] <... exit_group resumed>) = ? [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6389] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6388] <... symlink resumed>) = 0 [pid 6386] exit_group(0 [pid 6385] +++ exited with 0 +++ [pid 5832] unlink("./109/binderfs" [pid 6386] <... exit_group resumed>) = ? [pid 5832] <... unlink resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6389] <... prctl resumed>) = 0 [pid 6389] setpgid(0, 0) = 0 [pid 6386] +++ exited with 0 +++ [pid 5832] getdents64(3, [pid 6389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 executing program [pid 6389] <... openat resumed>) = 3 [pid 6388] write(1, "executing program\n", 18 [pid 5832] close(3 [pid 5829] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6386, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6389] write(3, "1000", 4 [pid 6388] <... write resumed>) = 18 [pid 5832] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6389] <... write resumed>) = 4 [pid 5829] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6389] close(3) = 0 [pid 6388] memfd_create("syzkaller", 0 [pid 5832] rmdir("./109" [pid 5829] <... openat resumed>) = 3 executing program [pid 6389] symlink("/dev/binderfs", "./binderfs" [pid 6388] <... memfd_create resumed>) = 3 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 6389] <... symlink resumed>) = 0 [pid 6389] write(1, "executing program\n", 18) = 18 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] mkdir("./110", 0777 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5829] getdents64(3, [pid 6389] memfd_create("syzkaller", 0 [pid 6388] <... mmap resumed>) = 0x7ff1eb400000 [pid 5832] <... mkdir resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6389] <... memfd_create resumed>) = 3 [pid 5828] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6389] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] getdents64(3, [pid 5832] <... openat resumed>) = 3 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] <... umount2 resumed>) = 0 [pid 5832] close(3) = 0 [pid 6389] <... write resumed>) = 524288 [pid 6388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6390 attached [pid 6388] <... write resumed>) = 524288 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6390 [pid 6390] set_robust_list(0x5555934ed660, 24 [pid 5829] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6390] <... set_robust_list resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6390] chdir("./110" [pid 5829] newfstatat(AT_FDCWD, "./107/file1", [pid 6390] <... chdir resumed>) = 0 [pid 6390] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6390] <... prctl resumed>) = 0 [pid 5829] umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6390] setpgid(0, 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = 0 [pid 6390] <... setpgid resumed>) = 0 [pid 6389] munmap(0x7ff1eb400000, 138412032 [pid 5829] openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6389] <... munmap resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6390] <... openat resumed>) = 3 [pid 6389] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6388] munmap(0x7ff1eb400000, 138412032 [pid 5829] newfstatat(4, "", [pid 5828] newfstatat(AT_FDCWD, "./108/file1", [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] getdents64(4, [pid 5828] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6390] write(3, "1000", 4 [pid 6389] <... openat resumed>) = 4 [pid 6388] <... munmap resumed>) = 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6389] ioctl(4, LOOP_SET_FD, 3 [pid 5828] openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6390] <... write resumed>) = 4 [pid 6388] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] getdents64(4, [pid 6390] close(3 [pid 6388] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6390] <... close resumed>) = 0 [pid 6388] ioctl(4, LOOP_SET_FD, 3 [pid 6390] symlink("/dev/binderfs", "./binderfs" [pid 5829] close(4 [pid 5828] newfstatat(4, "", [pid 6390] <... symlink resumed>) = 0 [pid 6389] <... ioctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6389] close(3 [pid 5829] rmdir("./107/file1" [pid 5828] getdents64(4, [pid 6390] write(1, "executing program\n", 18 [pid 6389] <... close resumed>) = 0 [pid 6389] close(4) = 0 [pid 6389] mkdir("./file1", 0777) = 0 [pid 6389] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, ""executing program [pid 6390] <... write resumed>) = 18 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6390] memfd_create("syzkaller", 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(4, [pid 6389] <... mount resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./107/binderfs", [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6389] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6390] <... memfd_create resumed>) = 3 [pid 6389] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 139.788107][ T6389] loop2: detected capacity change from 0 to 1024 [ 139.797996][ T6388] loop3: detected capacity change from 0 to 1024 [pid 5828] close(4 [pid 6390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6389] chdir("./file1" [pid 6388] <... ioctl resumed>) = 0 [pid 5829] unlink("./107/binderfs" [pid 5828] <... close resumed>) = 0 [pid 6390] <... mmap resumed>) = 0x7ff1eb400000 [pid 6388] close(3 [pid 5829] <... unlink resumed>) = 0 [pid 5828] rmdir("./108/file1" [pid 6389] <... chdir resumed>) = 0 [pid 6389] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6388] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 5828] <... rmdir resumed>) = 0 [pid 