./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor257169834 <...> Warning: Permanently added '10.128.1.97' (ECDSA) to the list of known hosts. execve("./syz-executor257169834", ["./syz-executor257169834"], 0x7ffcfffc4530 /* 10 vars */) = 0 brk(NULL) = 0x555555e32000 brk(0x555555e32c40) = 0x555555e32c40 arch_prctl(ARCH_SET_FS, 0x555555e32300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor257169834", 4096) = 27 brk(0x555555e53c40) = 0x555555e53c40 brk(0x555555e54000) = 0x555555e54000 mprotect(0x7fd20511e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3631 mkdir("./syzkaller.7nqzDL", 0700) = 0 chmod("./syzkaller.7nqzDL", 0777) = 0 chdir("./syzkaller.7nqzDL") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3632 ./strace-static-x86_64: Process 3632 attached [pid 3632] chdir("./0") = 0 [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3632] setpgid(0, 0) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3632] memfd_create("syzkaller", 0) = 3 [pid 3632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3632] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3632] close(3) = 0 [pid 3632] mkdir("./file0", 0777) = 0 syzkaller login: [ 53.722591][ T3632] loop0: detected capacity change from 0 to 512 [ 53.731642][ T3632] ======================================================= [ 53.731642][ T3632] WARNING: The mand mount option has been deprecated and [ 53.731642][ T3632] and is ignored by this kernel. Remove the mand [ 53.731642][ T3632] option from the mount to silence this warning. [ 53.731642][ T3632] ======================================================= [pid 3632] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3632] chdir("./file0") = 0 [pid 3632] ioctl(4, LOOP_CLR_FD) = 0 [pid 3632] close(4) = 0 [pid 3632] exit_group(0) = ? [pid 3632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 53.769309][ T3632] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 53.784674][ T3632] EXT4-fs (loop0): orphan cleanup on readonly fs [ 53.798101][ T3632] EXT4-fs (loop0): 1 truncate cleaned up [ 53.808864][ T3632] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3635 ./strace-static-x86_64: Process 3635 attached [pid 3635] chdir("./1") = 0 [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] write(3, "1000", 4) = 4 [pid 3635] close(3) = 0 [pid 3635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3635] memfd_create("syzkaller", 0) = 3 [pid 3635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 53.833698][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3635] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3635] close(3) = 0 [pid 3635] mkdir("./file0", 0777) = 0 [ 53.888083][ T3635] loop0: detected capacity change from 0 to 512 [ 53.900203][ T3635] EXT4-fs (loop0): orphan cleanup on readonly fs [ 53.910651][ T3635] EXT4-fs (loop0): 1 truncate cleaned up [pid 3635] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3635] chdir("./file0") = 0 [pid 3635] ioctl(4, LOOP_CLR_FD) = 0 [pid 3635] close(4) = 0 [pid 3635] exit_group(0) = ? [pid 3635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3635, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] chdir("./2") = 0 [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3637] memfd_create("syzkaller", 0) = 3 [pid 3637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3637] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.938533][ T3635] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 53.974872][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3637] close(3) = 0 [pid 3637] mkdir("./file0", 0777) = 0 [pid 3637] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3637] chdir("./file0") = 0 [pid 3637] ioctl(4, LOOP_CLR_FD) = 0 [pid 3637] close(4) = 0 [pid 3637] exit_group(0) = ? [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 54.015577][ T3637] loop0: detected capacity change from 0 to 512 [ 54.031043][ T3637] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.040108][ T3637] EXT4-fs (loop0): 1 truncate cleaned up [ 54.048864][ T3637] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3639 ./strace-static-x86_64: Process 3639 attached [pid 3639] chdir("./3") = 0 [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3639] memfd_create("syzkaller", 0) = 3 [pid 3639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3639] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.079613][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3639] close(3) = 0 [pid 3639] mkdir("./file0", 0777) = 0 [ 54.129883][ T3639] loop0: detected capacity change from 0 to 512 [ 54.142543][ T3639] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.152727][ T3639] EXT4-fs (loop0): 1 truncate cleaned up [pid 3639] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3639] chdir("./file0") = 0 [pid 3639] ioctl(4, LOOP_CLR_FD) = 0 [pid 3639] close(4) = 0 [pid 3639] exit_group(0) = ? [pid 3639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3641 ./strace-static-x86_64: Process 3641 attached [pid 3641] chdir("./4") = 0 [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3641] setpgid(0, 0) = 0 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3641] write(3, "1000", 4) = 4 [pid 3641] close(3) = 0 [pid 3641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3641] memfd_create("syzkaller", 0) = 3 [pid 3641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3641] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.178539][ T3639] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 54.200631][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3641] close(3) = 0 [pid 3641] mkdir("./file0", 0777) = 0 [pid 3641] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3641] chdir("./file0") = 0 [pid 3641] ioctl(4, LOOP_CLR_FD) = 0 [pid 3641] close(4) = 0 [pid 3641] exit_group(0) = ? [pid 3641] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 54.245466][ T3641] loop0: detected capacity change from 0 to 512 [ 54.256412][ T3641] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.265716][ T3641] EXT4-fs (loop0): 1 truncate cleaned up [ 54.278721][ T3641] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] chdir("./5") = 0 [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 54.304070][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3643] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3643] close(3) = 0 [pid 3643] mkdir("./file0", 0777) = 0 [pid 3643] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3643] chdir("./file0") = 0 [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3643] close(4) = 0 [pid 3643] exit_group(0) = ? [pid 3643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 54.354947][ T3643] loop0: detected capacity change from 0 to 512 [ 54.366279][ T3643] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.376625][ T3643] EXT4-fs (loop0): 1 truncate cleaned up [ 54.390417][ T3643] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] chdir("./6") = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3645] memfd_create("syzkaller", 0) = 3 [pid 3645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3645] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.412794][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3645] close(3) = 0 [pid 3645] mkdir("./file0", 0777) = 0 [pid 3645] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3645] chdir("./file0") = 0 [pid 3645] ioctl(4, LOOP_CLR_FD) = 0 [pid 3645] close(4) = 0 [pid 3645] exit_group(0) = ? [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 54.457443][ T3645] loop0: detected capacity change from 0 to 512 [ 54.470237][ T3645] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.480107][ T3645] EXT4-fs (loop0): 1 truncate cleaned up [ 54.488819][ T3645] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] chdir("./7") = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3648] memfd_create("syzkaller", 0) = 3 [pid 3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3648] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3648] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [ 54.507204][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3648] ioctl(4, LOOP_CLR_FD) = 0 [pid 3648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3648] close(3) = 0 [pid 3648] mkdir("./file0", 0777) = 0 [ 54.570670][ T3633] I/O error, dev loop0, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 54.584779][ T3648] loop0: detected capacity change from 0 to 512 [ 54.588205][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 54.605693][ T3648] EXT4-fs (loop0): orphan cleanup on readonly fs [pid 3648] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3648] chdir("./file0") = 0 [pid 3648] ioctl(4, LOOP_CLR_FD) = 0 [pid 3648] close(4) = 0 [pid 3648] exit_group(0) = ? [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3650 ./strace-static-x86_64: Process 3650 attached [pid 3650] chdir("./8") = 0 [pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3650] setpgid(0, 0) = 0 [pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3650] write(3, "1000", 4) = 4 [pid 3650] close(3) = 0 [pid 3650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3650] memfd_create("syzkaller", 0) = 3 [pid 3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3650] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.617793][ T3648] EXT4-fs (loop0): 1 truncate cleaned up [ 54.629007][ T3648] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 54.656832][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3650] close(3) = 0 [pid 3650] mkdir("./file0", 0777) = 0 [ 54.693188][ T3650] loop0: detected capacity change from 0 to 512 [ 54.707313][ T3650] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.717371][ T3650] EXT4-fs (loop0): 1 truncate cleaned up [pid 3650] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3650] chdir("./file0") = 0 [pid 3650] ioctl(4, LOOP_CLR_FD) = 0 [pid 3650] close(4) = 0 [pid 3650] exit_group(0) = ? [pid 3650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3652 ./strace-static-x86_64: Process 3652 attached [pid 3652] chdir("./9") = 0 [pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3652] setpgid(0, 0) = 0 [pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3652] write(3, "1000", 4) = 4 [pid 3652] close(3) = 0 [pid 3652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3652] memfd_create("syzkaller", 0) = 3 [pid 3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3652] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.758785][ T3650] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 54.787443][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3652] close(3) = 0 [pid 3652] mkdir("./file0", 0777) = 0 [pid 3652] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3652] chdir("./file0") = 0 [pid 3652] ioctl(4, LOOP_CLR_FD) = 0 [pid 3652] close(4) = 0 [pid 3652] exit_group(0) = ? [pid 3652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 54.828930][ T3652] loop0: detected capacity change from 0 to 512 [ 54.840061][ T3652] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.850811][ T3652] EXT4-fs (loop0): 1 truncate cleaned up [ 54.859172][ T3652] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3654 ./strace-static-x86_64: Process 3654 attached [pid 3654] chdir("./10") = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3654] memfd_create("syzkaller", 0) = 3 [pid 3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3654] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.881908][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3654] close(3) = 0 [pid 3654] mkdir("./file0", 0777) = 0 [ 54.925246][ T3654] loop0: detected capacity change from 0 to 512 [ 54.936773][ T3654] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.946815][ T3654] EXT4-fs (loop0): 1 truncate cleaned up [pid 3654] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3654] chdir("./file0") = 0 [pid 3654] ioctl(4, LOOP_CLR_FD) = 0 [pid 3654] close(4) = 0 [pid 3654] exit_group(0) = ? [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3656 ./strace-static-x86_64: Process 3656 attached [pid 3656] chdir("./11") = 0 [pid 3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3656] setpgid(0, 0) = 0 [pid 3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3656] write(3, "1000", 4) = 4 [pid 3656] close(3) = 0 [pid 3656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3656] memfd_create("syzkaller", 0) = 3 [pid 3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3656] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.978679][ T3654] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 55.001729][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3656] close(3) = 0 [pid 3656] mkdir("./file0", 0777) = 0 [ 55.044577][ T3656] loop0: detected capacity change from 0 to 512 [ 55.055892][ T3656] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.066311][ T3656] EXT4-fs (loop0): 1 truncate cleaned up [pid 3656] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3656] chdir("./file0") = 0 [pid 3656] ioctl(4, LOOP_CLR_FD) = 0 [pid 3656] close(4) = 0 [pid 3656] exit_group(0) = ? [pid 3656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3658 ./strace-static-x86_64: Process 3658 attached [pid 3658] chdir("./12") = 0 [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3658] setpgid(0, 0) = 0 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3658] write(3, "1000", 4) = 4 [pid 3658] close(3) = 0 [pid 3658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3658] memfd_create("syzkaller", 0) = 3 [pid 3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3658] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.098885][ T3656] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 55.123555][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3658] close(3) = 0 [pid 3658] mkdir("./file0", 0777) = 0 [pid 3658] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3658] chdir("./file0") = 0 [pid 3658] ioctl(4, LOOP_CLR_FD) = 0 [pid 3658] close(4) = 0 [pid 3658] exit_group(0) = ? [pid 3658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 55.176136][ T3658] loop0: detected capacity change from 0 to 512 [ 55.187456][ T3658] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.197695][ T3658] EXT4-fs (loop0): 1 truncate cleaned up [ 55.208713][ T3658] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3660 ./strace-static-x86_64: Process 3660 attached [pid 3660] chdir("./13") = 0 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3660] memfd_create("syzkaller", 0) = 3 [pid 3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3660] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.234051][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3660] close(3) = 0 [pid 3660] mkdir("./file0", 0777) = 0 [ 55.277576][ T3660] loop0: detected capacity change from 0 to 512 [ 55.289839][ T3660] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.300526][ T3660] EXT4-fs (loop0): 1 truncate cleaned up [pid 3660] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3660] chdir("./file0") = 0 [pid 3660] ioctl(4, LOOP_CLR_FD) = 0 [pid 3660] close(4) = 0 [pid 3660] exit_group(0) = ? [pid 3660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3662 ./strace-static-x86_64: Process 3662 attached [pid 3662] chdir("./14") = 0 [pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3662] setpgid(0, 0) = 0 [pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3662] write(3, "1000", 4) = 4 [pid 3662] close(3) = 0 [pid 3662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3662] memfd_create("syzkaller", 0) = 3 [pid 3662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3662] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.328668][ T3660] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 55.359154][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3662] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3662] close(3) = 0 [pid 3662] mkdir("./file0", 0777) = 0 [pid 3662] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3662] chdir("./file0") = 0 [pid 3662] ioctl(4, LOOP_CLR_FD) = 0 [pid 3662] close(4) = 0 [pid 3662] exit_group(0) = ? [pid 3662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 55.407708][ T3662] loop0: detected capacity change from 0 to 512 [ 55.419945][ T3662] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.430341][ T3662] EXT4-fs (loop0): 1 truncate cleaned up [ 55.436546][ T3662] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3664 ./strace-static-x86_64: Process 3664 attached [pid 3664] chdir("./15") = 0 [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3664] memfd_create("syzkaller", 0) = 3 [pid 3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3664] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.462660][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3664] close(3) = 0 [pid 3664] mkdir("./file0", 0777) = 0 [pid 3664] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3664] chdir("./file0") = 0 [pid 3664] ioctl(4, LOOP_CLR_FD) = 0 [pid 3664] close(4) = 0 [pid 3664] exit_group(0) = ? [pid 3664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 55.507760][ T3664] loop0: detected capacity change from 0 to 512 [ 55.520226][ T3664] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.529967][ T3664] EXT4-fs (loop0): 1 truncate cleaned up [ 55.538834][ T3664] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3666 ./strace-static-x86_64: Process 3666 attached [pid 3666] chdir("./16") = 0 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3666] memfd_create("syzkaller", 0) = 3 [pid 3666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3666] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.564400][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3666] close(3) = 0 [pid 3666] mkdir("./file0", 0777) = 0 [pid 3666] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3666] chdir("./file0") = 0 [pid 3666] ioctl(4, LOOP_CLR_FD) = 0 [pid 3666] close(4) = 0 [pid 3666] exit_group(0) = ? [pid 3666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 55.613520][ T3666] loop0: detected capacity change from 0 to 512 [ 55.625290][ T3666] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.635291][ T3666] EXT4-fs (loop0): 1 truncate cleaned up [ 55.648726][ T3666] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3668 ./strace-static-x86_64: Process 3668 attached [pid 3668] chdir("./17") = 0 [pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3668] setpgid(0, 0) = 0 [pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3668] write(3, "1000", 4) = 4 [pid 3668] close(3) = 0 [pid 3668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3668] memfd_create("syzkaller", 0) = 3 [pid 3668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3668] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.676440][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3668] close(3) = 0 [pid 3668] mkdir("./file0", 0777) = 0 [pid 3668] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3668] chdir("./file0") = 0 [pid 3668] ioctl(4, LOOP_CLR_FD) = 0 [pid 3668] close(4) = 0 [pid 3668] exit_group(0) = ? [pid 3668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 55.719067][ T3668] loop0: detected capacity change from 0 to 512 [ 55.731087][ T3668] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.741223][ T3668] EXT4-fs (loop0): 1 truncate cleaned up [ 55.748775][ T3668] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3670 ./strace-static-x86_64: Process 3670 attached [pid 3670] chdir("./18") = 0 [pid 3670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3670] setpgid(0, 0) = 0 [pid 3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3670] write(3, "1000", 4) = 4 [pid 3670] close(3) = 0 [pid 3670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3670] memfd_create("syzkaller", 0) = 3 [pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3670] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.769094][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3670] close(3) = 0 [pid 3670] mkdir("./file0", 0777) = 0 [ 55.812995][ T3670] loop0: detected capacity change from 0 to 512 [ 55.826841][ T3670] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.837392][ T3670] EXT4-fs (loop0): 1 truncate cleaned up [pid 3670] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3670] chdir("./file0") = 0 [pid 3670] ioctl(4, LOOP_CLR_FD) = 0 [pid 3670] close(4) = 0 [pid 3670] exit_group(0) = ? [pid 3670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3672 ./strace-static-x86_64: Process 3672 attached [pid 3672] chdir("./19") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3672] memfd_create("syzkaller", 0) = 3 [pid 3672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3672] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.878876][ T3670] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 55.914501][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3672] close(3) = 0 [pid 3672] mkdir("./file0", 0777) = 0 [pid 3672] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3672] chdir("./file0") = 0 [pid 3672] ioctl(4, LOOP_CLR_FD) = 0 [pid 3672] close(4) = 0 [pid 3672] exit_group(0) = ? [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 55.957182][ T3672] loop0: detected capacity change from 0 to 512 [ 55.969732][ T3672] EXT4-fs (loop0): orphan cleanup on readonly fs [ 55.979979][ T3672] EXT4-fs (loop0): 1 truncate cleaned up [ 55.986288][ T3672] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3674 ./strace-static-x86_64: Process 3674 attached [pid 3674] chdir("./20") = 0 [pid 3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3674] setpgid(0, 0) = 0 [pid 3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3674] write(3, "1000", 4) = 4 [pid 3674] close(3) = 0 [pid 3674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3674] memfd_create("syzkaller", 0) = 3 [pid 3674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3674] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.005771][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3674] close(3) = 0 [pid 3674] mkdir("./file0", 0777) = 0 [ 56.038910][ T3674] loop0: detected capacity change from 0 to 512 [ 56.057542][ T3674] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.067534][ T3674] EXT4-fs (loop0): 1 truncate cleaned up [pid 3674] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3674] chdir("./file0") = 0 [pid 3674] ioctl(4, LOOP_CLR_FD) = 0 [pid 3674] close(4) = 0 [pid 3674] exit_group(0) = ? [pid 3674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3676 ./strace-static-x86_64: Process 3676 attached [pid 3676] chdir("./21") = 0 [pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3676] setpgid(0, 0) = 0 [pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3676] write(3, "1000", 4) = 4 [pid 3676] close(3) = 0 [pid 3676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3676] memfd_create("syzkaller", 0) = 3 [pid 3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 56.098718][ T3674] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 56.117686][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3676] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3676] close(3) = 0 [pid 3676] mkdir("./file0", 0777) = 0 [ 56.162903][ T3676] loop0: detected capacity change from 0 to 512 [ 56.176906][ T3676] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.186955][ T3676] EXT4-fs (loop0): 1 truncate cleaned up [pid 3676] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3676] chdir("./file0") = 0 [pid 3676] ioctl(4, LOOP_CLR_FD) = 0 [pid 3676] close(4) = 0 [pid 3676] exit_group(0) = ? [pid 3676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3678 ./strace-static-x86_64: Process 3678 attached [pid 3678] chdir("./22") = 0 [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3678] memfd_create("syzkaller", 0) = 3 [pid 3678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3678] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.228634][ T3676] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 56.264562][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3678] close(3) = 0 [pid 3678] mkdir("./file0", 0777) = 0 [pid 3678] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3678] chdir("./file0") = 0 [pid 3678] ioctl(4, LOOP_CLR_FD) = 0 [pid 3678] close(4) = 0 [pid 3678] exit_group(0) = ? [pid 3678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 56.305845][ T3678] loop0: detected capacity change from 0 to 512 [ 56.316843][ T3678] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.327367][ T3678] EXT4-fs (loop0): 1 truncate cleaned up [ 56.338869][ T3678] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3681 attached [pid 3681] chdir("./23" [pid 3631] <... clone resumed>, child_tidptr=0x555555e325d0) = 3681 [pid 3681] <... chdir resumed>) = 0 [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3681] memfd_create("syzkaller", 0) = 3 [pid 3681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3681] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.361886][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3681] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3681] close(3) = 0 [pid 3681] mkdir("./file0", 0777) = 0 [pid 3681] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3681] chdir("./file0") = 0 [pid 3681] ioctl(4, LOOP_CLR_FD) = 0 [pid 3681] close(4) = 0 [pid 3681] exit_group(0) = ? [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 56.410558][ T3681] loop0: detected capacity change from 0 to 512 [ 56.422271][ T3681] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.431303][ T3681] EXT4-fs (loop0): 1 truncate cleaned up [ 56.439134][ T3681] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3683 [ 56.457117][ T3631] EXT4-fs (loop0): unmounting filesystem. ./strace-static-x86_64: Process 3683 attached [pid 3683] chdir("./24") = 0 [pid 3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3683] setpgid(0, 0) = 0 [pid 3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3683] write(3, "1000", 