6389] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6388] close(4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6388] <... close resumed>) = 0 [pid 5829] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6388] mkdir("./file1", 0777 [pid 5829] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6388] <... mkdir resumed>) = 0 [pid 5829] rmdir("./107" [pid 5828] unlink("./108/binderfs") = 0 [pid 6388] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5829] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, [pid 5829] mkdir("./108", 0777 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 6389] <... link resumed>) = 0 [pid 5828] rmdir("./108" [pid 6389] sync( [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./109", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6390] <... write resumed>) = 524288 [pid 6388] <... mount resumed>) = 0 [pid 5829] close(3 [pid 5828] <... ioctl resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 6388] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5828] close(3 [pid 6388] <... openat resumed>) = 3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... close resumed>) = 0 ./strace-static-x86_64: Process 6391 attached [pid 6390] munmap(0x7ff1eb400000, 138412032 [pid 6388] chdir("./file1" [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6388] <... chdir resumed>) = 0 [pid 6390] <... munmap resumed>) = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6391 [pid 6391] set_robust_list(0x5555934ed660, 24./strace-static-x86_64: Process 6392 attached ) = 0 [pid 6390] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6388] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6392 [pid 6392] set_robust_list(0x5555934ed660, 24 [pid 6390] <... openat resumed>) = 4 [pid 6391] chdir("./108" [pid 6388] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6392] <... set_robust_list resumed>) = 0 [pid 6391] <... chdir resumed>) = 0 [pid 6390] ioctl(4, LOOP_SET_FD, 3 [pid 6392] chdir("./109" [pid 6391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6391] setpgid(0, 0) = 0 [pid 6392] <... chdir resumed>) = 0 [pid 6391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6392] setpgid(0, 0) = 0 [pid 6392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6389] <... sync resumed>) = 0 [pid 6392] write(3, "1000", 4) = 4 [pid 6389] exit_group(0 [pid 6392] close(3) = 0 [pid 6392] symlink("/dev/binderfs", "./binderfs" [pid 6391] <... openat resumed>) = 3 [pid 6391] write(3, "1000", 4 [pid 6389] <... exit_group resumed>) = ? [pid 6392] <... symlink resumed>) = 0 [pid 6389] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6389, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6391] <... write resumed>) = 4 [pid 5830] <... openat resumed>) = 3 [pid 6391] close(3 [pid 5830] newfstatat(3, "", [pid 6391] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6392] write(1, "executing program\n", 18 [pid 5830] getdents64(3, [pid 6392] <... write resumed>) = 18 [pid 6391] symlink("/dev/binderfs", "./binderfs" [pid 6388] <... link resumed>) = 0 [pid 6390] <... ioctl resumed>) = 0 [pid 6391] <... symlink resumed>) = 0 [pid 6390] close(3 [pid 6388] sync( [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 executing program [pid 6392] memfd_create("syzkaller", 0 [pid 6391] write(1, "executing program\n", 18 [pid 6390] <... close resumed>) = 0 [pid 6391] <... write resumed>) = 18 [pid 6390] close(4 [pid 6392] <... memfd_create resumed>) = 3 [pid 6391] memfd_create("syzkaller", 0 [pid 6390] <... close resumed>) = 0 [pid 5830] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6390] mkdir("./file1", 0777 [pid 6391] <... memfd_create resumed>) = 3 [pid 6392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6390] <... mkdir resumed>) = 0 [pid 5830] <... umount2 resumed>) = 0 [pid 6391] <... mmap resumed>) = 0x7ff1eb400000 [pid 6390] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [ 139.903761][ T6390] loop4: detected capacity change from 0 to 1024 [pid 6391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./110/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./110/file1") = 0 [pid 5830] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./110/binderfs") = 0 [pid 5830] getdents64(3, 0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./110" [pid 6390] <... mount resumed>) = 0 [pid 6388] <... sync resumed>) = 0 [pid 5830] <... rmdir resumed>) = 0 [pid 6392] <... write resumed>) = 524288 [pid 6390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6388] exit_group(0 [pid 6390] <... openat resumed>) = 3 [pid 6388] <... exit_group resumed>) = ? [pid 6390] chdir("./file1") = 0 [pid 6392] munmap(0x7ff1eb400000, 138412032 [pid 5830] mkdir("./111", 0777 [pid 6392] <... munmap resumed>) = 0 [pid 6391] <... write resumed>) = 524288 [pid 6390] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... mkdir resumed>) = 0 [pid 6391] munmap(0x7ff1eb400000, 138412032 [pid 6390] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6390] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6392] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5830] <... openat resumed>) = 3 [pid 6392] <... openat resumed>) = 4 [pid 6391] <... munmap resumed>) = 0 [pid 6388] +++ exited with 0 +++ [pid 6392] ioctl(4, LOOP_SET_FD, 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6392] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5830] <... ioctl resumed>) = 0 [pid 6392] ioctl(4, LOOP_CLR_FD [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5830] close(3 [pid 6392] <... ioctl resumed>) = 0 