4) = 4 [pid 3683] close(3) = 0 [pid 3683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3683] memfd_create("syzkaller", 0) = 3 [pid 3683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3683] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3683] close(3) = 0 [pid 3683] mkdir("./file0", 0777) = 0 [ 56.515020][ T3683] loop0: detected capacity change from 0 to 512 [ 56.526832][ T3683] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.536499][ T3683] EXT4-fs (loop0): 1 truncate cleaned up [pid 3683] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3683] chdir("./file0") = 0 [pid 3683] ioctl(4, LOOP_CLR_FD) = 0 [pid 3683] close(4) = 0 [pid 3683] exit_group(0) = ? [pid 3683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3685 ./strace-static-x86_64: Process 3685 attached [pid 3685] chdir("./25") = 0 [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3685] memfd_create("syzkaller", 0) = 3 [pid 3685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 56.578767][ T3683] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 56.596876][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3685] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3685] close(3) = 0 [pid 3685] mkdir("./file0", 0777) = 0 [pid 3685] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3685] chdir("./file0") = 0 [pid 3685] ioctl(4, LOOP_CLR_FD) = 0 [pid 3685] close(4) = 0 [pid 3685] exit_group(0) = ? [pid 3685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 56.644989][ T3685] loop0: detected capacity change from 0 to 512 [ 56.656140][ T3685] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.666985][ T3685] EXT4-fs (loop0): 1 truncate cleaned up [ 56.678885][ T3685] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] chdir("./26") = 0 [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3687] memfd_create("syzkaller", 0) = 3 [pid 3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3687] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.702249][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3687] close(3) = 0 [pid 3687] mkdir("./file0", 0777) = 0 [pid 3687] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3687] chdir("./file0") = 0 [pid 3687] ioctl(4, LOOP_CLR_FD) = 0 [pid 3687] close(4) = 0 [pid 3687] exit_group(0) = ? [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 56.752967][ T3687] loop0: detected capacity change from 0 to 512 [ 56.765470][ T3687] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.775100][ T3687] EXT4-fs (loop0): 1 truncate cleaned up [ 56.789200][ T3687] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3689 ./strace-static-x86_64: Process 3689 attached [pid 3689] chdir("./27") = 0 [pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3689] setpgid(0, 0) = 0 [pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3689] write(3, "1000", 4) = 4 [pid 3689] close(3) = 0 [pid 3689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3689] memfd_create("syzkaller", 0) = 3 [pid 3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3689] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.816816][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3689] close(3) = 0 [pid 3689] mkdir("./file0", 0777) = 0 [pid 3689] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3689] chdir("./file0") = 0 [pid 3689] ioctl(4, LOOP_CLR_FD) = 0 [pid 3689] close(4) = 0 [pid 3689] exit_group(0) = ? [pid 3689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 56.872785][ T3689] loop0: detected capacity change from 0 to 512 [ 56.884073][ T3689] EXT4-fs (loop0): orphan cleanup on readonly fs [ 56.894013][ T3689] EXT4-fs (loop0): 1 truncate cleaned up [ 56.909150][ T3689] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3691 ./strace-static-x86_64: Process 3691 attached [pid 3691] chdir("./28") = 0 [pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3691] setpgid(0, 0) = 0 [pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3691] write(3, "1000", 4) = 4 [pid 3691] close(3) = 0 [pid 3691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3691] memfd_create("syzkaller", 0) = 3 [pid 3691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3691] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.942136][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3691] close(3) = 0 [pid 3691] mkdir("./file0", 0777) = 0 [pid 3691] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3691] chdir("./file0") = 0 [pid 3691] ioctl(4, LOOP_CLR_FD) = 0 [pid 3691] close(4) = 0 [pid 3691] exit_group(0) = ? [pid 3691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 56.984848][ T3691] loop0: detected capacity change from 0 to 512 [ 56.995997][ T3691] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.005713][ T3691] EXT4-fs (loop0): 1 truncate cleaned up [ 57.018965][ T3691] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3693 ./strace-static-x86_64: Process 3693 attached [pid 3693] chdir("./29") = 0 [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3693] memfd_create("syzkaller", 0) = 3 [pid 3693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3693] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.038914][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3693] close(3) = 0 [pid 3693] mkdir("./file0", 0777) = 0 [pid 3693] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3693] chdir("./file0") = 0 [pid 3693] ioctl(4, LOOP_CLR_FD) = 0 [pid 3693] close(4) = 0 [pid 3693] exit_group(0) = ? [pid 3693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 57.086725][ T3693] loop0: detected capacity change from 0 to 512 [ 57.098886][ T3693] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.107958][ T3693] EXT4-fs (loop0): 1 truncate cleaned up [ 57.118533][ T3693] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3695 ./strace-static-x86_64: Process 3695 attached [pid 3695] chdir("./30") = 0 [pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3695] setpgid(0, 0) = 0 [pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3695] write(3, "1000", 4) = 4 [pid 3695] close(3) = 0 [pid 3695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3695] memfd_create("syzkaller", 0) = 3 [pid 3695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3695] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.153292][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3695] close(3) = 0 [pid 3695] mkdir("./file0", 0777) = 0 [pid 3695] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3695] chdir("./file0") = 0 [pid 3695] ioctl(4, LOOP_CLR_FD) = 0 [pid 3695] close(4) = 0 [pid 3695] exit_group(0) = ? [pid 3695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 57.194395][ T3695] loop0: detected capacity change from 0 to 512 [ 57.205998][ T3695] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.215386][ T3695] EXT4-fs (loop0): 1 truncate cleaned up [ 57.230265][ T3695] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3697 ./strace-static-x86_64: Process 3697 attached [pid 3697] chdir("./31") = 0 [pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3697] setpgid(0, 0) = 0 [pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3697] write(3, "1000", 4) = 4 [pid 3697] close(3) = 0 [pid 3697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3697] memfd_create("syzkaller", 0) = 3 [pid 3697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3697] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.257086][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3697] close(3) = 0 [pid 3697] mkdir("./file0", 0777) = 0 [ 57.299401][ T3697] loop0: detected capacity change from 0 to 512 [ 57.312203][ T3697] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.321837][ T3697] EXT4-fs (loop0): 1 truncate cleaned up [pid 3697] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3697] chdir("./file0") = 0 [pid 3697] ioctl(4, LOOP_CLR_FD) = 0 [pid 3697] close(4) = 0 [pid 3697] exit_group(0) = ? [pid 3697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3699 ./strace-static-x86_64: Process 3699 attached [pid 3699] chdir("./32") = 0 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3699] memfd_create("syzkaller", 0) = 3 [pid 3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 57.348548][ T3697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 57.366773][ T3631] EXT4-fs (loop0): unmounting filesystem. [pid 3699] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3699] close(3) = 0 [pid 3699] mkdir("./file0", 0777) = 0 [pid 3699] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3699] chdir("./file0") = 0 [pid 3699] ioctl(4, LOOP_CLR_FD) = 0 [pid 3699] close(4) = 0 [pid 3699] exit_group(0) = ? [pid 3699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3701 [ 57.412182][ T3699] loop0: detected capacity change from 0 to 512 [ 57.423998][ T3699] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.433724][ T3699] EXT4-fs (loop0): 1 truncate cleaned up ./strace-static-x86_64: Process 3701 attached [pid 3701] chdir("./33") = 0 [pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3701] setpgid(0, 0) = 0 [pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3701] write(3, "1000", 4) = 4 [pid 3701] close(3) = 0 [pid 3701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3701] memfd_create("syzkaller", 0) = 3 [pid 3701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3701] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3701] close(3) = 0 [pid 3701] mkdir("./file0", 0777) = 0 [pid 3701] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3701] chdir("./file0") = 0 [pid 3701] ioctl(4, LOOP_CLR_FD) = 0 [pid 3701] close(4) = 0 [pid 3701] exit_group(0) = ? [pid 3701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3703 ./strace-static-x86_64: Process 3703 attached [pid 3703] chdir("./34") = 0 [pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3703] setpgid(0, 0) = 0 [pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3703] write(3, "1000", 4) = 4 [pid 3703] close(3) = 0 [pid 3703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3703] memfd_create("syzkaller", 0) = 3 [pid 3703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3703] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.498232][ T3701] loop0: detected capacity change from 0 to 512 [ 57.510703][ T3701] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.519783][ T3701] EXT4-fs (loop0): 1 truncate cleaned up [pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3703] close(3) = 0 [pid 3703] mkdir("./file0", 0777) = 0 [pid 3703] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3703] chdir("./file0") = 0 [pid 3703] ioctl(4, LOOP_CLR_FD) = 0 [pid 3703] close(4) = 0 [pid 3703] exit_group(0) = ? [pid 3703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 57.575647][ T3703] loop0: detected capacity change from 0 to 512 [ 57.587640][ T3703] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.598911][ T3703] EXT4-fs (loop0): 1 truncate cleaned up umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3705 ./strace-static-x86_64: Process 3705 attached [pid 3705] chdir("./35") = 0 [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3705] memfd_create("syzkaller", 0) = 3 [pid 3705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3705] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3705] close(3) = 0 [pid 3705] mkdir("./file0", 0777) = 0 [pid 3705] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3705] chdir("./file0") = 0 [pid 3705] ioctl(4, LOOP_CLR_FD) = 0 [pid 3705] close(4) = 0 [pid 3705] exit_group(0) = ? [pid 3705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3707 ./strace-static-x86_64: Process 3707 attached [pid 3707] chdir("./36") = 0 [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3707] setpgid(0, 0) = 0 [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3707] write(3, "1000", 4) = 4 [pid 3707] close(3) = 0 [pid 3707] symlink("/dev/binderfs", "./binderfs") = 0 [ 57.692883][ T3705] loop0: detected capacity change from 0 to 512 [ 57.706294][ T3705] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.716463][ T3705] EXT4-fs (loop0): 1 truncate cleaned up [pid 3707] memfd_create("syzkaller", 0) = 3 [pid 3707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3707] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3707] close(3) = 0 [pid 3707] mkdir("./file0", 0777) = 0 [pid 3707] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3707] chdir("./file0") = 0 [pid 3707] ioctl(4, LOOP_CLR_FD) = 0 [pid 3707] close(4) = 0 [pid 3707] exit_group(0) = ? [pid 3707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3709 ./strace-static-x86_64: Process 3709 attached [pid 3709] chdir("./37") = 0 [pid 3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3709] setpgid(0, 0) = 0 [pid 3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3709] write(3, "1000", 4) = 4 [pid 3709] close(3) = 0 [pid 3709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3709] memfd_create("syzkaller", 0) = 3 [pid 3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3709] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.781658][ T3707] loop0: detected capacity change from 0 to 512 [ 57.793186][ T3707] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.802532][ T3707] EXT4-fs (loop0): 1 truncate cleaned up [pid 3709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3709] close(3) = 0 [pid 3709] mkdir("./file0", 0777) = 0 [pid 3709] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3709] chdir("./file0") = 0 [pid 3709] ioctl(4, LOOP_CLR_FD) = 0 [pid 3709] close(4) = 0 [pid 3709] exit_group(0) = ? [pid 3709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 57.844181][ T3709] loop0: detected capacity change from 0 to 512 [ 57.849437][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 57.863282][ T3709] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.874449][ T3709] EXT4-fs (loop0): 1 truncate cleaned up umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3711 ./strace-static-x86_64: Process 3711 attached [pid 3711] chdir("./38") = 0 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3711] memfd_create("syzkaller", 0) = 3 [pid 3711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3711] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3711] close(3) = 0 [pid 3711] mkdir("./file0", 0777) = 0 [pid 3711] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3711] chdir("./file0") = 0 [pid 3711] ioctl(4, LOOP_CLR_FD) = 0 [pid 3711] close(4) = 0 [pid 3711] exit_group(0) = ? [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3713 ./strace-static-x86_64: Process 3713 attached [pid 3713] chdir("./39") = 0 [pid 3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3713] setpgid(0, 0) = 0 [pid 3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3713] write(3, "1000", 4) = 4 [pid 3713] close(3) = 0 [pid 3713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3713] memfd_create("syzkaller", 0) = 3 [pid 3713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 57.968039][ T3711] loop0: detected capacity change from 0 to 512 [ 57.979886][ T3711] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.989592][ T3711] EXT4-fs (loop0): 1 truncate cleaned up [pid 3713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3713] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3713] close(3) = 0 [pid 3713] mkdir("./file0", 0777) = 0 [pid 3713] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3713] chdir("./file0") = 0 [pid 3713] ioctl(4, LOOP_CLR_FD) = 0 [pid 3713] close(4) = 0 [pid 3713] exit_group(0) = ? [pid 3713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3715 ./strace-static-x86_64: Process 3715 attached [pid 3715] chdir("./40") = 0 [pid 3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3715] setpgid(0, 0) = 0 [pid 3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3715] write(3, "1000", 4) = 4 [pid 3715] close(3) = 0 [pid 3715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3715] memfd_create("syzkaller", 0) = 3 [pid 3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 58.052934][ T3713] loop0: detected capacity change from 0 to 512 [ 58.063812][ T3713] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.073628][ T3713] EXT4-fs (loop0): 1 truncate cleaned up [pid 3715] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3715] close(3) = 0 [pid 3715] mkdir("./file0", 0777) = 0 [pid 3715] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3715] chdir("./file0") = 0 [pid 3715] ioctl(4, LOOP_CLR_FD) = 0 [pid 3715] close(4) = 0 [pid 3715] exit_group(0) = ? [pid 3715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3717 ./strace-static-x86_64: Process 3717 attached [pid 3717] chdir("./41") = 0 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3717] setpgid(0, 0) = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3717] memfd_create("syzkaller", 0) = 3 [pid 3717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3717] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.134931][ T3715] loop0: detected capacity change from 0 to 512 [ 58.146750][ T3715] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.156295][ T3715] EXT4-fs (loop0): 1 truncate cleaned up [pid 3717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3717] close(3) = 0 [pid 3717] mkdir("./file0", 0777) = 0 [pid 3717] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3717] chdir("./file0") = 0 [pid 3717] ioctl(4, LOOP_CLR_FD) = 0 [pid 3717] close(4) = 0 [pid 3717] exit_group(0) = ? [pid 3717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3719 ./strace-static-x86_64: Process 3719 attached [pid 3719] chdir("./42") = 0 [pid 3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3719] setpgid(0, 0) = 0 [pid 3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3719] write(3, "1000", 4) = 4 [pid 3719] close(3) = 0 [pid 3719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3719] memfd_create("syzkaller", 0) = 3 [pid 3719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 58.215292][ T3717] loop0: detected capacity change from 0 to 512 [ 58.226461][ T3717] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.236188][ T3717] EXT4-fs (loop0): 1 truncate cleaned up [pid 3719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3719] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3719] close(3) = 0 [pid 3719] mkdir("./file0", 0777) = 0 [pid 3719] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3719] chdir("./file0") = 0 [pid 3719] ioctl(4, LOOP_CLR_FD) = 0 [pid 3719] close(4) = 0 [pid 3719] exit_group(0) = ? [pid 3719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 58.300463][ T3719] loop0: detected capacity change from 0 to 512 [ 58.313217][ T3719] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.323942][ T3719] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./42/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3721 ./strace-static-x86_64: Process 3721 attached [pid 3721] chdir("./43") = 0 [pid 3721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3721] setpgid(0, 0) = 0 [pid 3721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3721] write(3, "1000", 4) = 4 [pid 3721] close(3) = 0 [pid 3721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3721] memfd_create("syzkaller", 0) = 3 [pid 3721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3721] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3721] close(3) = 0 [pid 3721] mkdir("./file0", 0777) = 0 [pid 3721] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3721] chdir("./file0") = 0 [pid 3721] ioctl(4, LOOP_CLR_FD) = 0 [pid 3721] close(4) = 0 [pid 3721] exit_group(0) = ? [pid 3721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3721, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3723 ./strace-static-x86_64: Process 3723 attached [pid 3723] chdir("./44") = 0 [ 58.403371][ T3721] loop0: detected capacity change from 0 to 512 [ 58.415068][ T3721] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.425195][ T3721] EXT4-fs (loop0): 1 truncate cleaned up [pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3723] setpgid(0, 0) = 0 [pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3723] write(3, "1000", 4) = 4 [pid 3723] close(3) = 0 [pid 3723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3723] memfd_create("syzkaller", 0) = 3 [pid 3723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3723] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3723] close(3) = 0 [pid 3723] mkdir("./file0", 0777) = 0 [pid 3723] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3723] chdir("./file0") = 0 [pid 3723] ioctl(4, LOOP_CLR_FD) = 0 [pid 3723] close(4) = 0 [pid 3723] exit_group(0) = ? [pid 3723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3725 ./strace-static-x86_64: Process 3725 attached [pid 3725] chdir("./45") = 0 [pid 3725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3725] setpgid(0, 0) = 0 [ 58.500506][ T3723] loop0: detected capacity change from 0 to 512 [ 58.512572][ T3723] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.522561][ T3723] EXT4-fs (loop0): 1 truncate cleaned up [pid 3725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3725] write(3, "1000", 4) = 4 [pid 3725] close(3) = 0 [pid 3725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3725] memfd_create("syzkaller", 0) = 3 [pid 3725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3725] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3725] close(3) = 0 [pid 3725] mkdir("./file0", 0777) = 0 [pid 3725] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3725] chdir("./file0") = 0 [pid 3725] ioctl(4, LOOP_CLR_FD) = 0 [pid 3725] close(4) = 0 [pid 3725] exit_group(0) = ? [pid 3725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3725, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 [ 58.589770][ T3725] loop0: detected capacity change from 0 to 512 [ 58.602234][ T3725] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.612253][ T3725] EXT4-fs (loop0): 1 truncate cleaned up getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3727 ./strace-static-x86_64: Process 3727 attached [pid 3727] chdir("./46") = 0 [pid 3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3727] setpgid(0, 0) = 0 [pid 3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3727] write(3, "1000", 4) = 4 [pid 3727] close(3) = 0 [pid 3727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3727] memfd_create("syzkaller", 0) = 3 [pid 3727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3727] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3727] close(3) = 0 [pid 3727] mkdir("./file0", 0777) = 0 [pid 3727] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3727] chdir("./file0") = 0 [pid 3727] ioctl(4, LOOP_CLR_FD) = 0 [pid 3727] close(4) = 0 [pid 3727] exit_group(0) = ? [pid 3727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3729 ./strace-static-x86_64: Process 3729 attached [ 58.701469][ T3727] loop0: detected capacity change from 0 to 512 [ 58.713194][ T3727] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.722491][ T3727] EXT4-fs (loop0): 1 truncate cleaned up [pid 3729] chdir("./47") = 0 [pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3729] setpgid(0, 0) = 0 [pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3729] write(3, "1000", 4) = 4 [pid 3729] close(3) = 0 [pid 3729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3729] memfd_create("syzkaller", 0) = 3 [pid 3729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3729] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3729] close(3) = 0 [pid 3729] mkdir("./file0", 0777) = 0 [pid 3729] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3729] chdir("./file0") = 0 [pid 3729] ioctl(4, LOOP_CLR_FD) = 0 [pid 3729] close(4) = 0 [pid 3729] exit_group(0) = ? [pid 3729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3731 ./strace-static-x86_64: Process 3731 attached [pid 3731] chdir("./48") = 0 [pid 3731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3731] setpgid(0, 0) = 0 [pid 3731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3731] write(3, "1000", 4) = 4 [pid 3731] close(3) = 0 [pid 3731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3731] memfd_create("syzkaller", 0) = 3 [pid 3731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 58.795430][ T3729] loop0: detected capacity change from 0 to 512 [ 58.806868][ T3729] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.815950][ T3729] EXT4-fs (loop0): 1 truncate cleaned up [pid 3731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3731] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3731] close(3) = 0 [pid 3731] mkdir("./file0", 0777) = 0 [pid 3731] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3731] chdir("./file0") = 0 [pid 3731] ioctl(4, LOOP_CLR_FD) = 0 [pid 3731] close(4) = 0 [pid 3731] exit_group(0) = ? [pid 3731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3731, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 58.879796][ T3731] loop0: detected capacity change from 0 to 512 [ 58.894340][ T3731] EXT4-fs (loop0): orphan cleanup on readonly fs [ 58.904296][ T3731] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3733 ./strace-static-x86_64: Process 3733 attached [pid 3733] chdir("./49") = 0 [pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3733] setpgid(0, 0) = 0 [pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3733] write(3, "1000", 4) = 4 [pid 3733] close(3) = 0 [pid 3733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3733] memfd_create("syzkaller", 0) = 3 [pid 3733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3733] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3733] close(3) = 0 [pid 3733] mkdir("./file0", 0777) = 0 [pid 3733] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3733] chdir("./file0") = 0 [pid 3733] ioctl(4, LOOP_CLR_FD) = 0 [pid 3733] close(4) = 0 [pid 3733] exit_group(0) = ? [pid 3733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3735 ./strace-static-x86_64: Process 3735 attached [pid 3735] chdir("./50") = 0 [pid 3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3735] setpgid(0, 0) = 0 [pid 3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3735] write(3, "1000", 4) = 4 [pid 3735] close(3) = 0 [pid 3735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3735] memfd_create("syzkaller", 0) = 3 [pid 3735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 58.988197][ T3733] loop0: detected capacity change from 0 to 512 [ 59.001364][ T3733] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.010950][ T3733] EXT4-fs (loop0): 1 truncate cleaned up [pid 3735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3735] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3735] close(3) = 0 [pid 3735] mkdir("./file0", 0777) = 0 [pid 3735] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3735] chdir("./file0") = 0 [pid 3735] ioctl(4, LOOP_CLR_FD) = 0 [pid 3735] close(4) = 0 [pid 3735] exit_group(0) = ? [pid 3735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3737 ./strace-static-x86_64: Process 3737 attached [pid 3737] chdir("./51") = 0 [pid 3737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3737] setpgid(0, 0) = 0 [pid 3737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3737] write(3, "1000", 4) = 4 [pid 3737] close(3) = 0 [pid 3737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3737] memfd_create("syzkaller", 0) = 3 [pid 3737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 59.073083][ T3735] loop0: detected capacity change from 0 to 512 [ 59.084713][ T3735] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.095247][ T3735] EXT4-fs (loop0): 1 truncate cleaned up [pid 3737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3737] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3737] close(3) = 0 [pid 3737] mkdir("./file0", 0777) = 0 [pid 3737] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3737] chdir("./file0") = 0 [pid 3737] ioctl(4, LOOP_CLR_FD) = 0 [pid 3737] close(4) = 0 [pid 3737] exit_group(0) = ? [pid 3737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3737, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3739 ./strace-static-x86_64: Process 3739 attached [pid 3739] chdir("./52") = 0 [pid 3739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3739] setpgid(0, 0) = 0 [pid 3739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3739] write(3, "1000", 4) = 4 [pid 3739] close(3) = 0 [pid 3739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3739] memfd_create("syzkaller", 0) = 3 [pid 3739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3739] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.158951][ T3737] loop0: detected capacity change from 0 to 512 [ 59.170306][ T3737] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.180560][ T3737] EXT4-fs (loop0): 1 truncate cleaned up [pid 3739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3739] close(3) = 0 [pid 3739] mkdir("./file0", 0777) = 0 [pid 3739] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3739] chdir("./file0") = 0 [pid 3739] ioctl(4, LOOP_CLR_FD) = 0 [pid 3739] close(4) = 0 [pid 3739] exit_group(0) = ? [pid 3739] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3739, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3741 ./strace-static-x86_64: Process 3741 attached [pid 3741] chdir("./53") = 0 [pid 3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3741] setpgid(0, 0) = 0 [pid 3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3741] write(3, "1000", 4) = 4 [pid 3741] close(3) = 0 [pid 3741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3741] memfd_create("syzkaller", 0) = 3 [pid 3741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3741] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.239496][ T3739] loop0: detected capacity change from 0 to 512 [ 59.251653][ T3739] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.261212][ T3739] EXT4-fs (loop0): 1 truncate cleaned up [pid 3741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3741] close(3) = 0 [pid 3741] mkdir("./file0", 0777) = 0 [pid 3741] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3741] chdir("./file0") = 0 [pid 3741] ioctl(4, LOOP_CLR_FD) = 0 [pid 3741] close(4) = 0 [pid 3741] exit_group(0) = ? [pid 3741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3741, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3743 ./strace-static-x86_64: Process 3743 attached [pid 3743] chdir("./54") = 0 [pid 3743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3743] setpgid(0, 0) = 0 [pid 3743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3743] write(3, "1000", 4) = 4 [pid 3743] close(3) = 0 [pid 3743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3743] memfd_create("syzkaller", 0) = 3 [pid 3743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 59.318181][ T3741] loop0: detected capacity change from 0 to 512 [ 59.330922][ T3741] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.340435][ T3741] EXT4-fs (loop0): 1 truncate cleaned up [pid 3743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3743] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3743] close(3) = 0 [pid 3743] mkdir("./file0", 0777) = 0 [pid 3743] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3743] chdir("./file0") = 0 [pid 3743] ioctl(4, LOOP_CLR_FD) = 0 [pid 3743] close(4) = 0 [pid 3743] exit_group(0) = ? [pid 3743] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3743, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3745 ./strace-static-x86_64: Process 3745 attached [pid 3745] chdir("./55") = 0 [pid 3745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3745] setpgid(0, 0) = 0 [pid 3745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3745] write(3, "1000", 4) = 4 [pid 3745] close(3) = 0 [pid 3745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3745] memfd_create("syzkaller", 0) = 3 [pid 3745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 59.405082][ T3743] loop0: detected capacity change from 0 to 512 [ 59.418238][ T3743] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.427781][ T3743] EXT4-fs (loop0): 1 truncate cleaned up [pid 3745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3745] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3745] close(3) = 0 [pid 3745] mkdir("./file0", 0777) = 0 [pid 3745] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3745] chdir("./file0") = 0 [pid 3745] ioctl(4, LOOP_CLR_FD) = 0 [pid 3745] close(4) = 0 [pid 3745] exit_group(0) = ? [pid 3745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3745, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3747 ./strace-static-x86_64: Process 3747 attached [pid 3747] chdir("./56") = 0 [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3747] setpgid(0, 0) = 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3747] memfd_create("syzkaller", 0) = 3 [pid 3747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3747] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.487939][ T3745] loop0: detected capacity change from 0 to 512 [ 59.503613][ T3745] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.513521][ T3745] EXT4-fs (loop0): 1 truncate cleaned up [pid 3747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3747] close(3) = 0 [pid 3747] mkdir("./file0", 0777) = 0 [pid 3747] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3747] chdir("./file0") = 0 [pid 3747] ioctl(4, LOOP_CLR_FD) = 0 [pid 3747] close(4) = 0 [pid 3747] exit_group(0) = ? [pid 3747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 59.561129][ T3747] loop0: detected capacity change from 0 to 512 [ 59.576684][ T3747] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.586136][ T3747] EXT4-fs (loop0): 1 truncate cleaned up ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3749 ./strace-static-x86_64: Process 3749 attached [pid 3749] chdir("./57") = 0 [pid 3749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3749] setpgid(0, 0) = 0 [pid 3749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3749] write(3, "1000", 4) = 4 [pid 3749] close(3) = 0 [pid 3749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3749] memfd_create("syzkaller", 0) = 3 [pid 3749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3749] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3749] close(3) = 0 [pid 3749] mkdir("./file0", 0777) = 0 [pid 3749] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3749] chdir("./file0") = 0 [pid 3749] ioctl(4, LOOP_CLR_FD) = 0 [pid 3749] close(4) = 0 [pid 3749] exit_group(0) = ? [pid 3749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3749, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3751 attached , child_tidptr=0x555555e325d0) = 3751 [pid 3751] chdir("./58") = 0 [pid 3751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3751] setpgid(0, 0) = 0 [pid 3751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3751] write(3, "1000", 4) = 4 [pid 3751] close(3) = 0 [pid 3751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3751] memfd_create("syzkaller", 0) = 3 [pid 3751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3751] munmap(0x7fd1fcc00000, 262144) = 0 [ 59.656017][ T3749] loop0: detected capacity change from 0 to 512 [ 59.667835][ T3749] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.677208][ T3749] EXT4-fs (loop0): 1 truncate cleaned up [pid 3751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3751] close(3) = 0 [pid 3751] mkdir("./file0", 0777) = 0 [pid 3751] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3751] chdir("./file0") = 0 [pid 3751] ioctl(4, LOOP_CLR_FD) = 0 [pid 3751] close(4) = 0 [pid 3751] exit_group(0) = ? [pid 3751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3751, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 59.737793][ T3751] loop0: detected capacity change from 0 to 512 [ 59.741618][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 59.757220][ T3751] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.766823][ T3751] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3753 ./strace-static-x86_64: Process 3753 attached [pid 3753] chdir("./59") = 0 [pid 3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3753] setpgid(0, 0) = 0 [pid 3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3753] write(3, "1000", 4) = 4 [pid 3753] close(3) = 0 [pid 3753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3753] memfd_create("syzkaller", 0) = 3 [pid 3753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3753] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3753] close(3) = 0 [pid 3753] mkdir("./file0", 0777) = 0 [pid 3753] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3753] chdir("./file0") = 0 [pid 3753] ioctl(4, LOOP_CLR_FD) = 0 [pid 3753] close(4) = 0 [pid 3753] exit_group(0) = ? [pid 3753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3755 ./strace-static-x86_64: Process 3755 attached [pid 3755] chdir("./60") = 0 [ 59.843647][ T3753] loop0: detected capacity change from 0 to 512 [ 59.854936][ T3753] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.864922][ T3753] EXT4-fs (loop0): 1 truncate cleaned up [pid 3755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3755] setpgid(0, 0) = 0 [pid 3755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3755] write(3, "1000", 4) = 4 [pid 3755] close(3) = 0 [pid 3755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3755] memfd_create("syzkaller", 0) = 3 [pid 3755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3755] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3755] close(3) = 0 [pid 3755] mkdir("./file0", 0777) = 0 [ 59.933264][ T3755] loop0: detected capacity change from 0 to 512 [ 59.944709][ T3755] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.953486][ T3755] [ 59.955817][ T3755] ====================================================== [ 59.962818][ T3755] WARNING: possible circular locking dependency detected [ 59.969816][ T3755] 6.1.0-rc7-syzkaller-00101-g01f856ae6d0c #0 Not tainted [ 59.976816][ T3755] ------------------------------------------------------ [ 59.983810][ T3755] syz-executor257/3755 is trying to acquire lock: [ 59.990208][ T3755] ffff8880724075a8 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x58/0x4e0 [ 59.999083][ T3755] [ 59.999083][ T3755] but task is already holding lock: [ 60.006430][ T3755] ffff8880725a8c90 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0xa06/0xeb0 [ 60.015635][ T3755] [ 60.015635][ T3755] which lock already depends on the new lock. [ 60.015635][ T3755] [ 60.026018][ T3755] [ 60.026018][ T3755] the existing dependency chain (in reverse order) is: [ 60.035013][ T3755] [ 60.035013][ T3755] -> #2 (&ei->i_data_sem/2){++++}-{3:3}: [ 60.042813][ T3755] lock_acquire+0x182/0x3c0 [ 60.047823][ T3755] down_read+0x39/0x50 [ 60.052410][ T3755] ext4_map_blocks+0x398/0x1cc0 [ 60.057775][ T3755] ext4_getblk+0x1b9/0x770 [ 60.062721][ T3755] ext4_bread+0x2a/0x170 [ 60.067491][ T3755] ext4_quota_write+0x225/0x570 [ 60.072873][ T3755] get_free_dqblk+0x34a/0x6d0 [ 60.078053][ T3755] do_insert_tree+0x271/0x1b50 [ 60.083323][ T3755] do_insert_tree+0x744/0x1b50 [ 60.088603][ T3755] do_insert_tree+0x744/0x1b50 [ 60.093873][ T3755] do_insert_tree+0x744/0x1b50 [ 60.099146][ T3755] qtree_write_dquot+0x3b6/0x530 [ 60.104600][ T3755] v2_write_dquot+0x11b/0x190 [ 60.109780][ T3755] dquot_acquire+0x348/0x670 [ 60.114886][ T3755] ext4_acquire_dquot+0x2e0/0x400 [ 60.120430][ T3755] dqget+0x999/0xdc0 [ 60.124831][ T3755] __dquot_initialize+0x3d0/0xcf0 [ 60.130368][ T3755] ext4_process_orphan+0x57/0x2d0 [ 60.135893][ T3755] ext4_orphan_cleanup+0xb60/0x1340 [ 60.141598][ T3755] ext4_fill_super+0x80ed/0x8610 [ 60.147050][ T3755] get_tree_bdev+0x400/0x620 [ 60.152144][ T3755] vfs_get_tree+0x88/0x270 [ 60.157059][ T3755] do_new_mount+0x289/0xad0 [ 60.162063][ T3755] __se_sys_mount+0x2d3/0x3c0 [ 60.167244][ T3755] do_syscall_64+0x3d/0xb0 [ 60.172162][ T3755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.178556][ T3755] [ 60.178556][ T3755] -> #1 (&s->s_dquot.dqio_sem){++++}-{3:3}: [ 60.186617][ T3755] lock_acquire+0x182/0x3c0 [ 60.191638][ T3755] down_read+0x39/0x50 [ 60.196217][ T3755] v2_read_dquot+0x4a/0x100 [ 60.201246][ T3755] dquot_acquire+0x186/0x670 [ 60.206340][ T3755] ext4_acquire_dquot+0x2e0/0x400 [ 60.211872][ T3755] dqget+0x999/0xdc0 [ 60.216271][ T3755] __dquot_initialize+0x291/0xcf0 [ 60.221807][ T3755] ext4_process_orphan+0x57/0x2d0 [ 60.227352][ T3755] ext4_orphan_cleanup+0xb60/0x1340 [ 60.233054][ T3755] ext4_fill_super+0x80ed/0x8610 [ 60.238496][ T3755] get_tree_bdev+0x400/0x620 [ 60.243592][ T3755] vfs_get_tree+0x88/0x270 [ 60.248532][ T3755] do_new_mount+0x289/0xad0 [ 60.253553][ T3755] __se_sys_mount+0x2d3/0x3c0 [ 60.258731][ T3755] do_syscall_64+0x3d/0xb0 [ 60.263648][ T3755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.270047][ T3755] [ 60.270047][ T3755] -> #0 (&dquot->dq_lock){+.+.}-{3:3}: [ 60.277675][ T3755] validate_chain+0x1898/0x6ae0 [ 60.283047][ T3755] __lock_acquire+0x1292/0x1f60 [ 60.288405][ T3755] lock_acquire+0x182/0x3c0 [ 60.293412][ T3755] __mutex_lock_common+0x1bd/0x26e0 [ 60.299115][ T3755] mutex_lock_nested+0x17/0x20 [ 60.304380][ T3755] dquot_commit+0x58/0x4e0 [ 60.309316][ T3755] ext4_write_dquot+0x1e4/0x2b0 [ 60.314685][ T3755] __dquot_free_space+0x9a8/0xfb0 [ 60.320221][ T3755] ext4_free_blocks+0x1c4a/0x2810 [ 60.325766][ T3755] ext4_ext_remove_space+0x1f5b/0x46b0 [ 60.331723][ T3755] ext4_ext_truncate+0x177/0x220 [ 60.337160][ T3755] ext4_truncate+0xa7c/0xeb0 [ 60.342258][ T3755] ext4_process_orphan+0x1aa/0x2d0 [ 60.347870][ T3755] ext4_orphan_cleanup+0xb60/0x1340 [ 60.353567][ T3755] ext4_fill_super+0x80ed/0x8610 [ 60.359007][ T3755] get_tree_bdev+0x400/0x620 [ 60.364106][ T3755] vfs_get_tree+0x88/0x270 [ 60.369046][ T3755] do_new_mount+0x289/0xad0 [ 60.374052][ T3755] __se_sys_mount+0x2d3/0x3c0 [ 60.379231][ T3755] do_syscall_64+0x3d/0xb0 [ 60.384151][ T3755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.390557][ T3755] [ 60.390557][ T3755] other info that might help us debug this: [ 60.390557][ T3755] [ 60.400796][ T3755] Chain exists of: [ 60.400796][ T3755] &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2 [ 60.400796][ T3755] [ 60.414441][ T3755] Possible unsafe locking scenario: [ 60.414441][ T3755] [ 60.421886][ T3755] CPU0 CPU1 [ 60.427232][ T3755] ---- ---- [ 60.432582][ T3755] lock(&ei->i_data_sem/2); [ 60.437178][ T3755] lock(&s->s_dquot.dqio_sem); [ 60.444534][ T3755] lock(&ei->i_data_sem/2); [ 60.451637][ T3755] lock(&dquot->dq_lock); [ 60.456042][ T3755] [ 60.456042][ T3755] *** DEADLOCK *** [ 60.456042][ T3755] [ 60.464176][ T3755] 4 locks held by syz-executor257/3755: [ 60.469702][ T3755] #0: ffff88807ed500e0 (&type->s_umount_key#27/1){+.+.}-{3:3}, at: alloc_super+0x212/0x920 [ 60.479798][ T3755] #1: ffff8880725a8e08 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_process_orphan+0x164/0x2d0 [ 60.490788][ T3755] #2: ffff8880725a8c90 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0xa06/0xeb0 [ 60.500477][ T3755] #3: ffffffff8d26c508 (dquot_srcu){....}-{0:0}, at: rcu_lock_acquire+0x5/0x30 [ 60.509515][ T3755] [ 60.509515][ T3755] stack backtrace: [ 60.515392][ T3755] CPU: 1 PID: 3755 Comm: syz-executor257 Not tainted 6.1.0-rc7-syzkaller-00101-g01f856ae6d0c #0 [ 60.525794][ T3755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 60.535841][ T3755] Call Trace: [ 60.539115][ T3755] [ 60.542034][ T3755] dump_stack_lvl+0x1b1/0x28e [ 60.546698][ T3755] ? nf_tcp_handle_invalid+0x62e/0x62e [ 60.552153][ T3755] ? print_circular_bug+0x13e/0x1c0 [ 60.557353][ T3755] check_noncircular+0x2cc/0x390 [ 60.562274][ T3755] ? add_chain_block+0x850/0x850 [ 60.567198][ T3755] ? lockdep_lock+0x102/0x290 [ 60.571863][ T3755] ? validate_chain+0x177/0x6ae0 [ 60.576786][ T3755] ? _find_first_zero_bit+0xe8/0x110 [ 60.582145][ T3755] validate_chain+0x1898/0x6ae0 [ 60.586993][ T3755] ? check_noncircular+0x1aa/0x390 [ 60.592105][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.597474][ T3755] ? add_chain_block+0x850/0x850 [ 60.602423][ T3755] ? lockdep_lock+0x102/0x290 [ 60.607133][ T3755] ? lockdep_unlock+0x144/0x2e0 [ 60.611975][ T3755] ? lockdep_lock+0x290/0x290 [ 60.616645][ T3755] ? _find_first_zero_bit+0xe8/0x110 [ 60.621925][ T3755] ? validate_chain+0x177/0x6ae0 [ 60.626854][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.632213][ T3755] ? noop_count+0x30/0x30 [ 60.636533][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.641893][ T3755] ? check_path+0x21/0x40 [ 60.646204][ T3755] ? check_noncircular+0x1aa/0x390 [ 60.651304][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.656669][ T3755] ? add_chain_block+0x850/0x850 [ 60.661598][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.666963][ T3755] ? lockdep_lock+0x102/0x290 [ 60.671627][ T3755] ? lockdep_lock+0x290/0x290 [ 60.676288][ T3755] ? _find_first_zero_bit+0xe8/0x110 [ 60.681561][ T3755] ? validate_chain+0x1478/0x6ae0 [ 60.686570][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.691930][ T3755] ? check_path+0x40/0x40 [ 60.696241][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.701595][ T3755] ? validate_chain+0x1478/0x6ae0 [ 60.706604][ T3755] ? check_path+0x21/0x40 [ 60.710921][ T3755] ? check_noncircular+0x1aa/0x390 [ 60.716042][ T3755] ? add_chain_block+0x850/0x850 [ 60.720989][ T3755] ? lockdep_lock+0x102/0x290 [ 60.725654][ T3755] ? lockdep_unlock+0x144/0x2e0 [ 60.730493][ T3755] ? lockdep_lock+0x290/0x290 [ 60.735150][ T3755] ? validate_chain+0x1478/0x6ae0 [ 60.740157][ T3755] ? _find_first_zero_bit+0xe8/0x110 [ 60.745429][ T3755] ? validate_chain+0x1478/0x6ae0 [ 60.750440][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.755795][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.761148][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.766499][ T3755] ? validate_chain+0x177/0x6ae0 [ 60.771419][ T3755] ? rcu_lock_release+0x5/0x20 [ 60.776172][ T3755] ? __lock_acquire+0x1f60/0x1f60 [ 60.781179][ T3755] ? deref_stack_reg+0x17a/0x210 [ 60.786106][ T3755] ? preempt_count_add+0x8d/0x180 [ 60.791115][ T3755] ? reacquire_held_locks+0x650/0x650 [ 60.796470][ T3755] ? mark_lock+0x9a/0x350 [ 60.800785][ T3755] ? stack_trace_save+0x1e0/0x1e0 [ 60.805797][ T3755] ? stack_trace_save+0x1e0/0x1e0 [ 60.810817][ T3755] ? stack_trace_save+0x1e0/0x1e0 [ 60.815841][ T3755] ? rcu_read_lock_sched_held+0x87/0x110 [ 60.821456][ T3755] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.827419][ T3755] ? rcu_lock_release+0x5/0x20 [ 60.832166][ T3755] ? trace_lock_release+0x95/0x220 [ 60.837263][ T3755] ? stack_trace_save+0x1e0/0x1e0 [ 60.842286][ T3755] ? rcu_read_lock_sched_held+0x87/0x110 [ 60.847910][ T3755] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.853882][ T3755] ? rcu_read_lock_sched_held+0x87/0x110 [ 60.859511][ T3755] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.865492][ T3755] ? rcu_read_lock_sched_held+0x87/0x110 [ 60.871133][ T3755] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.877127][ T3755] ? mark_lock+0x9a/0x350 [ 60.881448][ T3755] __lock_acquire+0x1292/0x1f60 [ 60.886292][ T3755] lock_acquire+0x182/0x3c0 [ 60.890791][ T3755] ? dquot_commit+0x58/0x4e0 [ 60.895385][ T3755] ? read_lock_is_recursive+0x10/0x10 [ 60.900745][ T3755] ? __might_sleep+0xc0/0xc0 [ 60.905327][ T3755] ? mark_lock+0x9a/0x350 [ 60.909662][ T3755] __mutex_lock_common+0x1bd/0x26e0 [ 60.914848][ T3755] ? dquot_commit+0x58/0x4e0 [ 60.919426][ T3755] ? dquot_commit+0x58/0x4e0 [ 60.924009][ T3755] ? __might_sleep+0xc0/0xc0 [ 60.928605][ T3755] ? mutex_lock_io_nested+0x60/0x60 [ 60.933815][ T3755] ? rcu_read_lock_sched_held+0x87/0x110 [ 60.939437][ T3755] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.945493][ T3755] ? read_lock_is_recursive+0x10/0x10 [ 60.950853][ T3755] ? __lock_acquire+0x1f60/0x1f60 [ 60.955862][ T3755] mutex_lock_nested+0x17/0x20 [ 60.960614][ T3755] dquot_commit+0x58/0x4e0 [ 60.965017][ T3755] ? __ext4_journal_start_sb+0x16e/0x1d0 [ 60.970651][ T3755] ext4_write_dquot+0x1e4/0x2b0 [ 60.975504][ T3755] __dquot_free_space+0x9a8/0xfb0 [ 60.980526][ T3755] ? dquot_reclaim_space_nodirty+0x7f0/0x7f0 [ 60.986495][ T3755] ? ext4_block_bitmap_csum_set+0x1c3/0x4f0 [ 60.992385][ T3755] ? lockdep_count_forward_deps+0x1d0/0x240 [ 60.998294][ T3755] ext4_free_blocks+0x1c4a/0x2810 [ 61.003335][ T3755] ? __lock_acquire+0x1f60/0x1f60 [ 61.008369][ T3755] ? trace_ext4_allocate_blocks+0x2f0/0x2f0 [ 61.014262][ T3755] ? rcu_read_lock_sched_held+0x87/0x110 [ 61.019893][ T3755] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 61.025859][ T3755] ? __ext4_journal_ensure_credits+0x2c/0x460 [ 61.032003][ T3755] ? ext4_inode_journal_mode+0x185/0x460 [ 61.037621][ T3755] ? trace_ext4_remove_blocks+0x10b/0x330 [ 61.043419][ T3755] ext4_ext_remove_space+0x1f5b/0x46b0 [ 61.048889][ T3755] ? ext4_da_release_space+0x1de/0x370 [ 61.054342][ T3755] ? ext4_ext_index_trans_blocks+0x120/0x120 [ 61.060320][ T3755] ? ext4_es_remove_extent+0x1ab/0x260 [ 61.065773][ T3755] ? trace_ext4_es_lookup_extent_exit+0x300/0x300 [ 61.072178][ T3755] ? down_write+0x1a5/0x270 [ 61.076669][ T3755] ? trace_ext4_fc_stats+0x2f0/0x2f0 [ 61.081938][ T3755] ? down_read_killable+0x80/0x80 [ 61.086952][ T3755] ext4_ext_truncate+0x177/0x220 [ 61.091874][ T3755] ext4_truncate+0xa7c/0xeb0 [ 61.096457][ T3755] ? __ext4_mark_inode_dirty+0x670/0x670 [ 61.102077][ T3755] ext4_process_orphan+0x1aa/0x2d0 [ 61.107173][ T3755] ext4_orphan_cleanup+0xb60/0x1340 [ 61.112357][ T3755] ? ext4_orphan_del+0xc20/0xc20 [ 61.117274][ T3755] ? __init_swait_queue_head+0xa6/0x140 [ 61.122810][ T3755] ? errseq_check_and_advance+0x5e/0x110 [ 61.128429][ T3755] ext4_fill_super+0x80ed/0x8610 [ 61.133363][ T3755] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 61.139597][ T3755] ? snprintf+0xc0/0x110 [ 61.143844][ T3755] ? set_blocksize+0x1d5/0x360 [ 61.148591][ T3755] get_tree_bdev+0x400/0x620 [ 61.153168][ T3755] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 61.159394][ T3755] vfs_get_tree+0x88/0x270 [ 61.163794][ T3755] do_new_mount+0x289/0xad0 [ 61.168287][ T3755] ? do_move_mount_old+0x150/0x150 [ 61.173405][ T3755] ? user_path_at_empty+0x149/0x1a0 [ 61.178595][ T3755] __se_sys_mount+0x2d3/0x3c0 [ 61.183272][ T3755] ? __x64_sys_mount+0xc0/0xc0 [ 61.188023][ T3755] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 61.193986][ T3755] ? __x64_sys_mount+0x1c/0xc0 [ 61.198738][ T3755] do_syscall_64+0x3d/0xb0 [ 61.203136][ T3755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.209020][ T3755] RIP: 0033:0x7fd2050b1cfa [ 61.213430][ T3755] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 61.233023][ T3755] RSP: 002b:00007ffcbd63c098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 61.241420][ T3755] RAX: ffffffffffffffda RBX: 0000555555e322c0 RCX: 00007fd2050b1cfa [ 61.249378][ T3755] RDX: 0000000020000140 RSI: 0000000020000500 RDI: 00007ffcbd63c0e0 [ 61.257334][ T3755] RBP: 0000000000000000 R08: 00007ffcbd63c120 R09: 000000000000049f [ 61.265287][ T3755] R10: 0000000000000047 R11: 0000000000000202 R12: 0000000000000004 [ 61.273253][ T3755] R13: 00007ffcbd63c120 R14: 0000000000000003 R15: 00007ffcbd63c0e0 [ 61.281230][ T3755] [pid 3755] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3755] chdir("./file0") = 0 [pid 3755] ioctl(4, LOOP_CLR_FD) = 0 [pid 3755] close(4) = 0 [pid 3755] exit_group(0) = ? [pid 3755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3755, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3757 ./strace-static-x86_64: Process 3757 attached [pid 3757] chdir("./61") = 0 [pid 3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3757] setpgid(0, 0) = 0 [pid 3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3757] write(3, "1000", 4) = 4 [pid 3757] close(3) = 0 [pid 3757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3757] memfd_create("syzkaller", 0) = 3 [pid 3757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3757] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3757] close(3) = 