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6391] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... restart_syscall resumed>) = 0 [pid 6392] ioctl(4, LOOP_SET_FD, 3 [pid 6391] <... openat resumed>) = 4 [pid 6391] ioctl(4, LOOP_SET_FD, 3 [pid 6392] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6392] close(4) = 0 [pid 5831] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6392] close(3) = 0 [pid 6390] <... link resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6392] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5831] <... openat resumed>) = 3 [pid 6392] <... link resumed>) = -1 ENOENT (No such file or directory) [pid 6392] sync( [pid 6390] sync( [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 6392] <... sync resumed>) = 0 [pid 6391] <... ioctl resumed>) = 0 [pid 6390] <... sync resumed>) = 0 [pid 6391] close(3 [pid 6392] exit_group(0 [pid 6391] <... close resumed>) = 0 [pid 6390] exit_group(0 [pid 6391] close(4 [pid 6390] <... exit_group resumed>) = ? [pid 6392] <... exit_group resumed>) = ? [pid 6391] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6392] +++ exited with 0 +++ [pid 6391] mkdir("./file1", 0777 [pid 6390] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6393 attached [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6392, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6390, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6393 [pid 6391] <... mkdir resumed>) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6393] set_robust_list(0x5555934ed660, 24 [pid 6391] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... restart_syscall resumed>) = 0 [pid 6393] <... set_robust_list resumed>) = 0 [pid 6393] chdir("./111") = 0 [pid 6393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./100/file1", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6393] <... prctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6393] setpgid(0, 0 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 3 [pid 5831] openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] newfstatat(3, "", [pid 6393] <... setpgid resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(3, [pid 5831] newfstatat(4, "", [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 140.027415][ T6391] loop1: detected capacity change from 0 to 1024 [pid 5832] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 5832] <... openat resumed>) = 3 [pid 5832] newfstatat(3, "", [pid 6393] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, [pid 5831] getdents64(4, [pid 5828] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6393] write(3, "1000", 4 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6393] <... write resumed>) = 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 executing program [pid 6393] close(3) = 0 [pid 5828] newfstatat(AT_FDCWD, "./109/binderfs", [pid 6391] <... mount resumed>) = 0 [pid 5831] getdents64(4, [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6393] write(1, "executing program\n", 18) = 18 [pid 6393] memfd_create("syzkaller", 0) = 3 [pid 6393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6391] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] unlink("./109/binderfs" [pid 5831] close(4 [pid 6393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6391] <... openat resumed>) = 3 [pid 5832] <... umount2 resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 6391] chdir("./file1" [pid 5832] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] rmdir("./100/file1" [pid 5828] getdents64(3, [pid 6391] <... chdir resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6391] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(AT_FDCWD, "./110/file1", [pid 5831] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] close(3 [pid 6391] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... close resumed>) = 0 [pid 5832] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./109" [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6393] <... write resumed>) = 524288 [pid 5832] openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] newfstatat(AT_FDCWD, "./100/binderfs", [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] mkdir("./110", 0777 [pid 5832] <... openat resumed>) = 4 [pid 5831] unlink("./100/binderfs" [pid 5828] <... mkdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] newfstatat(4, "", [pid 5831] <... unlink resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 6391] <... link resumed>) = 0 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6391] sync( [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] getdents64(4, [pid 5831] close(3 [pid 5828] close(3 [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... close resumed>) = 0 [pid 5832] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5832] close(4) = 0 [pid 5832] rmdir("./110/file1") = 0 [pid 5832] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./100" [pid 6393] munmap(0x7ff1eb400000, 138412032 [pid 5832] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5832] unlink("./110/binderfs" [pid 6393] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6394 attached [pid 6391] <... sync resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5832] getdents64(3, [pid 6393] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6391] exit_group(0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5831] mkdir("./101", 0777 [pid 6393] <... openat resumed>) = 4 [pid 5832] close(3 [pid 6393] ioctl(4, LOOP_SET_FD, 3 [pid 6391] <... exit_group resumed>) = ? [pid 5832] <... close resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6394 [pid 6394] set_robust_list(0x5555934ed660, 24 [pid 6391] +++ exited with 0 +++ [pid 6394] <... set_robust_list resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6391, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5829] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6394] chdir("./110" [pid 5832] rmdir("./110" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6394] <... chdir resumed>) = 0 [pid 5832] <... rmdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] mkdir("./111", 0777 [pid 6394] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... mkdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] <... openat resumed>) = 3 [pid 6394] <... prctl resumed>) = 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 6394] setpgid(0, 0) = 0 [pid 5831] close(3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... openat resumed>) = 3 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6396 attached [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6396 ./strace-static-x86_64: Process 6395 attached [pid 6394] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6395 [pid 6396] set_robust_list(0x5555934ed660, 24 [pid 6395] set_robust_list(0x5555934ed660, 24 [pid 6396] <... set_robust_list resumed>) = 0 [pid 6396] chdir("./111" [pid 6395] <... set_robust_list resumed>) = 0 [pid 6394] write(3, "1000", 4 [pid 6395] chdir("./101" [pid 6393] <... ioctl resumed>) = 0 [pid 6396] <... chdir resumed>) = 0 [pid 6395] <... chdir resumed>) = 0 [pid 6394] <... write resumed>) = 4 [pid 5829] <... umount2 resumed>) = 0 [pid 6394] close(3 [pid 6395] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6394] <... close resumed>) = 0 [pid 6395] <... prctl resumed>) = 0 [pid 6394] symlink("/dev/binderfs", "./binderfs" [pid 5829] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6395] setpgid(0, 0 [pid 6396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6395] <... setpgid resumed>) = 0 [pid 6394] <... symlink resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6396] <... prctl resumed>) = 0 [pid 6393] close(3 [pid 6396] setpgid(0, 0 [pid 6393] <... close resumed>) = 0 [pid 6396] <... setpgid resumed>) = 0 [ 140.175977][ T6393] loop2: detected capacity change from 0 to 1024 executing program [pid 6395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6394] write(1, "executing program\n", 18 [pid 6393] close(4 [pid 5829] newfstatat(AT_FDCWD, "./108/file1", [pid 6393] <... close resumed>) = 0 [pid 6394] <... write resumed>) = 18 [pid 6393] mkdir("./file1", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6395] <... openat resumed>) = 3 [pid 6394] memfd_create("syzkaller", 0 [pid 6393] <... mkdir resumed>) = 0 [pid 5829] umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6396] <... openat resumed>) = 3 [pid 6393] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6396] write(3, "1000", 4) = 4 [pid 6396] close(3 [pid 6395] write(3, "1000", 4 [pid 6394] <... memfd_create resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6396] <... close resumed>) = 0 [pid 6396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6395] <... write resumed>) = 4 executing program [pid 6394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6396] write(1, "executing program\n", 18 [pid 6395] close(3 [pid 6396] <... write resumed>) = 18 [pid 6395] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 6396] memfd_create("syzkaller", 0 [pid 6395] symlink("/dev/binderfs", "./binderfs" [pid 6394] <... mmap resumed>) = 0x7ff1eb400000 [pid 6395] <... symlink resumed>) = 0 [pid 6396] <... memfd_create resumed>) = 3 [pid 6396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6395] write(1, "executing program\n", 18 [pid 6394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5829] newfstatat(4, "", executing program [pid 6395] <... write resumed>) = 18 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6395] memfd_create("syzkaller", 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6395] <... memfd_create resumed>) = 3 [pid 5829] getdents64(4, [pid 6395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 6395] <... mmap resumed>) = 0x7ff1eb400000 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./108/file1") = 0 [pid 6394] <... write resumed>) = 524288 [pid 6393] <... mount resumed>) = 0 [pid 5829] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6393] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6393] <... openat resumed>) = 3 [pid 6396] <... write resumed>) = 524288 [pid 6393] chdir("./file1" [pid 5829] newfstatat(AT_FDCWD, "./108/binderfs", [pid 6396] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6393] <... chdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6394] munmap(0x7ff1eb400000, 138412032 [pid 6393] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] unlink("./108/binderfs" [pid 6394] <... munmap resumed>) = 0 [pid 6396] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5829] <... unlink resumed>) = 0 [pid 6393] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6396] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6395] <... write resumed>) = 524288 [pid 6394] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6393] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5829] getdents64(3, [pid 6396] ioctl(4, LOOP_CLR_FD [pid 6394] <... openat resumed>) = 4 [pid 5829] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6396] <... ioctl resumed>) = 0 [pid 5829] close(3 [pid 6396] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5829] <... close resumed>) = 0 [pid 6396] close(4) = 0 [pid 6395] munmap(0x7ff1eb400000, 138412032 [pid 6394] ioctl(4, LOOP_SET_FD, 3 [pid 6393] <... link resumed>) = 0 [pid 5829] rmdir("./108") = 0 [pid 6396] close(3) = 0 [pid 6395] <... munmap resumed>) = 0 [pid 6393] sync( [pid 5829] mkdir("./109", 0777) = 0 [pid 6395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6395] ioctl(4, LOOP_SET_FD, 3 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6396] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 ENOENT (No such file or directory) [pid 6396] sync( [pid 5829] <... openat resumed>) = 3 [pid 6394] <... ioctl resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6394] close(3 [pid 5829] <... ioctl resumed>) = 0 [pid 6394] <... close resumed>) = 0 [pid 5829] close(3 [pid 6395] <... ioctl resumed>) = 0 [pid 6394] close(4 [pid 5829] <... close resumed>) = 0 [pid 6395] close(3 [pid 6394] <... close resumed>) = 0 [ 140.316935][ T6394] loop0: detected capacity change from 0 to 1024 [ 140.332009][ T6395] loop3: detected capacity change from 0 to 1024 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6395] <... close resumed>) = 0 [pid 6394] mkdir("./file1", 0777./strace-static-x86_64: Process 6397 attached [pid 5829] <... clone resumed>, child_tidptr=0x5555934ed650) = 6397 [pid 6396] <... sync resumed>) = 0 [pid 6393] <... sync resumed>) = 0 [pid 6394] <... mkdir resumed>) = 0 [pid 6397] set_robust_list(0x5555934ed660, 24 [pid 6395] close(4 [pid 6393] exit_group(0 [pid 6397] <... set_robust_list resumed>) = 0 [pid 6394] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6397] chdir("./109" [pid 6396] exit_group(0 [pid 6395] <... close resumed>) = 0 [pid 6393] <... exit_group resumed>) = ? [pid 6395] mkdir("./file1", 0777 [pid 6393] +++ exited with 0 +++ [pid 6397] <... chdir resumed>) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6393, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 6397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6395] <... mkdir resumed>) = 0 [pid 6397] <... prctl resumed>) = 0 [pid 6396] <... exit_group resumed>) = ? [pid 5830] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6397] setpgid(0, 0 [pid 6395] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6397] <... setpgid resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6396] +++ exited with 0 +++ [pid 5830] <... openat resumed>) = 3 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6396, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, [pid 5832] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6397] <... openat resumed>) = 3 [pid 6394] <... mount resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6397] write(3, "1000", 4 [pid 6394] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5832] <... openat resumed>) = 3 [pid 6397] <... write resumed>) = 4 [pid 5832] newfstatat(3, "", [pid 6397] close(3 [pid 6394] <... openat resumed>) = 3 [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6397] <... close resumed>) = 0 [pid 6394] chdir("./file1" [pid 5832] getdents64(3, [pid 6394] <... chdir resumed>) = 0 [pid 6397] symlink("/dev/binderfs", "./binderfs" [pid 6395] <... mount resumed>) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 3 entries */, 32768) = 80 [pid 6395] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6397] <... symlink resumed>) = 0 [pid 6395] <... openat resumed>) = 3 [pid 6394] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6395] chdir("./file1"executing program [pid 6397] write(1, "executing program\n", 18 [pid 6395] <... chdir resumed>) = 0 [pid 6394] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... umount2 resumed>) = 0 [pid 6395] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6397] <... write resumed>) = 18 [pid 6394] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6395] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6397] memfd_create("syzkaller", 0 [pid 5832] unlink("./111/binderfs" [pid 6397] <... memfd_create resumed>) = 3 [pid 6395] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6394] <... link resumed>) = 0 [pid 5832] <... unlink resumed>) = 0 [pid 5830] umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./111/file1", [pid 6394] sync( [pid 6397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 5832] getdents64(3, [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5830] umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 4 [pid 5832] rmdir("./111" [pid 5830] newfstatat(4, "", [pid 5832] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, [pid 5832] mkdir("./112", 0777) = 0 [pid 5830] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5830] close(4 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5830] rmdir("./111/file1" [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5830] <... rmdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] close(3 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] <... close resumed>) = 0 [pid 5830] newfstatat(AT_FDCWD, "./111/binderfs", [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6398 attached [pid 5830] unlink("./111/binderfs" [pid 6397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6395] <... link resumed>) = 0 [pid 6394] <... sync resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 6398] set_robust_list(0x5555934ed660, 24 [pid 6394] exit_group(0) = ? [pid 6398] <... set_robust_list resumed>) = 0 [pid 6394] +++ exited with 0 +++ [pid 6398] chdir("./112" [pid 6395] sync( [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6394, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 