0 [pid 3757] mkdir("./file0", 0777) = 0 [ 61.289473][ T3755] EXT4-fs (loop0): 1 truncate cleaned up [ 61.322021][ T3757] loop0: detected capacity change from 0 to 512 [ 61.328226][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 3757] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3757] chdir("./file0") = 0 [pid 3757] ioctl(4, LOOP_CLR_FD) = 0 [pid 3757] close(4) = 0 [pid 3757] exit_group(0) = ? [pid 3757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3759 ./strace-static-x86_64: Process 3759 attached [pid 3759] chdir("./62") = 0 [pid 3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3759] setpgid(0, 0) = 0 [pid 3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3759] write(3, "1000", 4) = 4 [pid 3759] close(3) = 0 [pid 3759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3759] memfd_create("syzkaller", 0) = 3 [pid 3759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3759] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3759] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.340534][ T3757] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.350260][ T3757] EXT4-fs (loop0): 1 truncate cleaned up [pid 3759] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3759] close(3) = 0 [pid 3759] mkdir("./file0", 0777) = 0 [pid 3759] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3759] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3759] chdir("./file0") = 0 [pid 3759] ioctl(4, LOOP_CLR_FD) = 0 [pid 3759] close(4) = 0 [pid 3759] exit_group(0) = ? [pid 3759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3759, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3761 ./strace-static-x86_64: Process 3761 attached [pid 3761] chdir("./63") = 0 [pid 3761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3761] setpgid(0, 0) = 0 [pid 3761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3761] write(3, "1000", 4) = 4 [pid 3761] close(3) = 0 [pid 3761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3761] memfd_create("syzkaller", 0) = 3 [pid 3761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 61.398082][ T3759] loop0: detected capacity change from 0 to 512 [ 61.408230][ T3759] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.416535][ T3759] EXT4-fs (loop0): 1 truncate cleaned up [pid 3761] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3761] close(3) = 0 [pid 3761] mkdir("./file0", 0777) = 0 [pid 3761] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3761] chdir("./file0") = 0 [pid 3761] ioctl(4, LOOP_CLR_FD) = 0 [pid 3761] close(4) = 0 [ 61.459658][ T3761] loop0: detected capacity change from 0 to 512 [ 61.469157][ T3761] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.477092][ T3761] EXT4-fs (loop0): 1 truncate cleaned up [pid 3761] exit_group(0) = ? [pid 3761] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3761, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3763 ./strace-static-x86_64: Process 3763 attached [pid 3763] chdir("./64") = 0 [pid 3763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3763] setpgid(0, 0) = 0 [pid 3763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3763] write(3, "1000", 4) = 4 [pid 3763] close(3) = 0 [pid 3763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3763] memfd_create("syzkaller", 0) = 3 [pid 3763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3763] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3763] close(3) = 0 [pid 3763] mkdir("./file0", 0777) = 0 [pid 3763] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3763] chdir("./file0") = 0 [pid 3763] ioctl(4, LOOP_CLR_FD) = 0 [pid 3763] close(4) = 0 [pid 3763] exit_group(0) = ? [pid 3763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3763, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.547391][ T3763] loop0: detected capacity change from 0 to 512 [ 61.556759][ T3763] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.565700][ T3763] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3765 ./strace-static-x86_64: Process 3765 attached [pid 3765] chdir("./65") = 0 [pid 3765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3765] setpgid(0, 0) = 0 [pid 3765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3765] write(3, "1000", 4) = 4 [pid 3765] close(3) = 0 [pid 3765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3765] memfd_create("syzkaller", 0) = 3 [pid 3765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3765] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3765] close(3) = 0 [pid 3765] mkdir("./file0", 0777) = 0 [pid 3765] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3765] chdir("./file0") = 0 [pid 3765] ioctl(4, LOOP_CLR_FD) = 0 [pid 3765] close(4) = 0 [pid 3765] exit_group(0) = ? [pid 3765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3765, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3767 ./strace-static-x86_64: Process 3767 attached [pid 3767] chdir("./66") = 0 [pid 3767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3767] setpgid(0, 0) = 0 [pid 3767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3767] write(3, "1000", 4) = 4 [pid 3767] close(3) = 0 [pid 3767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3767] memfd_create("syzkaller", 0) = 3 [pid 3767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3767] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.620159][ T3765] loop0: detected capacity change from 0 to 512 [ 61.629873][ T3765] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.637755][ T3765] EXT4-fs (loop0): 1 truncate cleaned up [pid 3767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3767] close(3) = 0 [pid 3767] mkdir("./file0", 0777) = 0 [pid 3767] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3767] chdir("./file0") = 0 [pid 3767] ioctl(4, LOOP_CLR_FD) = 0 [pid 3767] close(4) = 0 [pid 3767] exit_group(0) = ? [pid 3767] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3767, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.673669][ T3767] loop0: detected capacity change from 0 to 512 [ 61.679364][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 61.693751][ T3767] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.702695][ T3767] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3769 attached , child_tidptr=0x555555e325d0) = 3769 [pid 3769] chdir("./67") = 0 [pid 3769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3769] setpgid(0, 0) = 0 [pid 3769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3769] write(3, "1000", 4) = 4 [pid 3769] close(3) = 0 [pid 3769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3769] memfd_create("syzkaller", 0) = 3 [pid 3769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3769] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3769] close(3) = 0 [pid 3769] mkdir("./file0", 0777) = 0 [pid 3769] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3769] chdir("./file0") = 0 [pid 3769] ioctl(4, LOOP_CLR_FD) = 0 [pid 3769] close(4) = 0 [pid 3769] exit_group(0) = ? [pid 3769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3769, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3771 ./strace-static-x86_64: Process 3771 attached [pid 3771] chdir("./68") = 0 [pid 3771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3771] setpgid(0, 0) = 0 [pid 3771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3771] write(3, "1000", 4) = 4 [pid 3771] close(3) = 0 [pid 3771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3771] memfd_create("syzkaller", 0) = 3 [pid 3771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3771] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3771] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.759098][ T3769] loop0: detected capacity change from 0 to 512 [ 61.763599][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 61.777093][ T3769] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.785716][ T3769] EXT4-fs (loop0): 1 truncate cleaned up [pid 3771] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3771] close(3) = 0 [pid 3771] mkdir("./file0", 0777) = 0 [pid 3771] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3771] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3771] chdir("./file0") = 0 [pid 3771] ioctl(4, LOOP_CLR_FD) = 0 [pid 3771] close(4) = 0 [pid 3771] exit_group(0) = ? [pid 3771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3771, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3773 ./strace-static-x86_64: Process 3773 attached [pid 3773] chdir("./69") = 0 [pid 3773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3773] setpgid(0, 0) = 0 [pid 3773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3773] write(3, "1000", 4) = 4 [pid 3773] close(3) = 0 [pid 3773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3773] memfd_create("syzkaller", 0) = 3 [pid 3773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3773] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.831849][ T3771] loop0: detected capacity change from 0 to 512 [ 61.841291][ T3771] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.849888][ T3771] EXT4-fs (loop0): 1 truncate cleaned up [pid 3773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3773] close(3) = 0 [pid 3773] mkdir("./file0", 0777) = 0 [pid 3773] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3773] chdir("./file0") = 0 [pid 3773] ioctl(4, LOOP_CLR_FD) = 0 [pid 3773] close(4) = 0 [pid 3773] exit_group(0) = ? [pid 3773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3773, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.892573][ T3773] loop0: detected capacity change from 0 to 512 [ 61.902642][ T3773] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.911035][ T3773] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3775 ./strace-static-x86_64: Process 3775 attached [pid 3775] chdir("./70") = 0 [pid 3775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3775] setpgid(0, 0) = 0 [pid 3775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3775] write(3, "1000", 4) = 4 [pid 3775] close(3) = 0 [pid 3775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3775] memfd_create("syzkaller", 0) = 3 [pid 3775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3775] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3775] close(3) = 0 [pid 3775] mkdir("./file0", 0777) = 0 [pid 3775] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3775] chdir("./file0") = 0 [pid 3775] ioctl(4, LOOP_CLR_FD) = 0 [pid 3775] close(4) = 0 [pid 3775] exit_group(0) = ? [pid 3775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3775, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 [ 61.975584][ T3775] loop0: detected capacity change from 0 to 512 [ 61.985164][ T3775] EXT4-fs (loop0): orphan cleanup on readonly fs [ 61.993508][ T3775] EXT4-fs (loop0): 1 truncate cleaned up umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3777 attached [pid 3777] chdir("./71" [pid 3631] <... clone resumed>, child_tidptr=0x555555e325d0) = 3777 [pid 3777] <... chdir resumed>) = 0 [pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3777] setpgid(0, 0) = 0 [pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3777] write(3, "1000", 4) = 4 [pid 3777] close(3) = 0 [pid 3777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3777] memfd_create("syzkaller", 0) = 3 [pid 3777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3777] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3777] close(3) = 0 [pid 3777] mkdir("./file0", 0777) = 0 [pid 3777] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3777] chdir("./file0") = 0 [pid 3777] ioctl(4, LOOP_CLR_FD) = 0 [pid 3777] close(4) = 0 [pid 3777] exit_group(0) = ? [pid 3777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3779 ./strace-static-x86_64: Process 3779 attached [pid 3779] chdir("./72") = 0 [pid 3779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3779] setpgid(0, 0) = 0 [pid 3779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3779] write(3, "1000", 4) = 4 [pid 3779] close(3) = 0 [pid 3779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3779] memfd_create("syzkaller", 0) = 3 [pid 3779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3779] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.063919][ T3777] loop0: detected capacity change from 0 to 512 [ 62.073148][ T3777] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.081519][ T3777] EXT4-fs (loop0): 1 truncate cleaned up [pid 3779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3779] close(3) = 0 [pid 3779] mkdir("./file0", 0777) = 0 [pid 3779] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3779] chdir("./file0") = 0 [pid 3779] ioctl(4, LOOP_CLR_FD) = 0 [pid 3779] close(4) = 0 [pid 3779] exit_group(0) = ? [pid 3779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3779, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3781 [ 62.115806][ T3779] loop0: detected capacity change from 0 to 512 [ 62.117232][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 62.133328][ T3779] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.143414][ T3779] EXT4-fs (loop0): 1 truncate cleaned up ./strace-static-x86_64: Process 3781 attached [pid 3781] chdir("./73") = 0 [pid 3781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3781] setpgid(0, 0) = 0 [pid 3781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3781] write(3, "1000", 4) = 4 [pid 3781] close(3) = 0 [pid 3781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3781] memfd_create("syzkaller", 0) = 3 [pid 3781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3781] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3781] close(3) = 0 [pid 3781] mkdir("./file0", 0777) = 0 [pid 3781] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3781] chdir("./file0") = 0 [pid 3781] ioctl(4, LOOP_CLR_FD) = 0 [pid 3781] close(4) = 0 [pid 3781] exit_group(0) = ? [pid 3781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3781, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3783 ./strace-static-x86_64: Process 3783 attached [pid 3783] chdir("./74") = 0 [pid 3783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3783] setpgid(0, 0) = 0 [pid 3783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3783] write(3, "1000", 4) = 4 [pid 3783] close(3) = 0 [pid 3783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3783] memfd_create("syzkaller", 0) = 3 [pid 3783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3783] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.211859][ T3781] loop0: detected capacity change from 0 to 512 [ 62.221932][ T3781] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.230184][ T3781] EXT4-fs (loop0): 1 truncate cleaned up [pid 3783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3783] close(3) = 0 [pid 3783] mkdir("./file0", 0777) = 0 [pid 3783] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3783] chdir("./file0") = 0 [pid 3783] ioctl(4, LOOP_CLR_FD) = 0 [pid 3783] close(4) = 0 [pid 3783] exit_group(0) = ? [pid 3783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3783, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3785 ./strace-static-x86_64: Process 3785 attached [pid 3785] chdir("./75") = 0 [pid 3785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3785] setpgid(0, 0) = 0 [pid 3785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3785] write(3, "1000", 4) = 4 [pid 3785] close(3) = 0 [pid 3785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3785] memfd_create("syzkaller", 0) = 3 [pid 3785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 62.264561][ T3783] loop0: detected capacity change from 0 to 512 [ 62.265975][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 62.283045][ T3783] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.291656][ T3783] EXT4-fs (loop0): 1 truncate cleaned up [pid 3785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3785] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3785] close(3) = 0 [pid 3785] mkdir("./file0", 0777) = 0 [pid 3785] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3785] chdir("./file0") = 0 [pid 3785] ioctl(4, LOOP_CLR_FD) = 0 [pid 3785] close(4) = 0 [pid 3785] exit_group(0) = ? [pid 3785] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3785, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3787 ./strace-static-x86_64: Process 3787 attached [pid 3787] chdir("./76") = 0 [pid 3787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3787] setpgid(0, 0) = 0 [pid 3787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3787] write(3, "1000", 4) = 4 [pid 3787] close(3) = 0 [pid 3787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3787] memfd_create("syzkaller", 0) = 3 [pid 3787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3787] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.347828][ T3785] loop0: detected capacity change from 0 to 512 [ 62.357199][ T3785] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.365977][ T3785] EXT4-fs (loop0): 1 truncate cleaned up [pid 3787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3787] close(3) = 0 [pid 3787] mkdir("./file0", 0777) = 0 [pid 3787] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3787] chdir("./file0") = 0 [pid 3787] ioctl(4, LOOP_CLR_FD) = 0 [pid 3787] close(4) = 0 [pid 3787] exit_group(0) = ? [pid 3787] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3787, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3789 ./strace-static-x86_64: Process 3789 attached [pid 3789] chdir("./77") = 0 [pid 3789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3789] setpgid(0, 0) = 0 [pid 3789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3789] write(3, "1000", 4) = 4 [pid 3789] close(3) = 0 [pid 3789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3789] memfd_create("syzkaller", 0) = 3 [pid 3789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3789] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.400713][ T3787] loop0: detected capacity change from 0 to 512 [ 62.411013][ T3787] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.419555][ T3787] EXT4-fs (loop0): 1 truncate cleaned up [pid 3789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3789] close(3) = 0 [pid 3789] mkdir("./file0", 0777) = 0 [pid 3789] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3789] chdir("./file0") = 0 [pid 3789] ioctl(4, LOOP_CLR_FD) = 0 [pid 3789] close(4) = 0 [pid 3789] exit_group(0) = ? [pid 3789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3789, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3791 [ 62.457370][ T3789] loop0: detected capacity change from 0 to 512 [ 62.460937][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 62.475798][ T3789] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.484981][ T3789] EXT4-fs (loop0): 1 truncate cleaned up ./strace-static-x86_64: Process 3791 attached [pid 3791] chdir("./78") = 0 [pid 3791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3791] setpgid(0, 0) = 0 [pid 3791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3791] write(3, "1000", 4) = 4 [pid 3791] close(3) = 0 [pid 3791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3791] memfd_create("syzkaller", 0) = 3 [pid 3791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3791] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3791] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3791] close(3) = 0 [pid 3791] mkdir("./file0", 0777) = 0 [pid 3791] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3791] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3791] chdir("./file0") = 0 [pid 3791] ioctl(4, LOOP_CLR_FD) = 0 [pid 3791] close(4) = 0 [pid 3791] exit_group(0) = ? [pid 3791] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3791, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3793 attached , child_tidptr=0x555555e325d0) = 3793 [ 62.544652][ T3791] loop0: detected capacity change from 0 to 512 [ 62.553688][ T3791] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.561715][ T3791] EXT4-fs (loop0): 1 truncate cleaned up [pid 3793] chdir("./79") = 0 [pid 3793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3793] setpgid(0, 0) = 0 [pid 3793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3793] write(3, "1000", 4) = 4 [pid 3793] close(3) = 0 [pid 3793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3793] memfd_create("syzkaller", 0) = 3 [pid 3793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3793] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3793] close(3) = 0 [pid 3793] mkdir("./file0", 0777) = 0 [pid 3793] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3793] chdir("./file0") = 0 [pid 3793] ioctl(4, LOOP_CLR_FD) = 0 [pid 3793] close(4) = 0 [pid 3793] exit_group(0) = ? [pid 3793] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3793, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3795 ./strace-static-x86_64: Process 3795 attached [pid 3795] chdir("./80") = 0 [pid 3795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3795] setpgid(0, 0) = 0 [pid 3795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3795] write(3, "1000", 4) = 4 [pid 3795] close(3) = 0 [pid 3795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3795] memfd_create("syzkaller", 0) = 3 [pid 3795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3795] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.620327][ T3793] loop0: detected capacity change from 0 to 512 [ 62.630065][ T3793] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.638612][ T3793] EXT4-fs (loop0): 1 truncate cleaned up [pid 3795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3795] close(3) = 0 [pid 3795] mkdir("./file0", 0777) = 0 [pid 3795] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3795] chdir("./file0") = 0 [pid 3795] ioctl(4, LOOP_CLR_FD) = 0 [pid 3795] close(4) = 0 [pid 3795] exit_group(0) = ? [pid 3795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3795, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3797 ./strace-static-x86_64: Process 3797 attached [pid 3797] chdir("./81") = 0 [pid 3797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3797] setpgid(0, 0) = 0 [pid 3797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3797] write(3, "1000", 4) = 4 [ 62.678609][ T3795] loop0: detected capacity change from 0 to 512 [ 62.687884][ T3795] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.696307][ T3795] EXT4-fs (loop0): 1 truncate cleaned up [pid 3797] close(3) = 0 [pid 3797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3797] memfd_create("syzkaller", 0) = 3 [pid 3797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3797] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3797] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3797] close(3) = 0 [pid 3797] mkdir("./file0", 0777) = 0 [pid 3797] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3797] chdir("./file0") = 0 [pid 3797] ioctl(4, LOOP_CLR_FD) = 0 [pid 3797] close(4) = 0 [pid 3797] exit_group(0) = ? [pid 3797] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3797, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 [ 62.746406][ T3797] loop0: detected capacity change from 0 to 512 [ 62.755453][ T3797] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.764436][ T3797] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3799 ./strace-static-x86_64: Process 3799 attached [pid 3799] chdir("./82") = 0 [pid 3799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3799] setpgid(0, 0) = 0 [pid 3799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3799] write(3, "1000", 4) = 4 [pid 3799] close(3) = 0 [pid 3799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3799] memfd_create("syzkaller", 0) = 3 [pid 3799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3799] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3799] close(3) = 0 [pid 3799] mkdir("./file0", 0777) = 0 [pid 3799] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3799] chdir("./file0") = 0 [pid 3799] ioctl(4, LOOP_CLR_FD) = 0 [pid 3799] close(4) = 0 [pid 3799] exit_group(0) = ? [pid 3799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3799, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 62.825092][ T3799] loop0: detected capacity change from 0 to 512 [ 62.835582][ T3799] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.844247][ T3799] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3801 attached [pid 3801] chdir("./83") = 0 [pid 3801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3801] setpgid(0, 0) = 0 [pid 3801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3801] write(3, "1000", 4) = 4 [pid 3801] close(3) = 0 [pid 3801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3801] memfd_create("syzkaller", 0) = 3 [pid 3801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3631] <... clone resumed>, child_tidptr=0x555555e325d0) = 3801 [pid 3801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3801] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3801] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3801] close(3) = 0 [pid 3801] mkdir("./file0", 0777) = 0 [pid 3801] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3801] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3801] chdir("./file0") = 0 [pid 3801] ioctl(4, LOOP_CLR_FD) = 0 [pid 3801] close(4) = 0 [pid 3801] exit_group(0) = ? [pid 3801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3801, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3803 ./strace-static-x86_64: Process 3803 attached [pid 3803] chdir("./84") = 0 [pid 3803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3803] setpgid(0, 0) = 0 [pid 3803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3803] write(3, "1000", 4) = 4 [pid 3803] close(3) = 0 [pid 3803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3803] memfd_create("syzkaller", 0) = 3 [pid 3803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3803] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.899442][ T3801] loop0: detected capacity change from 0 