6398] <... chdir resumed>) = 0 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 6398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6398] setpgid(0, 0 [pid 5830] getdents64(3, [pid 6398] <... setpgid resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555934ed650) = 6398 [pid 5830] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] close(3 [pid 6398] <... openat resumed>) = 3 [pid 5830] <... close resumed>) = 0 [pid 5830] rmdir("./111") = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6398] write(3, "1000", 4 [pid 5830] mkdir("./112", 0777 [pid 6398] <... write resumed>) = 4 [pid 5830] <... mkdir resumed>) = 0 [pid 5828] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6398] close(3 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6398] <... close resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 6398] symlink("/dev/binderfs", "./binderfs" [pid 6395] <... sync resumed>) = 0 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5828] <... openat resumed>) = 3 [pid 6398] <... symlink resumed>) = 0 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 6398] write(1, "executing program\n", 18 [pid 5830] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6398] <... write resumed>) = 18 [pid 6395] exit_group(0 [pid 5830] <... close resumed>) = 0 [pid 6398] memfd_create("syzkaller", 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] getdents64(3, ./strace-static-x86_64: Process 6399 attached [pid 6398] <... memfd_create resumed>) = 3 [pid 6397] <... write resumed>) = 524288 [pid 6395] <... exit_group resumed>) = ? [pid 6399] set_robust_list(0x5555934ed660, 24 [pid 6398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... clone resumed>, child_tidptr=0x5555934ed650) = 6399 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 6399] <... set_robust_list resumed>) = 0 [pid 6399] chdir("./112" [pid 6398] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6397] munmap(0x7ff1eb400000, 138412032 [pid 6399] <... chdir resumed>) = 0 [pid 6398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6397] <... munmap resumed>) = 0 [pid 6395] +++ exited with 0 +++ [pid 6399] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6395, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5828] <... umount2 resumed>) = 0 [pid 6399] <... prctl resumed>) = 0 [pid 6398] <... write resumed>) = 524288 [pid 6397] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6399] setpgid(0, 0 [pid 6397] <... openat resumed>) = 4 [pid 5831] <... restart_syscall resumed>) = 0 [pid 6399] <... setpgid resumed>) = 0 [pid 6397] ioctl(4, LOOP_SET_FD, 3 [pid 6399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6398] munmap(0x7ff1eb400000, 138412032) = 0 [pid 5831] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6398] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6399] <... openat resumed>) = 3 [pid 6398] <... openat resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6398] ioctl(4, LOOP_SET_FD, 3 [pid 6399] write(3, "1000", 4 [pid 6397] <... ioctl resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6399] <... write resumed>) = 4 [pid 6397] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./110/file1", [pid 6399] close(3 [pid 6397] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 6399] <... close resumed>) = 0 [pid 6397] close(4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6399] symlink("/dev/binderfs", "./binderfs" [pid 6397] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 6399] <... symlink resumed>) = 0 [pid 6397] mkdir("./file1", 0777 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6399] write(1, "executing program\n", 18 [pid 6398] <... ioctl resumed>) = 0 [pid 6397] <... mkdir resumed>) = 0 [pid 5831] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6399] <... write resumed>) = 18 [pid 6397] mount("/dev/loop1", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5828] openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6398] close(3 [pid 6399] memfd_create("syzkaller", 0 [pid 6398] <... close resumed>) = 0 [pid 5828] newfstatat(4, "", [pid 6398] close(4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6399] <... memfd_create resumed>) = 3 [pid 6398] <... close resumed>) = 0 [pid 5828] getdents64(4, [pid 6398] mkdir("./file1", 0777 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 6399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 6399] <... mmap resumed>) = 0x7ff1eb400000 [pid 5828] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 6398] <... mkdir resumed>) = 0 [pid 6398] mount("/dev/loop4", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] close(4) = 0 [pid 5831] newfstatat(AT_FDCWD, "./101/file1", [ 140.548965][ T6397] loop1: detected capacity change from 0 to 1024 [ 140.561585][ T6398] loop4: detected capacity change from 0 to 1024 [pid 5828] rmdir("./110/file1" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 6399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5831] umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./110/binderfs", [pid 5831] openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5828] unlink("./110/binderfs" [pid 6398] <... mount resumed>) = 0 [pid 6398] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6399] <... write resumed>) = 524288 [pid 6397] <... mount resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 5828] <... unlink resumed>) = 0 [pid 6397] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 5831] getdents64(4, [pid 6397] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 