to 512 [ 62.903311][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 62.918132][ T3801] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.926535][ T3801] EXT4-fs (loop0): 1 truncate cleaned up [pid 3803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3803] close(3) = 0 [pid 3803] mkdir("./file0", 0777) = 0 [pid 3803] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3803] chdir("./file0") = 0 [pid 3803] ioctl(4, LOOP_CLR_FD) = 0 [pid 3803] close(4) = 0 [pid 3803] exit_group(0) = ? [pid 3803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3803, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 [ 62.971758][ T3803] loop0: detected capacity change from 0 to 512 [ 62.981964][ T3803] EXT4-fs (loop0): orphan cleanup on readonly fs [ 62.989951][ T3803] EXT4-fs (loop0): 1 truncate cleaned up umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3805 ./strace-static-x86_64: Process 3805 attached [pid 3805] chdir("./85") = 0 [pid 3805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3805] setpgid(0, 0) = 0 [pid 3805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3805] write(3, "1000", 4) = 4 [pid 3805] close(3) = 0 [pid 3805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3805] memfd_create("syzkaller", 0) = 3 [pid 3805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3805] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3805] close(3) = 0 [pid 3805] mkdir("./file0", 0777) = 0 [pid 3805] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3805] chdir("./file0") = 0 [pid 3805] ioctl(4, LOOP_CLR_FD) = 0 [pid 3805] close(4) = 0 [pid 3805] exit_group(0) = ? [pid 3805] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3805, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3807 ./strace-static-x86_64: Process 3807 attached [pid 3807] chdir("./86") = 0 [pid 3807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3807] setpgid(0, 0) = 0 [pid 3807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3807] write(3, "1000", 4) = 4 [pid 3807] close(3) = 0 [ 63.054114][ T3805] loop0: detected capacity change from 0 to 512 [ 63.063393][ T3805] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.071996][ T3805] EXT4-fs (loop0): 1 truncate cleaned up [pid 3807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3807] memfd_create("syzkaller", 0) = 3 [pid 3807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3807] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3807] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3807] close(3) = 0 [pid 3807] mkdir("./file0", 0777) = 0 [pid 3807] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3807] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3807] chdir("./file0") = 0 [pid 3807] ioctl(4, LOOP_CLR_FD) = 0 [pid 3807] close(4) = 0 [pid 3807] exit_group(0) = ? [pid 3807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3807, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3809 ./strace-static-x86_64: Process 3809 attached [pid 3809] chdir("./87") = 0 [pid 3809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3809] setpgid(0, 0) = 0 [ 63.119729][ T3807] loop0: detected capacity change from 0 to 512 [ 63.129514][ T3807] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.137738][ T3807] EXT4-fs (loop0): 1 truncate cleaned up [pid 3809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3809] write(3, "1000", 4) = 4 [pid 3809] close(3) = 0 [pid 3809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3809] memfd_create("syzkaller", 0) = 3 [pid 3809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3809] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3809] close(3) = 0 [pid 3809] mkdir("./file0", 0777) = 0 [pid 3809] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3809] chdir("./file0") = 0 [pid 3809] ioctl(4, LOOP_CLR_FD) = 0 [pid 3809] close(4) = 0 [pid 3809] exit_group(0) = ? [pid 3809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3809, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3811 ./strace-static-x86_64: Process 3811 attached [pid 3811] chdir("./88") = 0 [pid 3811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3811] setpgid(0, 0) = 0 [pid 3811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3811] write(3, "1000", 4) = 4 [pid 3811] close(3) = 0 [pid 3811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3811] memfd_create("syzkaller", 0) = 3 [pid 3811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3811] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 63.188809][ T3809] loop0: detected capacity change from 0 to 512 [ 63.198014][ T3809] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.206466][ T3809] EXT4-fs (loop0): 1 truncate cleaned up [pid 3811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3811] close(3) = 0 [pid 3811] mkdir("./file0", 0777) = 0 [pid 3811] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3811] chdir("./file0") = 0 [pid 3811] ioctl(4, LOOP_CLR_FD) = 0 [pid 3811] close(4) = 0 [pid 3811] exit_group(0) = ? [pid 3811] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3811, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 [ 63.246041][ T3811] loop0: detected capacity change from 0 to 512 [ 63.255349][ T3811] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.263952][ T3811] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3813 ./strace-static-x86_64: Process 3813 attached [pid 3813] chdir("./89") = 0 [pid 3813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3813] setpgid(0, 0) = 0 [pid 3813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3813] write(3, "1000", 4) = 4 [pid 3813] close(3) = 0 [pid 3813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3813] memfd_create("syzkaller", 0) = 3 [pid 3813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3813] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3813] close(3) = 0 [pid 3813] mkdir("./file0", 0777) = 0 [pid 3813] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3813] chdir("./file0") = 0 [pid 3813] ioctl(4, LOOP_CLR_FD) = 0 [pid 3813] close(4) = 0 [pid 3813] exit_group(0) = ? [pid 3813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3813, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 63.319901][ T3813] loop0: detected capacity change from 0 to 512 [ 63.329471][ T3813] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.337823][ T3813] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3815 ./strace-static-x86_64: Process 3815 attached [pid 3815] chdir("./90") = 0 [pid 3815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3815] setpgid(0, 0) = 0 [pid 3815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3815] write(3, "1000", 4) = 4 [pid 3815] close(3) = 0 [pid 3815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3815] memfd_create("syzkaller", 0) = 3 [pid 3815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3815] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3815] close(3) = 0 [pid 3815] mkdir("./file0", 0777) = 0 [pid 3815] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3815] chdir("./file0") = 0 [pid 3815] ioctl(4, LOOP_CLR_FD) = 0 [pid 3815] close(4) = 0 [ 63.387981][ T3815] loop0: detected capacity change from 0 to 512 [ 63.397230][ T3815] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.405511][ T3815] EXT4-fs (loop0): 1 truncate cleaned up [pid 3815] exit_group(0) = ? [pid 3815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3815, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3817 ./strace-static-x86_64: Process 3817 attached [pid 3817] chdir("./91") = 0 [pid 3817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3817] setpgid(0, 0) = 0 [pid 3817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3817] write(3, "1000", 4) = 4 [pid 3817] close(3) = 0 [pid 3817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3817] memfd_create("syzkaller", 0) = 3 [pid 3817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3817] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3817] close(3) = 0 [pid 3817] mkdir("./file0", 0777) = 0 [pid 3817] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3817] chdir("./file0") = 0 [pid 3817] ioctl(4, LOOP_CLR_FD) = 0 [pid 3817] close(4) = 0 [pid 3817] exit_group(0) = ? [pid 3817] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3817, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 63.472603][ T3817] loop0: detected capacity change from 0 to 512 [ 63.482258][ T3817] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.490851][ T3817] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3819 ./strace-static-x86_64: Process 3819 attached [pid 3819] chdir("./92") = 0 [pid 3819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3819] setpgid(0, 0) = 0 [pid 3819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3819] write(3, "1000", 4) = 4 [pid 3819] close(3) = 0 [pid 3819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3819] memfd_create("syzkaller", 0) = 3 [pid 3819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3819] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3819] close(3) = 0 [pid 3819] mkdir("./file0", 0777) = 0 [pid 3819] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3819] chdir("./file0") = 0 [pid 3819] ioctl(4, LOOP_CLR_FD) = 0 [pid 3819] close(4) = 0 [pid 3819] exit_group(0) = ? [pid 3819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3819, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3821 ./strace-static-x86_64: Process 3821 attached [pid 3821] chdir("./93") = 0 [pid 3821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3821] setpgid(0, 0) = 0 [pid 3821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3821] write(3, "1000", 4) = 4 [pid 3821] close(3) = 0 [pid 3821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3821] memfd_create("syzkaller", 0) = 3 [pid 3821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 63.526875][ T3819] loop0: detected capacity change from 0 to 512 [ 63.535959][ T3819] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.544380][ T3819] EXT4-fs (loop0): 1 truncate cleaned up [pid 3821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3821] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3821] close(3) = 0 [pid 3821] mkdir("./file0", 0777) = 0 [pid 3821] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3821] chdir("./file0") = 0 [pid 3821] ioctl(4, LOOP_CLR_FD) = 0 [pid 3821] close(4) = 0 [pid 3821] exit_group(0) = ? [pid 3821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3821, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3823 ./strace-static-x86_64: Process 3823 attached [pid 3823] chdir("./94") = 0 [pid 3823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3823] setpgid(0, 0) = 0 [pid 3823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3823] write(3, "1000", 4) = 4 [pid 3823] close(3) = 0 [pid 3823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3823] memfd_create("syzkaller", 0) = 3 [pid 3823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 63.588965][ T3821] loop0: detected capacity change from 0 to 512 [ 63.593838][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 63.607627][ T3821] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.615996][ T3821] EXT4-fs (loop0): 1 truncate cleaned up [pid 3823] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3823] close(3) = 0 [pid 3823] mkdir("./file0", 0777) = 0 [pid 3823] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3823] chdir("./file0") = 0 [pid 3823] ioctl(4, LOOP_CLR_FD) = 0 [pid 3823] close(4) = 0 [pid 3823] exit_group(0) = ? [pid 3823] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3823, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.671299][ T3823] loop0: detected capacity change from 0 to 512 [ 63.681804][ T3823] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.690525][ T3823] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3825 ./strace-static-x86_64: Process 3825 attached [pid 3825] chdir("./95") = 0 [pid 3825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3825] setpgid(0, 0) = 0 [pid 3825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3825] write(3, "1000", 4) = 4 [pid 3825] close(3) = 0 [pid 3825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3825] memfd_create("syzkaller", 0) = 3 [pid 3825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3825] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3825] close(3) = 0 [pid 3825] mkdir("./file0", 0777) = 0 [pid 3825] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3825] chdir("./file0") = 0 [pid 3825] ioctl(4, LOOP_CLR_FD) = 0 [pid 3825] close(4) = 0 [pid 3825] exit_group(0) = ? [pid 3825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3825, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3827 ./strace-static-x86_64: Process 3827 attached [pid 3827] chdir("./96") = 0 [pid 3827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3827] setpgid(0, 0) = 0 [pid 3827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3827] write(3, "1000", 4) = 4 [pid 3827] close(3) = 0 [pid 3827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3827] memfd_create("syzkaller", 0) = 3 [pid 3827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3827] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 63.754056][ T3825] loop0: detected capacity change from 0 to 512 [ 63.763705][ T3825] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.772539][ T3825] EXT4-fs (loop0): 1 truncate cleaned up [pid 3827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3827] close(3) = 0 [pid 3827] mkdir("./file0", 0777) = 0 [pid 3827] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3827] chdir("./file0") = 0 [pid 3827] ioctl(4, LOOP_CLR_FD) = 0 [pid 3827] close(4) = 0 [pid 3827] exit_group(0) = ? [pid 3827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3827, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3829 attached [pid 3829] chdir("./97") = 0 [pid 3829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3631] <... clone resumed>, child_tidptr=0x555555e325d0) = 3829 [pid 3829] <... prctl resumed>) = 0 [pid 3829] setpgid(0, 0) = 0 [pid 3829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3829] write(3, "1000", 4) = 4 [pid 3829] close(3) = 0 [ 63.812526][ T3827] loop0: detected capacity change from 0 to 512 [ 63.822715][ T3827] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.831515][ T3827] EXT4-fs (loop0): 1 truncate cleaned up [pid 3829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3829] memfd_create("syzkaller", 0) = 3 [pid 3829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3829] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3829] close(3) = 0 [pid 3829] mkdir("./file0", 0777) = 0 [pid 3829] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3829] chdir("./file0") = 0 [pid 3829] ioctl(4, LOOP_CLR_FD) = 0 [pid 3829] close(4) = 0 [pid 3829] exit_group(0) = ? [pid 3829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3829, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 63.872505][ T3829] loop0: detected capacity change from 0 to 512 [ 63.881853][ T3829] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.890411][ T3829] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3831 ./strace-static-x86_64: Process 3831 attached [pid 3831] chdir("./98") = 0 [pid 3831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3831] setpgid(0, 0) = 0 [pid 3831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3831] write(3, "1000", 4) = 4 [pid 3831] close(3) = 0 [pid 3831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3831] memfd_create("syzkaller", 0) = 3 [pid 3831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3831] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3831] close(3) = 0 [pid 3831] mkdir("./file0", 0777) = 0 [pid 3831] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3831] chdir("./file0") = 0 [pid 3831] ioctl(4, LOOP_CLR_FD) = 0 [pid 3831] close(4) = 0 [pid 3831] exit_group(0) = ? [pid 3831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3831, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3833 attached , child_tidptr=0x555555e325d0) = 3833 [pid 3833] chdir("./99") = 0 [pid 3833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3833] setpgid(0, 0) = 0 [ 63.927199][ T3831] loop0: detected capacity change from 0 to 512 [ 63.936176][ T3831] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.944390][ T3831] EXT4-fs (loop0): 1 truncate cleaned up [pid 3833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3833] write(3, "1000", 4) = 4 [pid 3833] close(3) = 0 [pid 3833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3833] memfd_create("syzkaller", 0) = 3 [pid 3833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3833] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3833] close(3) = 0 [pid 3833] mkdir("./file0", 0777) = 0 [pid 3833] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3833] chdir("./file0") = 0 [pid 3833] ioctl(4, LOOP_CLR_FD) = 0 [pid 3833] close(4) = 0 [pid 3833] exit_group(0) = ? [pid 3833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3833, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3835 ./strace-static-x86_64: Process 3835 attached [ 63.979995][ T3833] loop0: detected capacity change from 0 to 512 [ 63.989342][ T3833] EXT4-fs (loop0): orphan cleanup on readonly fs [ 63.998058][ T3833] EXT4-fs (loop0): 1 truncate cleaned up [pid 3835] chdir("./100") = 0 [pid 3835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3835] setpgid(0, 0) = 0 [pid 3835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3835] write(3, "1000", 4) = 4 [pid 3835] close(3) = 0 [pid 3835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3835] memfd_create("syzkaller", 0) = 3 [pid 3835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3835] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3835] close(3) = 0 [pid 3835] mkdir("./file0", 0777) = 0 [pid 3835] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3835] chdir("./file0") = 0 [pid 3835] ioctl(4, LOOP_CLR_FD) = 0 [pid 3835] close(4) = 0 [pid 3835] exit_group(0) = ? [pid 3835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3835, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 64.045481][ T3835] loop0: detected capacity change from 0 to 512 [ 64.054301][ T3835] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.062550][ T3835] EXT4-fs (loop0): 1 truncate cleaned up umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3837 ./strace-static-x86_64: Process 3837 attached [pid 3837] chdir("./101") = 0 [pid 3837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3837] setpgid(0, 0) = 0 [pid 3837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3837] write(3, "1000", 4) = 4 [pid 3837] close(3) = 0 [pid 3837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3837] memfd_create("syzkaller", 0) = 3 [pid 3837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3837] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3837] close(3) = 0 [pid 3837] mkdir("./file0", 0777) = 0 [pid 3837] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3837] chdir("./file0") = 0 [pid 3837] ioctl(4, LOOP_CLR_FD) = 0 [ 64.120354][ T3837] loop0: detected capacity change from 0 to 512 [ 64.129943][ T3837] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.137968][ T3837] EXT4-fs (loop0): 1 truncate cleaned up [pid 3837] close(4) = 0 [pid 3837] exit_group(0) = ? [pid 3837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3837, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3839 ./strace-static-x86_64: Process 3839 attached [pid 3839] chdir("./102") = 0 [pid 3839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3839] setpgid(0, 0) = 0 [pid 3839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3839] write(3, "1000", 4) = 4 [pid 3839] close(3) = 0 [pid 3839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3839] memfd_create("syzkaller", 0) = 3 [pid 3839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3839] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3839] close(3) = 0 [pid 3839] mkdir("./file0", 0777) = 0 [pid 3839] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3839] chdir("./file0") = 0 [pid 3839] ioctl(4, LOOP_CLR_FD) = 0 [pid 3839] close(4) = 0 [pid 3839] exit_group(0) = ? [pid 3839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3839, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 64.220943][ T3839] loop0: detected capacity change from 0 to 512 [ 64.231687][ T3839] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.239848][ T3839] EXT4-fs (loop0): 1 truncate cleaned up umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3841 ./strace-static-x86_64: Process 3841 attached [pid 3841] chdir("./103") = 0 [pid 3841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3841] setpgid(0, 0) = 0 [pid 3841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3841] write(3, "1000", 4) = 4 [pid 3841] close(3) = 0 [pid 3841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3841] memfd_create("syzkaller", 0) = 3 [pid 3841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3841] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3841] close(3) = 0 [pid 3841] mkdir("./file0", 0777) = 0 [pid 3841] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3841] chdir("./file0") = 0 [pid 3841] ioctl(4, LOOP_CLR_FD) = 0 [pid 3841] close(4) = 0 [pid 3841] exit_group(0) = ? [pid 3841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3841, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 64.315780][ T3841] loop0: detected capacity change from 0 to 512 [ 64.325125][ T3841] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.333946][ T3841] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3843 ./strace-static-x86_64: Process 3843 attached [pid 3843] chdir("./104") = 0 [pid 3843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3843] setpgid(0, 0) = 0 [pid 3843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3843] write(3, "1000", 4) = 4 [pid 3843] close(3) = 0 [pid 3843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3843] memfd_create("syzkaller", 0) = 3 [pid 3843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3843] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3843] close(3) = 0 [pid 3843] mkdir("./file0", 0777) = 0 [pid 3843] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3843] chdir("./file0") = 0 [pid 3843] ioctl(4, LOOP_CLR_FD) = 0 [pid 3843] close(4) = 0 [pid 3843] exit_group(0) = ? [pid 3843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3843, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 64.384560][ T3843] loop0: detected capacity change from 0 to 512 [ 64.386868][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 64.402942][ T3843] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.413055][ T3843] EXT4-fs (loop0): 1 truncate cleaned up umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3845 ./strace-static-x86_64: Process 3845 attached [pid 3845] chdir("./105") = 0 [pid 3845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3845] setpgid(0, 0) = 0 [pid 3845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3845] write(3, "1000", 4) = 4 [pid 3845] close(3) = 0 [pid 3845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3845] memfd_create("syzkaller", 0) = 3 [pid 3845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3845] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3845] close(3) = 0 [pid 3845] mkdir("./file0", 0777) = 0 [pid 3845] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3845] chdir("./file0") = 0 [pid 3845] ioctl(4, LOOP_CLR_FD) = 0 [pid 3845] close(4) = 0 [pid 3845] exit_group(0) = ? [pid 3845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3845, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3847 ./strace-static-x86_64: Process 3847 attached [pid 3847] chdir("./106") = 0 [pid 3847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3847] setpgid(0, 0) = 0 [pid 3847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3847] write(3, "1000", 4) = 4 [pid 3847] close(3) = 0 [pid 3847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3847] memfd_create("syzkaller", 0) = 3 [pid 3847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 64.480232][ T3845] loop0: detected capacity change from 0 to 512 [ 64.490167][ T3845] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.498165][ T3845] EXT4-fs (loop0): 1 truncate cleaned up [pid 3847] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3847] close(3) = 0 [pid 3847] mkdir("./file0", 0777) = 0 [pid 3847] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3847] chdir("./file0") = 0 [pid 3847] ioctl(4, LOOP_CLR_FD) = 0 [pid 3847] close(4) = 0 [pid 3847] exit_group(0) = ? [pid 3847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3847, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.541806][ T3847] loop0: detected capacity change from 0 to 512 [ 64.551253][ T3847] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.559701][ T3847] EXT4-fs (loop0): 1 truncate cleaned up lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3849 ./strace-static-x86_64: Process 3849 attached [pid 3849] chdir("./107") = 0 [pid 3849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3849] setpgid(0, 0) = 0 [pid 3849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3849] write(3, "1000", 4) = 4 [pid 3849] close(3) = 0 [pid 3849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3849] memfd_create("syzkaller", 0) = 3 [pid 3849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3849] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3849] close(3) = 0 [pid 3849] mkdir("./file0", 0777) = 0 [pid 3849] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3849] chdir("./file0") = 0 [pid 3849] ioctl(4, LOOP_CLR_FD) = 0 [pid 3849] close(4) = 0 [pid 3849] exit_group(0) = ? [pid 3849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3849, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 [ 64.616979][ T3849] loop0: detected capacity change from 0 to 512 [ 