6397] chdir("./file1" [pid 5831] getdents64(4, [pid 5828] close(3 [pid 6399] munmap(0x7ff1eb400000, 138412032 [pid 6397] <... chdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934f6730 /* 0 entries */, 32768) = 0 [pid 5828] <... close resumed>) = 0 [pid 6397] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] close(4 [pid 5828] rmdir("./110" [pid 6398] chdir("./file1" [pid 5831] <... close resumed>) = 0 [pid 6398] <... chdir resumed>) = 0 [pid 5831] rmdir("./101/file1" [pid 5828] <... rmdir resumed>) = 0 [pid 6398] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6397] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6398] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] <... rmdir resumed>) = 0 [pid 5828] mkdir("./111", 0777 [pid 6397] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6398] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 5828] <... mkdir resumed>) = 0 [pid 5831] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6399] <... munmap resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6399] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5828] <... openat resumed>) = 3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6399] <... openat resumed>) = 4 [pid 6399] ioctl(4, LOOP_SET_FD, 3 [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3 [pid 5831] unlink("./101/binderfs" [pid 6398] <... link resumed>) = 0 [pid 6398] sync( [pid 5831] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5828] <... close resumed>) = 0 [pid 6399] <... ioctl resumed>) = 0 [pid 5831] <... getdents64 resumed>0x5555934ee6f0 /* 0 entries */, 32768) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] close(3./strace-static-x86_64: Process 6400 attached ) = 0 [pid 6400] set_robust_list(0x5555934ed660, 24 [pid 5831] rmdir("./101" [pid 6400] <... set_robust_list resumed>) = 0 [pid 6397] <... link resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6397] sync( [pid 5831] mkdir("./102", 0777 [pid 5828] <... clone resumed>, child_tidptr=0x5555934ed650) = 6400 [pid 6400] chdir("./111" [pid 6399] close(3 [pid 5831] <... mkdir resumed>) = 0 [pid 6400] <... chdir resumed>) = 0 [pid 6399] <... close resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6400] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6399] close(4 [pid 5831] <... openat resumed>) = 3 [pid 6399] <... close resumed>) = 0 [pid 6399] mkdir("./file1", 0777 [pid 6400] <... prctl resumed>) = 0 [pid 6399] <... mkdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6400] setpgid(0, 0 [pid 5831] <... ioctl resumed>) = 0 [pid 5831] close(3 [pid 6400] <... setpgid resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6399] mount("/dev/loop2", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6401 attached [ 140.655913][ T6399] loop2: detected capacity change from 0 to 1024 [ 140.671517][ T1037] ------------[ cut here ]------------ [ 140.677364][ T1037] kernel BUG at fs/hfsplus/bnode.c:624! [ 140.727341][ T1037] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 140.733677][ T1037] CPU: 0 UID: 0 PID: 1037 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 140.745868][ T1037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.755974][ T1037] Workqueue: writeback wb_workfn (flush-7:1) [ 140.762068][ T1037] RIP: 0010:hfsplus_bnode_put+0x54a/0x560 [ 140.767837][ T1037] Code: 8b ff e9 b2 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c f0 fe ff ff 48 89 df e8 01 ee 8b ff e9 e3 fe ff ff e8 77 a1 2a ff 90 <0f> 0b e8 6f a1 2a ff 90 0f 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 [ 140.787675][ T1037] RSP: 0018:ffffc90003b5f218 EFLAGS: 00010293 [ 140.793793][ T1037] RAX: ffffffff8295ac79 RBX: ffff88802956db00 RCX: ffff888026a03c00 [ 140.801894][ T1037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 140.810227][ T1037] RBP: 0000000000000000 R08: ffff88802956db83 R09: 1ffff110052adb70 [ 140.818340][ T1037] R10: dffffc0000000000 R11: ffffed10052adb71 R12: ffff88802956db80 [ 140.826359][ T1037] R13: ffff888072891034 R14: dffffc0000000000 R15: ffff888070df2000 [ 140.834376][ T1037] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 140.843352][ T1037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.850068][ T1037] CR2: 00007f86bf7de000 CR3: 00000000324ac000 CR4: 00000000003526f0 [ 140.858172][ T1037] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 140.866300][ T1037] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 140.874290][ T1037] Call Trace: [ 140.877583][ T1037] [ 140.880534][ T1037] ? block_dirty_folio+0x163/0x1d0 [ 140.885847][ T1037] hfsplus_btree_write+0x379/0x7b0 [ 140.890986][ T1037] hfsplus_write_inode+0x4c9/0x5f0 [ 140.896203][ T1037] __writeback_single_inode+0x6f1/0xff0 [ 140.901772][ T1037] writeback_sb_inodes+0x6b5/0x1000 [ 140.907084][ T1037] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 140.912755][ T1037] ? rcu_is_watching+0x15/0xb0 [ 140.917978][ T1037] wb_writeback+0x43b/0xaf0 [ 140.922499][ T1037] ? queue_io+0x351/0x590 [ 140.926855][ T1037] ? __pfx_wb_writeback+0x10/0x10 [ 140.931915][ T1037] ? _raw_spin_unlock_irq+0x23/0x50 [ 140.937163][ T1037] wb_workfn+0x409/0xef0 [ 140.941446][ T1037] ? __pfx_wb_workfn+0x10/0x10 [ 140.946238][ T1037] ? __lock_acquire+0xab9/0xd20 [ 140.951114][ T1037] ? process_scheduled_works+0x9ef/0x17b0 [ 140.956859][ T1037] ? _raw_spin_unlock_irq+0x23/0x50 [ 140.962082][ T1037] ? process_scheduled_works+0x9ef/0x17b0 [ 140.967831][ T1037] ? process_scheduled_works+0x9ef/0x17b0 [ 140.973575][ T1037] process_scheduled_works+0xade/0x17b0 [ 140.979158][ T1037] ? __pfx_process_scheduled_works+0x10/0x10 [ 140.985162][ T1037] worker_thread+0x8a0/0xda0 [ 140.989774][ T1037] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 140.996129][ T1037] ? __kthread_parkme+0x7b/0x200 [ 141.001096][ T1037] kthread+0x70e/0x8a0 [ 141.005184][ T1037] ? __pfx_worker_thread+0x10/0x10 [ 141.010315][ T1037] ? __pfx_kthread+0x10/0x10 [ 141.014929][ T1037] ? _raw_spin_unlock_irq+0x23/0x50 [ 141.020155][ T1037] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 6401] set_robust_list(0x5555934ed660, 24 [pid 6400] <... openat resumed>) = 3 [pid 5831] <... clone resumed>, child_tidptr=0x5555934ed650) = 6401 [pid 6400] write(3, "1000", 4) = 4 [pid 6400] close(3) = 0 [pid 6400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6400] write(1, "executing program\n", 18) = 18 [pid 6400] memfd_create("syzkaller", 0) = 3 [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6401] <... set_robust_list resumed>) = 0 [ 141.025373][ T1037] ? __pfx_kthread+0x10/0x10 [ 141.029977][ T1037] ret_from_fork+0x3fc/0x770 [ 141.034589][ T1037] ? __pfx_ret_from_fork+0x10/0x10 [ 141.039721][ T1037] ? __switch_to_asm+0x39/0x70 [ 141.044492][ T1037] ? __switch_to_asm+0x33/0x70 [ 141.049266][ T1037] ? __pfx_kthread+0x10/0x10 [ 141.053885][ T1037] ret_from_fork_asm+0x1a/0x30 [ 141.058753][ T1037] [ 141.061780][ T1037] Modules linked in: [ 141.066275][ T1037] ---[ end trace 0000000000000000 ]--- [pid 6401] chdir("./102" [pid 6400] <... write resumed>) = 524288 [pid 6399] <... mount resumed>) = 0 [pid 6401] <... chdir resumed>) = 0 [pid 6399] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6401] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6399] <... openat resumed>) = 3 [pid 6401] <... prctl resumed>) = 0 [pid 6399] chdir("./file1" [pid 6401] setpgid(0, 0 [pid 6399] <... chdir resumed>) = 0 [pid 6401] <... setpgid resumed>) = 0 [pid 6399] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6400] munmap(0x7ff1eb400000, 138412032 [pid 6399] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6401] <... openat resumed>) = 3 [pid 6400] <... munmap resumed>) = 0 [pid 6399] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" [pid 6401] write(3, "1000", 4 [pid 6400] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6399] <... link resumed>) = 0 [pid 6401] <... write resumed>) = 4 [pid 6400] <... openat resumed>) = 4 [pid 6399] sync( [pid 6401] close(3 [pid 6400] ioctl(4, LOOP_SET_FD, 3 [pid 6401] <... close resumed>) = 0 [pid 6401] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6401] write(1, "executing program\n", 18) = 18 [pid 6401] memfd_create("syzkaller", 0) = 3 [pid 6401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1eb400000 [pid 6401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6401] munmap(0x7ff1eb400000, 138412032) = 0 [pid 6401] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 141.091785][ T1037] RIP: 0010:hfsplus_bnode_put+0x54a/0x560 [ 141.098444][ T1037] Code: 8b ff e9 b2 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c f0 fe ff ff 48 89 df e8 01 ee 8b ff e9 e3 fe ff ff e8 77 a1 2a ff 90 <0f> 0b e8 6f a1 2a ff 90 0f 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 [ 141.110175][ T6400] loop0: detected capacity change from 0 to 1024 [pid 6401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6400] <... ioctl resumed>) = 0 [pid 6401] close(3 [pid 6400] close(3 [pid 6401] <... close resumed>) = 0 [pid 6401] close(4 [pid 6400] <... close resumed>) = 0 [pid 6401] <... close resumed>) = 0 [pid 6401] mkdir("./file1", 0777 [pid 6400] close(4 [pid 6401] <... mkdir resumed>) = 0 [pid 6401] mount("/dev/loop3", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6400] <... close resumed>) = 0 [pid 6400] mkdir("./file1", 0777) = 0 [ 141.138487][ T6401] loop3: detected capacity change from 0 to 1024 [ 141.154497][ T1037] RSP: 0018:ffffc90003b5f218 EFLAGS: 00010293 [ 141.174605][ T1037] RAX: ffffffff8295ac79 RBX: ffff88802956db00 RCX: ffff888026a03c00 [ 141.182719][ T1037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [pid 6400] mount("/dev/loop0", "./file1", "hfsplus", MS_SYNCHRONOUS|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_STRICTATIME, "" [pid 6401] <... mount resumed>) = 0 [pid 6401] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6401] chdir("./file1") = 0 [pid 6401] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6401] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 6400] <... mount resumed>) = 0 [pid 6401] sync( [pid 6400] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] chdir("./file1") = 0 [ 141.196256][ T1037] RBP: 0000000000000000 R08: ffff88802956db83 R09: 1ffff110052adb70 [ 141.205928][ T1037] R10: dffffc0000000000 R11: ffffed10052adb71 R12: ffff88802956db80 [ 141.215727][ T1037] R13: ffff888072891034 R14: dffffc0000000000 R15: ffff888070df2000 [ 141.229911][ T1037] FS: 0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 141.240196][ T1037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 6400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6400] link("./file1", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 141.247407][ T1037] CR2: 00007f86bf7e7000 CR3: 000000007256e000 CR4: 00000000003526f0 [ 141.259721][ T1037] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 141.268470][ T1037] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 141.277429][ T1037] Kernel panic - not syncing: Fatal exception [ 141.283685][ T1037] Kernel Offset: disabled [ 141.288022][ T1037] Rebooting in 86400 seconds..