64.626664][ T3849] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.635380][ T3849] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3851 attached [pid 3851] chdir("./108") = 0 [pid 3851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3851] setpgid(0, 0) = 0 [pid 3851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3631] <... clone resumed>, child_tidptr=0x555555e325d0) = 3851 [pid 3851] <... openat resumed>) = 3 [pid 3851] write(3, "1000", 4) = 4 [pid 3851] close(3) = 0 [pid 3851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3851] memfd_create("syzkaller", 0) = 3 [pid 3851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3851] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3851] close(3) = 0 [pid 3851] mkdir("./file0", 0777) = 0 [pid 3851] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3851] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3851] chdir("./file0") = 0 [pid 3851] ioctl(4, LOOP_CLR_FD) = 0 [pid 3851] close(4) = 0 [pid 3851] exit_group(0) = ? [pid 3851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3851, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 [ 64.687037][ T3851] loop0: detected capacity change from 0 to 512 [ 64.696047][ T3851] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.704209][ T3851] EXT4-fs (loop0): 1 truncate cleaned up umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3853 ./strace-static-x86_64: Process 3853 attached [pid 3853] chdir("./109") = 0 [pid 3853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3853] setpgid(0, 0) = 0 [pid 3853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3853] write(3, "1000", 4) = 4 [pid 3853] close(3) = 0 [pid 3853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3853] memfd_create("syzkaller", 0) = 3 [pid 3853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3853] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3853] close(3) = 0 [pid 3853] mkdir("./file0", 0777) = 0 [pid 3853] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3853] chdir("./file0") = 0 [pid 3853] ioctl(4, LOOP_CLR_FD) = 0 [pid 3853] close(4) = 0 [pid 3853] exit_group(0) = ? [pid 3853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3853, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3855 ./strace-static-x86_64: Process 3855 attached [pid 3855] chdir("./110") = 0 [pid 3855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3855] setpgid(0, 0) = 0 [pid 3855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3855] write(3, "1000", 4) = 4 [pid 3855] close(3) = 0 [pid 3855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3855] memfd_create("syzkaller", 0) = 3 [pid 3855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3855] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.762900][ T3853] loop0: detected capacity change from 0 to 512 [ 64.766433][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 64.781206][ T3853] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.790172][ T3853] EXT4-fs (loop0): 1 truncate cleaned up [pid 3855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3855] close(3) = 0 [pid 3855] mkdir("./file0", 0777) = 0 [pid 3855] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3855] chdir("./file0") = 0 [pid 3855] ioctl(4, LOOP_CLR_FD) = 0 [pid 3855] close(4) = 0 [pid 3855] exit_group(0) = ? [pid 3855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3855, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 64.828822][ T3855] loop0: detected capacity change from 0 to 512 [ 64.829875][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 64.848110][ T3855] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.857818][ T3855] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3857 ./strace-static-x86_64: Process 3857 attached [pid 3857] chdir("./111") = 0 [pid 3857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3857] setpgid(0, 0) = 0 [pid 3857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3857] write(3, "1000", 4) = 4 [pid 3857] close(3) = 0 [pid 3857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3857] memfd_create("syzkaller", 0) = 3 [pid 3857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3857] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3857] close(3) = 0 [pid 3857] mkdir("./file0", 0777) = 0 [pid 3857] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3857] chdir("./file0") = 0 [pid 3857] ioctl(4, LOOP_CLR_FD) = 0 [pid 3857] close(4) = 0 [pid 3857] exit_group(0) = ? [pid 3857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3857, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3859 ./strace-static-x86_64: Process 3859 attached [pid 3859] chdir("./112") = 0 [pid 3859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3859] setpgid(0, 0) = 0 [pid 3859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3859] write(3, "1000", 4) = 4 [pid 3859] close(3) = 0 [pid 3859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3859] memfd_create("syzkaller", 0) = 3 [pid 3859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3859] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.922372][ T3857] loop0: detected capacity change from 0 to 512 [ 64.931624][ T3857] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.940634][ T3857] EXT4-fs (loop0): 1 truncate cleaned up [pid 3859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3859] close(3) = 0 [pid 3859] mkdir("./file0", 0777) = 0 [pid 3859] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3859] chdir("./file0") = 0 [pid 3859] ioctl(4, LOOP_CLR_FD) = 0 [pid 3859] close(4) = 0 [pid 3859] exit_group(0) = ? [pid 3859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3859, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3861 ./strace-static-x86_64: Process 3861 attached [pid 3861] chdir("./113") = 0 [pid 3861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3861] setpgid(0, 0) = 0 [pid 3861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3861] write(3, "1000", 4) = 4 [ 64.978232][ T3859] loop0: detected capacity change from 0 to 512 [ 64.987688][ T3859] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.995994][ T3859] EXT4-fs (loop0): 1 truncate cleaned up [pid 3861] close(3) = 0 [pid 3861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3861] memfd_create("syzkaller", 0) = 3 [pid 3861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3861] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3861] close(3) = 0 [pid 3861] mkdir("./file0", 0777) = 0 [pid 3861] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3861] chdir("./file0") = 0 [pid 3861] ioctl(4, LOOP_CLR_FD) = 0 [pid 3861] close(4) = 0 [pid 3861] exit_group(0) = ? [pid 3861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3861, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 [ 65.046084][ T3861] loop0: detected capacity change from 0 to 512 [ 65.055613][ T3861] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.064087][ T3861] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3863 ./strace-static-x86_64: Process 3863 attached [pid 3863] chdir("./114") = 0 [pid 3863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3863] setpgid(0, 0) = 0 [pid 3863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3863] write(3, "1000", 4) = 4 [pid 3863] close(3) = 0 [pid 3863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3863] memfd_create("syzkaller", 0) = 3 [pid 3863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3863] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3863] close(3) = 0 [pid 3863] mkdir("./file0", 0777) = 0 [pid 3863] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3863] chdir("./file0") = 0 [pid 3863] ioctl(4, LOOP_CLR_FD) = 0 [pid 3863] close(4) = 0 [pid 3863] exit_group(0) = ? [pid 3863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3863, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 65.117273][ T3863] loop0: detected capacity change from 0 to 512 [ 65.126581][ T3863] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.134483][ T3863] EXT4-fs (loop0): 1 truncate cleaned up umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3865 ./strace-static-x86_64: Process 3865 attached [pid 3865] chdir("./115") = 0 [pid 3865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3865] setpgid(0, 0) = 0 [pid 3865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3865] write(3, "1000", 4) = 4 [pid 3865] close(3) = 0 [pid 3865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3865] memfd_create("syzkaller", 0) = 3 [pid 3865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3865] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3865] close(3) = 0 [pid 3865] mkdir("./file0", 0777) = 0 [pid 3865] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3865] chdir("./file0") = 0 [pid 3865] ioctl(4, LOOP_CLR_FD) = 0 [pid 3865] close(4) = 0 [pid 3865] exit_group(0) = ? [pid 3865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3865, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3867 ./strace-static-x86_64: Process 3867 attached [pid 3867] chdir("./116") = 0 [pid 3867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3867] setpgid(0, 0) = 0 [ 65.188935][ T3865] loop0: detected capacity change from 0 to 512 [ 65.203905][ T3865] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.212320][ T3865] EXT4-fs (loop0): 1 truncate cleaned up [pid 3867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3867] write(3, "1000", 4) = 4 [pid 3867] close(3) = 0 [pid 3867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3867] memfd_create("syzkaller", 0) = 3 [pid 3867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3867] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3867] close(3) = 0 [pid 3867] mkdir("./file0", 0777) = 0 [pid 3867] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3867] chdir("./file0") = 0 [pid 3867] ioctl(4, LOOP_CLR_FD) = 0 [pid 3867] close(4) = 0 [pid 3867] exit_group(0) = ? [pid 3867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3867, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 [ 65.275867][ T3867] loop0: detected capacity change from 0 to 512 [ 65.285119][ T3867] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.293764][ T3867] EXT4-fs (loop0): 1 truncate cleaned up mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3869 ./strace-static-x86_64: Process 3869 attached [pid 3869] chdir("./117") = 0 [pid 3869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3869] setpgid(0, 0) = 0 [pid 3869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3869] write(3, "1000", 4) = 4 [pid 3869] close(3) = 0 [pid 3869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3869] memfd_create("syzkaller", 0) = 3 [pid 3869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3869] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3869] close(3) = 0 [pid 3869] mkdir("./file0", 0777) = 0 [pid 3869] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3869] chdir("./file0") = 0 [pid 3869] ioctl(4, LOOP_CLR_FD) = 0 [pid 3869] close(4) = 0 [pid 3869] exit_group(0) = ? [pid 3869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3869, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3871 ./strace-static-x86_64: Process 3871 attached [pid 3871] chdir("./118") = 0 [pid 3871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3871] setpgid(0, 0) = 0 [pid 3871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3871] write(3, "1000", 4) = 4 [pid 3871] close(3) = 0 [pid 3871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3871] memfd_create("syzkaller", 0) = 3 [pid 3871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3871] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.350965][ T3869] loop0: detected capacity change from 0 to 512 [ 65.360595][ T3869] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.368749][ T3869] EXT4-fs (loop0): 1 truncate cleaned up [pid 3871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3871] close(3) = 0 [pid 3871] mkdir("./file0", 0777) = 0 [pid 3871] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3871] chdir("./file0") = 0 [pid 3871] ioctl(4, LOOP_CLR_FD) = 0 [pid 3871] close(4) = 0 [pid 3871] exit_group(0) = ? [pid 3871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3871, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3873 ./strace-static-x86_64: Process 3873 attached [pid 3873] chdir("./119") = 0 [pid 3873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3873] setpgid(0, 0) = 0 [pid 3873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3873] write(3, "1000", 4) = 4 [pid 3873] close(3) = 0 [pid 3873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3873] memfd_create("syzkaller", 0) = 3 [pid 3873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 65.406086][ T3871] loop0: detected capacity change from 0 to 512 [ 65.407882][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 65.424365][ T3871] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.434833][ T3871] EXT4-fs (loop0): 1 truncate cleaned up [pid 3873] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3873] close(3) = 0 [pid 3873] mkdir("./file0", 0777) = 0 [pid 3873] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3873] chdir("./file0") = 0 [pid 3873] ioctl(4, LOOP_CLR_FD) = 0 [pid 3873] close(4) = 0 [pid 3873] exit_group(0) = ? [pid 3873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 [ 65.481915][ T3873] loop0: detected capacity change from 0 to 512 [ 65.492003][ T3873] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.501520][ T3873] EXT4-fs (loop0): 1 truncate cleaned up umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3875 ./strace-static-x86_64: Process 3875 attached [pid 3875] chdir("./120") = 0 [pid 3875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3875] setpgid(0, 0) = 0 [pid 3875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3875] write(3, "1000", 4) = 4 [pid 3875] close(3) = 0 [pid 3875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3875] memfd_create("syzkaller", 0) = 3 [pid 3875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3875] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3875] close(3) = 0 [pid 3875] mkdir("./file0", 0777) = 0 [pid 3875] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3875] chdir("./file0") = 0 [pid 3875] ioctl(4, LOOP_CLR_FD) = 0 [pid 3875] close(4) = 0 [pid 3875] exit_group(0) = ? [pid 3875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3877 attached , child_tidptr=0x555555e325d0) = 3877 [pid 3877] chdir("./121") = 0 [pid 3877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3877] setpgid(0, 0) = 0 [pid 3877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3877] write(3, "1000", 4) = 4 [pid 3877] close(3) = 0 [pid 3877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3877] memfd_create("syzkaller", 0) = 3 [pid 3877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3877] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.563563][ T3875] loop0: detected capacity change from 0 to 512 [ 65.583165][ T3875] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.592707][ T3875] EXT4-fs (loop0): 1 truncate cleaned up [pid 3877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3877] close(3) = 0 [pid 3877] mkdir("./file0", 0777) = 0 [pid 3877] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3877] chdir("./file0") = 0 [pid 3877] ioctl(4, LOOP_CLR_FD) = 0 [pid 3877] close(4) = 0 [pid 3877] exit_group(0) = ? [ 65.638777][ T3877] loop0: detected capacity change from 0 to 512 [ 65.647909][ T3877] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.656118][ T3877] EXT4-fs (loop0): 1 truncate cleaned up [pid 3877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3879 ./strace-static-x86_64: Process 3879 attached [pid 3879] chdir("./122") = 0 [pid 3879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3879] setpgid(0, 0) = 0 [pid 3879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3879] write(3, "1000", 4) = 4 [pid 3879] close(3) = 0 [pid 3879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3879] memfd_create("syzkaller", 0) = 3 [pid 3879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3879] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3879] close(3) = 0 [pid 3879] mkdir("./file0", 0777) = 0 [pid 3879] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3879] chdir("./file0") = 0 [pid 3879] ioctl(4, LOOP_CLR_FD) = 0 [pid 3879] close(4) = 0 [pid 3879] exit_group(0) = ? [pid 3879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3881 ./strace-static-x86_64: Process 3881 attached [pid 3881] chdir("./123") = 0 [pid 3881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3881] setpgid(0, 0) = 0 [ 65.722853][ T3879] loop0: detected capacity change from 0 to 512 [ 65.732000][ T3879] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.741106][ T3879] EXT4-fs (loop0): 1 truncate cleaned up [pid 3881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3881] write(3, "1000", 4) = 4 [pid 3881] close(3) = 0 [pid 3881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3881] memfd_create("syzkaller", 0) = 3 [pid 3881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3881] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3881] close(3) = 0 [pid 3881] mkdir("./file0", 0777) = 0 [pid 3881] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3881] chdir("./file0") = 0 [pid 3881] ioctl(4, LOOP_CLR_FD) = 0 [pid 3881] close(4) = 0 [pid 3881] exit_group(0) = ? [pid 3881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3883 ./strace-static-x86_64: Process 3883 attached [pid 3883] chdir("./124") = 0 [pid 3883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3883] setpgid(0, 0) = 0 [pid 3883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3883] write(3, "1000", 4) = 4 [pid 3883] close(3) = 0 [pid 3883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3883] memfd_create("syzkaller", 0) = 3 [pid 3883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3883] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.789662][ T3881] loop0: detected capacity change from 0 to 512 [ 65.799493][ T3881] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.807377][ T3881] EXT4-fs (loop0): 1 truncate cleaned up [pid 3883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3883] close(3) = 0 [pid 3883] mkdir("./file0", 0777) = 0 [pid 3883] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3883] chdir("./file0") = 0 [pid 3883] ioctl(4, LOOP_CLR_FD) = 0 [pid 3883] close(4) = 0 [pid 3883] exit_group(0) = ? [ 65.837647][ T3883] loop0: detected capacity change from 0 to 512 [ 65.840074][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 65.856871][ T3883] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.864940][ T3883] EXT4-fs (loop0): 1 truncate cleaned up [pid 3883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3883, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3885 ./strace-static-x86_64: Process 3885 attached [pid 3885] chdir("./125") = 0 [pid 3885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3885] setpgid(0, 0) = 0 [pid 3885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3885] write(3, "1000", 4) = 4 [pid 3885] close(3) = 0 [pid 3885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3885] memfd_create("syzkaller", 0) = 3 [pid 3885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3885] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3885] close(3) = 0 [pid 3885] mkdir("./file0", 0777) = 0 [pid 3885] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3885] chdir("./file0") = 0 [pid 3885] ioctl(4, LOOP_CLR_FD) = 0 [pid 3885] close(4) = 0 [pid 3885] exit_group(0) = ? [pid 3885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3885, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3887 ./strace-static-x86_64: Process 3887 attached [pid 3887] chdir("./126") = 0 [pid 3887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3887] setpgid(0, 0) = 0 [pid 3887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3887] write(3, "1000", 4) = 4 [pid 3887] close(3) = 0 [pid 3887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3887] memfd_create("syzkaller", 0) = 3 [pid 3887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3887] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.938368][ T3885] loop0: detected capacity change from 0 to 512 [ 65.941537][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 65.956553][ T3885] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.965929][ T3885] EXT4-fs (loop0): 1 truncate cleaned up [pid 3887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3887] close(3) = 0 [pid 3887] mkdir("./file0", 0777) = 0 [pid 3887] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3887] chdir("./file0") = 0 [pid 3887] ioctl(4, LOOP_CLR_FD) = 0 [pid 3887] close(4) = 0 [pid 3887] exit_group(0) = ? [pid 3887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3887, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3889 ./strace-static-x86_64: Process 3889 attached [pid 3889] chdir("./127") = 0 [pid 3889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3889] setpgid(0, 0) = 0 [pid 3889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3889] write(3, "1000", 4) = 4 [pid 3889] close(3) = 0 [pid 3889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3889] memfd_create("syzkaller", 0) = 3 [pid 3889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3889] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.009587][ T3887] loop0: detected capacity change from 0 to 512 [ 66.013995][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.027439][ T3887] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.039220][ T3887] EXT4-fs (loop0): 1 truncate cleaned up [pid 3889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3889] close(3) = 0 [pid 3889] mkdir("./file0", 0777) = 0 [pid 3889] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3889] chdir("./file0") = 0 [pid 3889] ioctl(4, LOOP_CLR_FD) = 0 [pid 3889] close(4) = 0 [pid 3889] exit_group(0) = ? [pid 3889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3889, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3891 ./strace-static-x86_64: Process 3891 attached [pid 3891] chdir("./128") = 0 [pid 3891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3891] setpgid(0, 0) = 0 [pid 3891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3891] write(3, "1000", 4) = 4 [pid 3891] close(3) = 0 [pid 3891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3891] memfd_create("syzkaller", 0) = 3 [pid 3891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 66.082043][ T3889] loop0: detected capacity change from 0 to 512 [ 66.091583][ T3889] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.100214][ T3889] EXT4-fs (loop0): 1 truncate cleaned up [pid 3891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3891] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3891] close(3) = 0 [pid 3891] mkdir("./file0", 0777) = 0 [pid 3891] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3891] chdir("./file0") = 0 [pid 3891] ioctl(4, LOOP_CLR_FD) = 0 [pid 3891] close(4) = 0 [pid 3891] exit_group(0) = ? [ 66.147097][ T3891] loop0: detected capacity change from 0 to 512 [ 66.156599][ T3891] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.165036][ T3891] EXT4-fs (loop0): 1 truncate cleaned up [pid 3891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3891, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3893 ./strace-static-x86_64: Process 3893 attached [pid 3893] chdir("./129") = 0 [pid 3893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3893] setpgid(0, 0) = 0 [pid 3893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3893] write(3, "1000", 4) = 4 [pid 3893] close(3) = 0 [pid 3893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3893] memfd_create("syzkaller", 0) = 3 [pid 3893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3893] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3893] close(3) = 0 [pid 3893] mkdir("./file0", 0777) = 0 [pid 3893] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3893] chdir("./file0") = 0 [pid 3893] ioctl(4, LOOP_CLR_FD) = 0 [pid 3893] close(4) = 0 [pid 3893] exit_group(0) = ? [pid 3893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3893, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 66.236068][ T3893] loop0: detected capacity change from 0 to 512 [ 66.246398][ T3893] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.255546][ T3893] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3895 ./strace-static-x86_64: Process 3895 attached [pid 3895] chdir("./130") = 0 [pid 3895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3895] setpgid(0, 0) = 0 [pid 3895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3895] write(3, "1000", 4) = 4 [pid 3895] close(3) = 0 [pid 3895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3895] memfd_create("syzkaller", 0) = 3 [pid 3895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3895] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3895] close(3) = 0 [pid 3895] mkdir("./file0", 0777) = 0 [pid 3895] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3895] chdir("./file0") = 0 [pid 3895] ioctl(4, LOOP_CLR_FD) = 0 [pid 3895] close(4) = 0 [pid 3895] exit_group(0) = ? [pid 3895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3895, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3897 ./strace-static-x86_64: Process 3897 attached [pid 3897] chdir("./131") = 0 [pid 3897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3897] setpgid(0, 0) = 0 [pid 3897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3897] write(3, "1000", 4) = 4 [pid 3897] close(3) = 0 [pid 3897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3897] memfd_create("syzkaller", 0) = 3 [pid 3897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3897] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.317193][ T3895] loop0: detected capacity change from 0 to 512 [ 66.327611][ T3895] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.335851][ T3895] EXT4-fs (loop0): 1 truncate cleaned up [pid 3897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3897] close(3) = 0 [pid 3897] mkdir("./file0", 0777) = 0 [pid 3897] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3897] chdir("./file0") = 0 [pid 3897] ioctl(4, LOOP_CLR_FD) = 0 [pid 3897] close(4) = 0 [pid 3897] exit_group(0) = ? [pid 3897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3897, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3899 ./strace-static-x86_64: Process 3899 attached [pid 3899] chdir("./132") = 0 [pid 3899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3899] setpgid(0, 0) = 0 [pid 3899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3899] write(3, "1000", 4) = 4 [pid 3899] close(3) = 0 [pid 3899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3899] memfd_create("syzkaller", 0) = 3 [pid 3899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3899] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.371810][ T3897] loop0: detected capacity change from 0 to 512 [ 66.381154][ T3897] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.390181][ T3897] EXT4-fs (loop0): 1 truncate cleaned up [pid 3899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3899] close(3) = 0 [pid 3899] mkdir("./file0", 0777) = 0 [pid 3899] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3899] chdir("./file0") = 0 [pid 3899] ioctl(4, LOOP_CLR_FD) = 0 [pid 3899] close(4) = 0 [pid 3899] exit_group(0) = ? [pid 3899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3899, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3901 ./strace-static-x86_64: Process 3901 attached [pid 3901] chdir("./133") = 0 [pid 3901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3901] setpgid(0, 0) = 0 [pid 3901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3901] write(3, "1000", 4) = 4 [pid 3901] close(3) = 0 [pid 3901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3901] memfd_create("syzkaller", 0) = 3 [pid 3901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3901] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.428902][ T3899] loop0: detected capacity change from 0 to 512 [ 66.430829][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.447876][ T3899] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.456560][ T3899] EXT4-fs (loop0): 1 truncate cleaned up [pid 3901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3901] close(3) = 0 [pid 3901] mkdir("./file0", 0777) = 0 [pid 3901] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3901] chdir("./file0") = 0 [pid 3901] ioctl(4, LOOP_CLR_FD) = 0 [pid 3901] close(4) = 0 [pid 3901] exit_group(0) = ? [pid 3901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3901, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3903 ./strace-static-x86_64: Process 3903 attached [pid 3903] chdir("./134") = 0 [pid 3903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3903] setpgid(0, 0) = 0 [pid 3903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 66.494586][ T3901] loop0: detected capacity change from 0 to 512 [ 66.505297][ T3901] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.514454][ T3901] EXT4-fs (loop0): 1 truncate cleaned up [pid 3903] write(3, "1000", 4) = 4 [pid 3903] close(3) = 0 [pid 3903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3903] memfd_create("syzkaller", 0) = 3 [pid 3903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3903] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3903] close(3) = 0 [pid 3903] mkdir("./file0", 0777) = 0 [pid 3903] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3903] chdir("./file0") = 0 [pid 3903] ioctl(4, LOOP_CLR_FD) = 0 [pid 3903] close(4) = 0 [pid 3903] exit_group(0) = ? [pid 3903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3903, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3905 ./strace-static-x86_64: Process 3905 attached [pid 3905] chdir("./135") = 0 [pid 3905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3905] setpgid(0, 0) = 0 [pid 3905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3905] write(3, "1000", 4) = 4 [ 66.582143][ T3903] loop0: detected capacity change from 0 to 512 [ 66.591310][ T3903] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.600389][ T3903] EXT4-fs (loop0): 1 truncate cleaned up [pid 3905] close(3) = 0 [pid 3905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3905] memfd_create("syzkaller", 0) = 3 [pid 3905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3905] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3905] close(3) = 0 [pid 3905] mkdir("./file0", 0777) = 0 [pid 3905] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3905] chdir("./file0") = 0 [pid 3905] ioctl(4, LOOP_CLR_FD) = 0 [pid 3905] close(4) = 0 [pid 3905] exit_group(0) = ? [pid 3905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3905, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3907 ./strace-static-x86_64: Process 3907 attached [pid 3907] chdir("./136") = 0 [pid 3907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3907] setpgid(0, 0) = 0 [pid 3907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3907] write(3, "1000", 4) = 4 [pid 3907] close(3) = 0 [pid 3907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3907] memfd_create("syzkaller", 0) = 3 [pid 3907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3907] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.646411][ T3905] loop0: detected capacity change from 0 to 512 [ 66.665934][ T3905] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.673863][ T3905] EXT4-fs (loop0): 1 truncate cleaned up [pid 3907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3907] close(3) = 0 [pid 3907] mkdir("./file0", 0777) = 0 [pid 3907] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3907] chdir("./file0") = 0 [pid 3907] ioctl(4, LOOP_CLR_FD) = 0 [pid 3907] close(4) = 0 [pid 3907] exit_group(0) = ? [pid 3907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3907, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3909 ./strace-static-x86_64: Process 3909 attached [pid 3909] chdir("./137") = 0 [pid 3909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3909] setpgid(0, 0) = 0 [pid 3909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3909] write(3, "1000", 4) = 4 [pid 3909] close(3) = 0 [pid 3909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3909] memfd_create("syzkaller", 0) = 3 [pid 3909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3909] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.720363][ T3907] loop0: detected capacity change from 0 to 512 [ 66.723122][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.738645][ T3907] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.747597][ T3907] EXT4-fs (loop0): 1 truncate cleaned up [pid 3909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3909] close(3) = 0 [pid 3909] mkdir("./file0", 0777) = 0 [pid 3909] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3909] chdir("./file0") = 0 [pid 3909] ioctl(4, LOOP_CLR_FD) = 0 [pid 3909] close(4) = 0 [pid 3909] exit_group(0) = ? [pid 3909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3909, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3911 ./strace-static-x86_64: Process 3911 attached [pid 3911] chdir("./138") = 0 [pid 3911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3911] setpgid(0, 0) = 0 [pid 3911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3911] write(3, "1000", 4) = 4 [pid 3911] close(3) = 0 [pid 3911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3911] memfd_create("syzkaller", 0) = 3 [pid 3911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3911] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.792967][ T3909] loop0: detected capacity change from 0 to 512 [ 66.802235][ T3909] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.810536][ T3909] EXT4-fs (loop0): 1 truncate cleaned up [pid 3911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3911] close(3) = 0 [pid 3911] mkdir("./file0", 0777) = 0 [pid 3911] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3911] chdir("./file0") = 0 [pid 3911] ioctl(4, LOOP_CLR_FD) = 0 [pid 3911] close(4) = 0 [pid 3911] exit_group(0) = ? [pid 3911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3911, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 66.839914][ T3911] loop0: detected capacity change from 0 to 512 [ 66.842211][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.857526][ T3911] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.866314][ T3911] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3913 ./strace-static-x86_64: Process 3913 attached [pid 3913] chdir("./139") = 0 [pid 3913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3913] setpgid(0, 0) = 0 [pid 3913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3913] write(3, "1000", 4) = 4 [pid 3913] close(3) = 0 [pid 3913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3913] memfd_create("syzkaller", 0) = 3 [pid 3913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3913] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3913] close(3) = 0 [pid 3913] mkdir("./file0", 0777) = 0 [pid 3913] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3913] chdir("./file0") = 0 [pid 3913] ioctl(4, LOOP_CLR_FD) = 0 [pid 3913] close(4) = 0 [pid 3913] exit_group(0) = ? [pid 3913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3913, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3915 ./strace-static-x86_64: Process 3915 attached [pid 3915] chdir("./140") = 0 [pid 3915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3915] setpgid(0, 0) = 0 [pid 3915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3915] write(3, "1000", 4) = 4 [pid 3915] close(3) = 0 [pid 3915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3915] memfd_create("syzkaller", 0) = 3 [pid 3915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3915] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.932037][ T3913] loop0: detected capacity change from 0 to 512 [ 66.935419][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.952275][ T3913] EXT4-fs (loop0): orphan cleanup on readonly fs [ 66.960658][ T3913] EXT4-fs (loop0): 1 truncate cleaned up [pid 3915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3915] close(3) = 0 [pid 3915] mkdir("./file0", 0777) = 0 [pid 3915] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3915] chdir("./file0") = 0 [pid 3915] ioctl(4, LOOP_CLR_FD) = 0 [pid 3915] close(4) = 0 [pid 3915] exit_group(0) = ? [pid 3915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3915, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3917 ./strace-static-x86_64: Process 3917 attached [pid 3917] chdir("./141") = 0 [pid 3917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3917] setpgid(0, 0) = 0 [pid 3917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3917] write(3, "1000", 4) = 4 [pid 3917] close(3) = 0 [pid 3917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3917] memfd_create("syzkaller", 0) = 3 [pid 3917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3917] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.002141][ T3915] loop0: detected capacity change from 0 to 512 [ 67.004798][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 67.018752][ T3915] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.026977][ T3915] EXT4-fs (loop0): 1 truncate cleaned up [pid 3917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3917] close(3) = 0 [pid 3917] mkdir("./file0", 0777) = 0 [pid 3917] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3917] chdir("./file0") = 0 [pid 3917] ioctl(4, LOOP_CLR_FD) = 0 [pid 3917] close(4) = 0 [pid 3917] exit_group(0) = ? [pid 3917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3917, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3919 ./strace-static-x86_64: Process 3919 attached [pid 3919] chdir("./142") = 0 [pid 3919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3919] setpgid(0, 0) = 0 [pid 3919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3919] write(3, "1000", 4) = 4 [pid 3919] close(3) = 0 [pid 3919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3919] memfd_create("syzkaller", 0) = 3 [pid 3919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3919] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.068541][ T3917] loop0: detected capacity change from 0 to 512 [ 67.069839][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 67.084977][ T3917] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.093574][ T3917] EXT4-fs (loop0): 1 truncate cleaned up [pid 3919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3919] close(3) = 0 [pid 3919] mkdir("./file0", 0777) = 0 [pid 3919] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3919] chdir("./file0") = 0 [pid 3919] ioctl(4, LOOP_CLR_FD) = 0 [pid 3919] close(4) = 0 [pid 3919] exit_group(0) = ? [pid 3919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3919, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3921 ./strace-static-x86_64: Process 3921 attached [pid 3921] chdir("./143") = 0 [pid 3921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3921] setpgid(0, 0) = 0 [pid 3921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3921] write(3, "1000", 4) = 4 [pid 3921] close(3) = 0 [pid 3921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3921] memfd_create("syzkaller", 0) = 3 [pid 3921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3921] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.147369][ T3919] loop0: detected capacity change from 0 to 512 [ 67.156727][ T3919] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.165198][ T3919] EXT4-fs (loop0): 1 truncate cleaned up [pid 3921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3921] close(3) = 0 [pid 3921] mkdir("./file0", 0777) = 0 [pid 3921] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3921] chdir("./file0") = 0 [pid 3921] ioctl(4, LOOP_CLR_FD) = 0 [pid 3921] close(4) = 0 [pid 3921] exit_group(0) = ? [pid 3921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3921, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 67.206755][ T3921] loop0: detected capacity change from 0 to 512 [ 67.216445][ T3921] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.225417][ T3921] EXT4-fs (loop0): 1 truncate cleaned up fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3923 ./strace-static-x86_64: Process 3923 attached [pid 3923] chdir("./144") = 0 [pid 3923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3923] setpgid(0, 0) = 0 [pid 3923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3923] write(3, "1000", 4) = 4 [pid 3923] close(3) = 0 [pid 3923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3923] memfd_create("syzkaller", 0) = 3 [pid 3923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3923] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3923] close(3) = 0 [pid 3923] mkdir("./file0", 0777) = 0 [pid 3923] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3923] chdir("./file0") = 0 [pid 3923] ioctl(4, LOOP_CLR_FD) = 0 [pid 3923] close(4) = 0 [pid 3923] exit_group(0) = ? [pid 3923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3923, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 [ 67.287253][ T3923] loop0: detected capacity change from 0 to 512 [ 67.296680][ T3923] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.304869][ T3923] EXT4-fs (loop0): 1 truncate cleaned up mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3925 ./strace-static-x86_64: Process 3925 attached [pid 3925] chdir("./145") = 0 [pid 3925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3925] setpgid(0, 0) = 0 [pid 3925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3925] write(3, "1000", 4) = 4 [pid 3925] close(3) = 0 [pid 3925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3925] memfd_create("syzkaller", 0) = 3 [pid 3925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3925] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3925] close(3) = 0 [pid 3925] mkdir("./file0", 0777) = 0 [pid 3925] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3925] chdir("./file0") = 0 [pid 3925] ioctl(4, LOOP_CLR_FD) = 0 [pid 3925] close(4) = 0 [pid 3925] exit_group(0) = ? [pid 3925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3925, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3927 ./strace-static-x86_64: Process 3927 attached [pid 3927] chdir("./146") = 0 [pid 3927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3927] setpgid(0, 0) = 0 [pid 3927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3927] write(3, "1000", 4) = 4 [pid 3927] close(3) = 0 [pid 3927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3927] memfd_create("syzkaller", 0) = 3 [pid 3927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3927] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.362475][ T3925] loop0: detected capacity change from 0 to 512 [ 67.363346][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 67.380442][ T3925] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.389196][ T3925] EXT4-fs (loop0): 1 truncate cleaned up [pid 3927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3927] close(3) = 0 [pid 3927] mkdir("./file0", 0777) = 0 [pid 3927] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3927] chdir("./file0") = 0 [pid 3927] ioctl(4, LOOP_CLR_FD) = 0 [pid 3927] close(4) = 0 [pid 3927] exit_group(0) = ? [pid 3927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3927, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3929 ./strace-static-x86_64: Process 3929 attached [pid 3929] chdir("./147") = 0 [pid 3929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3929] setpgid(0, 0) = 0 [pid 3929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3929] write(3, "1000", 4) = 4 [pid 3929] close(3) = 0 [pid 3929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3929] memfd_create("syzkaller", 0) = 3 [pid 3929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3929] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.426844][ T3927] loop0: detected capacity change from 0 to 512 [ 67.436634][ T3927] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.446707][ T3927] EXT4-fs (loop0): 1 truncate cleaned up [pid 3929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3929] close(3) = 0 [pid 3929] mkdir("./file0", 0777) = 0 [pid 3929] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3929] chdir("./file0") = 0 [pid 3929] ioctl(4, LOOP_CLR_FD) = 0 [pid 3929] close(4) = 0 [pid 3929] exit_group(0) = ? [pid 3929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3929, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./147/binderfs") = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3931 ./strace-static-x86_64: Process 3931 attached [pid 3931] chdir("./148") = 0 [pid 3931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3931] setpgid(0, 0) = 0 [pid 3931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3931] write(3, "1000", 4) = 4 [pid 3931] close(3) = 0 [pid 3931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3931] memfd_create("syzkaller", 0) = 3 [pid 3931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 67.487211][ T3929] loop0: detected capacity change from 0 to 512 [ 67.497639][ T3929] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.505980][ T3929] EXT4-fs (loop0): 1 truncate cleaned up [pid 3931] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3931] close(3) = 0 [pid 3931] mkdir("./file0", 0777) = 0 [pid 3931] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3931] chdir("./file0") = 0 [pid 3931] ioctl(4, LOOP_CLR_FD) = 0 [pid 3931] close(4) = 0 [pid 3931] exit_group(0) = ? [pid 3931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3931, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3933 ./strace-static-x86_64: Process 3933 attached [pid 3933] chdir("./149") = 0 [pid 3933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3933] setpgid(0, 0) = 0 [pid 3933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3933] write(3, "1000", 4) = 4 [pid 3933] close(3) = 0 [pid 3933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3933] memfd_create("syzkaller", 0) = 3 [pid 3933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3933] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.549740][ T3931] loop0: detected capacity change from 0 to 512 [ 67.559241][ T3931] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.567532][ T3931] EXT4-fs (loop0): 1 truncate cleaned up [pid 3933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3933] close(3) = 0 [pid 3933] mkdir("./file0", 0777) = 0 [pid 3933] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3933] chdir("./file0") = 0 [pid 3933] ioctl(4, LOOP_CLR_FD) = 0 [pid 3933] close(4) = 0 [pid 3933] exit_group(0) = ? [pid 3933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3933, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 67.598618][ T3933] loop0: detected capacity change from 0 to 512 [ 67.602446][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 67.615554][ T3933] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.625071][ T3933] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./149/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3935 ./strace-static-x86_64: Process 3935 attached [pid 3935] chdir("./150") = 0 [pid 3935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3935] setpgid(0, 0) = 0 [pid 3935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3935] write(3, "1000", 4) = 4 [pid 3935] close(3) = 0 [pid 3935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3935] memfd_create("syzkaller", 0) = 3 [pid 3935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3935] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3935] close(3) = 0 [pid 3935] mkdir("./file0", 0777) = 0 [pid 3935] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3935] chdir("./file0") = 0 [pid 3935] ioctl(4, LOOP_CLR_FD) = 0 [pid 3935] close(4) = 0 [pid 3935] exit_group(0) = ? [pid 3935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3935, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3937 ./strace-static-x86_64: Process 3937 attached [pid 3937] chdir("./151") = 0 [pid 3937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3937] setpgid(0, 0) = 0 [pid 3937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3937] write(3, "1000", 4) = 4 [ 67.699784][ T3935] loop0: detected capacity change from 0 to 512 [ 67.709769][ T3935] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.718250][ T3935] EXT4-fs (loop0): 1 truncate cleaned up [pid 3937] close(3) = 0 [pid 3937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3937] memfd_create("syzkaller", 0) = 3 [pid 3937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3937] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3937] close(3) = 0 [pid 3937] mkdir("./file0", 0777) = 0 [pid 3937] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3937] chdir("./file0") = 0 [pid 3937] ioctl(4, LOOP_CLR_FD) = 0 [pid 3937] close(4) = 0 [pid 3937] exit_group(0) = ? [pid 3937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3937, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3939 attached , child_tidptr=0x555555e325d0) = 3939 [ 67.766277][ T3937] loop0: detected capacity change from 0 to 512 [ 67.776061][ T3937] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.784580][ T3937] EXT4-fs (loop0): 1 truncate cleaned up [pid 3939] chdir("./152") = 0 [pid 3939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3939] setpgid(0, 0) = 0 [pid 3939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3939] write(3, "1000", 4) = 4 [pid 3939] close(3) = 0 [pid 3939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3939] memfd_create("syzkaller", 0) = 3 [pid 3939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3939] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3939] close(3) = 0 [pid 3939] mkdir("./file0", 0777) = 0 [pid 3939] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3939] chdir("./file0") = 0 [pid 3939] ioctl(4, LOOP_CLR_FD) = 0 [pid 3939] close(4) = 0 [pid 3939] exit_group(0) = ? [pid 3939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3939, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3941 ./strace-static-x86_64: Process 3941 attached [pid 3941] chdir("./153") = 0 [pid 3941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3941] setpgid(0, 0) = 0 [pid 3941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3941] write(3, "1000", 4) = 4 [pid 3941] close(3) = 0 [pid 3941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3941] memfd_create("syzkaller", 0) = 3 [pid 3941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3941] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.840848][ T3939] loop0: detected capacity change from 0 to 512 [ 67.847755][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 67.860892][ T3939] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.869640][ T3939] EXT4-fs (loop0): 1 truncate cleaned up [pid 3941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3941] close(3) = 0 [pid 3941] mkdir("./file0", 0777) = 0 [pid 3941] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3941] chdir("./file0") = 0 [pid 3941] ioctl(4, LOOP_CLR_FD) = 0 [pid 3941] close(4) = 0 [pid 3941] exit_group(0) = ? [pid 3941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3941, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3943 ./strace-static-x86_64: Process 3943 attached [pid 3943] chdir("./154") = 0 [pid 3943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3943] setpgid(0, 0) = 0 [pid 3943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3943] write(3, "1000", 4) = 4 [pid 3943] close(3) = 0 [pid 3943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3943] memfd_create("syzkaller", 0) = 3 [pid 3943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3943] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.904010][ T3941] loop0: detected capacity change from 0 to 512 [ 67.906418][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 67.920985][ T3941] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.929514][ T3941] EXT4-fs (loop0): 1 truncate cleaned up [pid 3943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3943] close(3) = 0 [pid 3943] mkdir("./file0", 0777) = 0 [pid 3943] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3943] chdir("./file0") = 0 [pid 3943] ioctl(4, LOOP_CLR_FD) = 0 [pid 3943] close(4) = 0 [pid 3943] exit_group(0) = ? [pid 3943] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3943, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3945 ./strace-static-x86_64: Process 3945 attached [pid 3945] chdir("./155") = 0 [pid 3945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3945] setpgid(0, 0) = 0 [pid 3945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3945] write(3, "1000", 4) = 4 [pid 3945] close(3) = 0 [pid 3945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3945] memfd_create("syzkaller", 0) = 3 [pid 3945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3945] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.979320][ T3943] loop0: detected capacity change from 0 to 512 [ 67.989109][ T3943] EXT4-fs (loop0): orphan cleanup on readonly fs [ 67.997816][ T3943] EXT4-fs (loop0): 1 truncate cleaned up [pid 3945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3945] close(3) = 0 [pid 3945] mkdir("./file0", 0777) = 0 [pid 3945] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3945] chdir("./file0") = 0 [pid 3945] ioctl(4, LOOP_CLR_FD) = 0 [pid 3945] close(4) = 0 [pid 3945] exit_group(0) = ? [pid 3945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3945, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3947 ./strace-static-x86_64: Process 3947 attached [pid 3947] chdir("./156") = 0 [pid 3947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3947] setpgid(0, 0) = 0 [pid 3947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3947] write(3, "1000", 4) = 4 [pid 3947] close(3) = 0 [pid 3947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3947] memfd_create("syzkaller", 0) = 3 [pid 3947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3947] munmap(0x7fd1fcc00000, 262144) = 0 [ 68.033120][ T3945] loop0: detected capacity change from 0 to 512 [ 68.034473][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 68.049802][ T3945] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.059192][ T3945] EXT4-fs (loop0): 1 truncate cleaned up [pid 3947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3947] close(3) = 0 [pid 3947] mkdir("./file0", 0777) = 0 [pid 3947] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3947] chdir("./file0") = 0 [pid 3947] ioctl(4, LOOP_CLR_FD) = 0 [pid 3947] close(4) = 0 [pid 3947] exit_group(0) = ? [pid 3947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3947, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3949 ./strace-static-x86_64: Process 3949 attached [pid 3949] chdir("./157") = 0 [pid 3949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3949] setpgid(0, 0) = 0 [pid 3949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3949] write(3, "1000", 4) = 4 [pid 3949] close(3) = 0 [pid 3949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3949] memfd_create("syzkaller", 0) = 3 [pid 3949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3949] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.098723][ T3947] loop0: detected capacity change from 0 to 512 [ 68.108594][ T3947] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.116586][ T3947] EXT4-fs (loop0): 1 truncate cleaned up [pid 3949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3949] close(3) = 0 [pid 3949] mkdir("./file0", 0777) = 0 [pid 3949] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3949] chdir("./file0") = 0 [pid 3949] ioctl(4, LOOP_CLR_FD) = 0 [pid 3949] close(4) = 0 [pid 3949] exit_group(0) = ? [pid 3949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3949, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 68.158873][ T3949] loop0: detected capacity change from 0 to 512 [ 68.168526][ T3949] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.177163][ T3949] EXT4-fs (loop0): 1 truncate cleaned up unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3951 ./strace-static-x86_64: Process 3951 attached [pid 3951] chdir("./158") = 0 [pid 3951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3951] setpgid(0, 0) = 0 [pid 3951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3951] write(3, "1000", 4) = 4 [pid 3951] close(3) = 0 [pid 3951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3951] memfd_create("syzkaller", 0) = 3 [pid 3951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3951] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3951] close(3) = 0 [pid 3951] mkdir("./file0", 0777) = 0 [pid 3951] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3951] chdir("./file0") = 0 [pid 3951] ioctl(4, LOOP_CLR_FD) = 0 [pid 3951] close(4) = 0 [pid 3951] exit_group(0) = ? [pid 3951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3951, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 [ 68.244810][ T3951] loop0: detected capacity change from 0 to 512 [ 68.255389][ T3951] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.264152][ T3951] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3953 ./strace-static-x86_64: Process 3953 attached [pid 3953] chdir("./159") = 0 [pid 3953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3953] setpgid(0, 0) = 0 [pid 3953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3953] write(3, "1000", 4) = 4 [pid 3953] close(3) = 0 [pid 3953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3953] memfd_create("syzkaller", 0) = 3 [pid 3953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3953] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3953] close(3) = 0 [pid 3953] mkdir("./file0", 0777) = 0 [pid 3953] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3953] chdir("./file0") = 0 [pid 3953] ioctl(4, LOOP_CLR_FD) = 0 [pid 3953] close(4) = 0 [pid 3953] exit_group(0) = ? [pid 3953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3953, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3955 ./strace-static-x86_64: Process 3955 attached [pid 3955] chdir("./160") = 0 [pid 3955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3955] setpgid(0, 0) = 0 [pid 3955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3955] write(3, "1000", 4) = 4 [pid 3955] close(3) = 0 [pid 3955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3955] memfd_create("syzkaller", 0) = 3 [pid 3955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3955] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.315566][ T3953] loop0: detected capacity change from 0 to 512 [ 68.325039][ T3953] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.333969][ T3953] EXT4-fs (loop0): 1 truncate cleaned up [pid 3955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3955] close(3) = 0 [pid 3955] mkdir("./file0", 0777) = 0 [pid 3955] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3955] chdir("./file0") = 0 [pid 3955] ioctl(4, LOOP_CLR_FD) = 0 [pid 3955] close(4) = 0 [pid 3955] exit_group(0) = ? [pid 3955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3955, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 68.374022][ T3955] loop0: detected capacity change from 0 to 512 [ 68.383462][ T3955] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.392562][ T3955] EXT4-fs (loop0): 1 truncate cleaned up unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3957 attached , child_tidptr=0x555555e325d0) = 3957 [pid 3957] chdir("./161") = 0 [pid 3957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3957] setpgid(0, 0) = 0 [pid 3957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3957] write(3, "1000", 4) = 4 [pid 3957] close(3) = 0 [pid 3957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3957] memfd_create("syzkaller", 0) = 3 [pid 3957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3957] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3957] close(3) = 0 [pid 3957] mkdir("./file0", 0777) = 0 [pid 3957] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3957] chdir("./file0") = 0 [pid 3957] ioctl(4, LOOP_CLR_FD) = 0 [pid 3957] close(4) = 0 [pid 3957] exit_group(0) = ? [pid 3957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3957, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3959 ./strace-static-x86_64: Process 3959 attached [pid 3959] chdir("./162") = 0 [pid 3959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3959] setpgid(0, 0) = 0 [ 68.456454][ T3957] loop0: detected capacity change from 0 to 512 [ 68.465931][ T3957] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.474514][ T3957] EXT4-fs (loop0): 1 truncate cleaned up [pid 3959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3959] write(3, "1000", 4) = 4 [pid 3959] close(3) = 0 [pid 3959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3959] memfd_create("syzkaller", 0) = 3 [pid 3959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3959] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3959] close(3) = 0 [pid 3959] mkdir("./file0", 0777) = 0 [pid 3959] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3959] chdir("./file0") = 0 [pid 3959] ioctl(4, LOOP_CLR_FD) = 0 [pid 3959] close(4) = 0 [pid 3959] exit_group(0) = ? [pid 3959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3959, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3961 ./strace-static-x86_64: Process 3961 attached [pid 3961] chdir("./163") = 0 [pid 3961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3961] setpgid(0, 0) = 0 [pid 3961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3961] write(3, "1000", 4) = 4 [pid 3961] close(3) = 0 [pid 3961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3961] memfd_create("syzkaller", 0) = 3 [pid 3961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3961] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.524478][ T3959] loop0: detected capacity change from 0 to 512 [ 68.535366][ T3959] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.544236][ T3959] EXT4-fs (loop0): 1 truncate cleaned up [pid 3961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3961] close(3) = 0 [pid 3961] mkdir("./file0", 0777) = 0 [pid 3961] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3961] chdir("./file0") = 0 [pid 3961] ioctl(4, LOOP_CLR_FD) = 0 [pid 3961] close(4) = 0 [pid 3961] exit_group(0) = ? [pid 3961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3961, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3963 ./strace-static-x86_64: Process 3963 attached [pid 3963] chdir("./164") = 0 [pid 3963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3963] setpgid(0, 0) = 0 [pid 3963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3963] write(3, "1000", 4) = 4 [pid 3963] close(3) = 0 [pid 3963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3963] memfd_create("syzkaller", 0) = 3 [pid 3963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3963] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.599990][ T3961] loop0: detected capacity change from 0 to 512 [ 68.609689][ T3961] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.618316][ T3961] EXT4-fs (loop0): 1 truncate cleaned up [pid 3963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3963] close(3) = 0 [pid 3963] mkdir("./file0", 0777) = 0 [pid 3963] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3963] chdir("./file0") = 0 [pid 3963] ioctl(4, LOOP_CLR_FD) = 0 [pid 3963] close(4) = 0 [pid 3963] exit_group(0) = ? [pid 3963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3963, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3965 ./strace-static-x86_64: Process 3965 attached [pid 3965] chdir("./165") = 0 [pid 3965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3965] setpgid(0, 0) = 0 [ 68.646975][ T3963] loop0: detected capacity change from 0 to 512 [ 68.648617][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 68.663952][ T3963] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.673042][ T3963] EXT4-fs (loop0): 1 truncate cleaned up [pid 3965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3965] write(3, "1000", 4) = 4 [pid 3965] close(3) = 0 [pid 3965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3965] memfd_create("syzkaller", 0) = 3 [pid 3965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3965] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3965] close(3) = 0 [pid 3965] mkdir("./file0", 0777) = 0 [pid 3965] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3965] chdir("./file0") = 0 [pid 3965] ioctl(4, LOOP_CLR_FD) = 0 [pid 3965] close(4) = 0 [pid 3965] exit_group(0) = ? [pid 3965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3965, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 68.737227][ T3965] loop0: detected capacity change from 0 to 512 [ 68.746439][ T3965] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.754929][ T3965] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3967 ./strace-static-x86_64: Process 3967 attached [pid 3967] chdir("./166") = 0 [pid 3967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3967] setpgid(0, 0) = 0 [pid 3967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3967] write(3, "1000", 4) = 4 [pid 3967] close(3) = 0 [pid 3967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3967] memfd_create("syzkaller", 0) = 3 [pid 3967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3967] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3967] close(3) = 0 [pid 3967] mkdir("./file0", 0777) = 0 [pid 3967] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3967] chdir("./file0") = 0 [pid 3967] ioctl(4, LOOP_CLR_FD) = 0 [pid 3967] close(4) = 0 [pid 3967] exit_group(0) = ? [pid 3967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3967, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3969 attached [pid 3969] chdir("./167") = 0 [pid 3969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3969] setpgid(0, 0) = 0 [pid 3969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3631] <... clone resumed>, child_tidptr=0x555555e325d0) = 3969 [pid 3969] <... openat resumed>) = 3 [pid 3969] write(3, "1000", 4) = 4 [pid 3969] close(3) = 0 [pid 3969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3969] memfd_create("syzkaller", 0) = 3 [pid 3969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 68.807960][ T3967] loop0: detected capacity change from 0 to 512 [ 68.817804][ T3967] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.826746][ T3967] EXT4-fs (loop0): 1 truncate cleaned up [pid 3969] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3969] close(3) = 0 [pid 3969] mkdir("./file0", 0777) = 0 [pid 3969] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3969] chdir("./file0") = 0 [pid 3969] ioctl(4, LOOP_CLR_FD) = 0 [pid 3969] close(4) = 0 [pid 3969] exit_group(0) = ? [pid 3969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3969, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3971 ./strace-static-x86_64: Process 3971 attached [pid 3971] chdir("./168") = 0 [pid 3971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3971] setpgid(0, 0) = 0 [pid 3971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3971] write(3, "1000", 4) = 4 [pid 3971] close(3) = 0 [pid 3971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3971] memfd_create("syzkaller", 0) = 3 [ 68.866678][ T3969] loop0: detected capacity change from 0 to 512 [ 68.876410][ T3969] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.884961][ T3969] EXT4-fs (loop0): 1 truncate cleaned up [pid 3971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3971] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3971] close(3) = 0 [pid 3971] mkdir("./file0", 0777) = 0 [pid 3971] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3971] chdir("./file0") = 0 [pid 3971] ioctl(4, LOOP_CLR_FD) = 0 [pid 3971] close(4) = 0 [pid 3971] exit_group(0) = ? [pid 3971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3971, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3973 ./strace-static-x86_64: Process 3973 attached [pid 3973] chdir("./169") = 0 [pid 3973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3973] setpgid(0, 0) = 0 [pid 3973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3973] write(3, "1000", 4) = 4 [pid 3973] close(3) = 0 [pid 3973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3973] memfd_create("syzkaller", 0) = 3 [pid 3973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3973] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.930298][ T3971] loop0: detected capacity change from 0 to 512 [ 68.939642][ T3971] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.947658][ T3971] EXT4-fs (loop0): 1 truncate cleaned up [pid 3973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3973] close(3) = 0 [pid 3973] mkdir("./file0", 0777) = 0 [pid 3973] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3973] chdir("./file0") = 0 [pid 3973] ioctl(4, LOOP_CLR_FD) = 0 [pid 3973] close(4) = 0 [pid 3973] exit_group(0) = ? [pid 3973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3973, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3975 ./strace-static-x86_64: Process 3975 attached [pid 3975] chdir("./170") = 0 [pid 3975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3975] setpgid(0, 0) = 0 [pid 3975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3975] write(3, "1000", 4) = 4 [pid 3975] close(3) = 0 [pid 3975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3975] memfd_create("syzkaller", 0) = 3 [pid 3975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3975] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.976603][ T3973] loop0: detected capacity change from 0 to 512 [ 68.981032][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 68.994775][ T3973] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.003919][ T3973] EXT4-fs (loop0): 1 truncate cleaned up [pid 3975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3975] close(3) = 0 [pid 3975] mkdir("./file0", 0777) = 0 [pid 3975] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3975] chdir("./file0") = 0 [pid 3975] ioctl(4, LOOP_CLR_FD) = 0 [pid 3975] close(4) = 0 [pid 3975] exit_group(0) = ? [pid 3975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3975, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./170/binderfs") = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3977 ./strace-static-x86_64: Process 3977 attached [pid 3977] chdir("./171") = 0 [pid 3977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3977] setpgid(0, 0) = 0 [pid 3977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3977] write(3, "1000", 4) = 4 [pid 3977] close(3) = 0 [pid 3977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3977] memfd_create("syzkaller", 0) = 3 [pid 3977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3977] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.053019][ T3975] loop0: detected capacity change from 0 to 512 [ 69.056559][ T3633] Buffer I/O error on dev loop0, logical block 0, async page read [ 69.069735][ T3975] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.078887][ T3975] EXT4-fs (loop0): 1 truncate cleaned up [pid 3977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3977] close(3) = 0 [pid 3977] mkdir("./file0", 0777) = 0 [pid 3977] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3977] chdir("./file0") = 0 [pid 3977] ioctl(4, LOOP_CLR_FD) = 0 [pid 3977] close(4) = 0 [pid 3977] exit_group(0) = ? [pid 3977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3977, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./171/binderfs") = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3979 attached , child_tidptr=0x555555e325d0) = 3979 [pid 3979] chdir("./172") = 0 [pid 3979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3979] setpgid(0, 0) = 0 [pid 3979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3979] write(3, "1000", 4) = 4 [pid 3979] close(3) = 0 [pid 3979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3979] memfd_create("syzkaller", 0) = 3 [pid 3979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3979] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.124934][ T3977] loop0: detected capacity change from 0 to 512 [ 69.134310][ T3977] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.142938][ T3977] EXT4-fs (loop0): 1 truncate cleaned up [pid 3979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3979] close(3) = 0 [pid 3979] mkdir("./file0", 0777) = 0 [pid 3979] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3979] chdir("./file0") = 0 [pid 3979] ioctl(4, LOOP_CLR_FD) = 0 [pid 3979] close(4) = 0 [pid 3979] exit_group(0) = ? [pid 3979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3979, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3981 ./strace-static-x86_64: Process 3981 attached [pid 3981] chdir("./173") = 0 [pid 3981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3981] setpgid(0, 0) = 0 [ 69.180514][ T3979] loop0: detected capacity change from 0 to 512 [ 69.189863][ T3979] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.198204][ T3979] EXT4-fs (loop0): 1 truncate cleaned up [pid 3981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3981] write(3, "1000", 4) = 4 [pid 3981] close(3) = 0 [pid 3981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3981] memfd_create("syzkaller", 0) = 3 [pid 3981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3981] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3981] close(3) = 0 [pid 3981] mkdir("./file0", 0777) = 0 [pid 3981] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3981] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3981] chdir("./file0") = 0 [pid 3981] ioctl(4, LOOP_CLR_FD) = 0 [pid 3981] close(4) = 0 [pid 3981] exit_group(0) = ? [pid 3981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3981, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3983 ./strace-static-x86_64: Process 3983 attached [pid 3983] chdir("./174") = 0 [pid 3983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3983] setpgid(0, 0) = 0 [pid 3983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3983] write(3, "1000", 4) = 4 [ 69.250032][ T3981] loop0: detected capacity change from 0 to 512 [ 69.259703][ T3981] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.267673][ T3981] EXT4-fs (loop0): 1 truncate cleaned up [pid 3983] close(3) = 0 [pid 3983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3983] memfd_create("syzkaller", 0) = 3 [pid 3983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3983] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3983] close(3) = 0 [pid 3983] mkdir("./file0", 0777) = 0 [pid 3983] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3983] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3983] chdir("./file0") = 0 [pid 3983] ioctl(4, LOOP_CLR_FD) = 0 [pid 3983] close(4) = 0 [pid 3983] exit_group(0) = ? [pid 3983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3983, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./174/binderfs") = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.317162][ T3983] loop0: detected capacity change from 0 to 512 [ 69.326923][ T3983] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.335789][ T3983] EXT4-fs (loop0): 1 truncate cleaned up lstat("./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3985 ./strace-static-x86_64: Process 3985 attached [pid 3985] chdir("./175") = 0 [pid 3985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3985] setpgid(0, 0) = 0 [pid 3985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3985] write(3, "1000", 4) = 4 [pid 3985] close(3) = 0 [pid 3985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3985] memfd_create("syzkaller", 0) = 3 [pid 3985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3985] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3985] close(3) = 0 [pid 3985] mkdir("./file0", 0777) = 0 [pid 3985] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3985] chdir("./file0") = 0 [pid 3985] ioctl(4, LOOP_CLR_FD) = 0 [pid 3985] close(4) = 0 [pid 3985] exit_group(0) = ? [pid 3985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3985, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./175/binderfs") = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 [ 69.395363][ T3985] loop0: detected capacity change from 0 to 512 [ 69.405422][ T3985] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.414088][ T3985] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3987 ./strace-static-x86_64: Process 3987 attached [pid 3987] chdir("./176") = 0 [pid 3987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3987] setpgid(0, 0) = 0 [pid 3987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3987] write(3, "1000", 4) = 4 [pid 3987] close(3) = 0 [pid 3987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3987] memfd_create("syzkaller", 0) = 3 [pid 3987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3987] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3987] close(3) = 0 [pid 3987] mkdir("./file0", 0777) = 0 [pid 3987] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3987] chdir("./file0") = 0 [pid 3987] ioctl(4, LOOP_CLR_FD) = 0 [pid 3987] close(4) = 0 [pid 3987] exit_group(0) = ? [pid 3987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3987, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 [ 69.476651][ T3987] loop0: detected capacity change from 0 to 512 [ 69.486519][ T3987] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.495229][ T3987] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3989 ./strace-static-x86_64: Process 3989 attached [pid 3989] chdir("./177") = 0 [pid 3989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3989] setpgid(0, 0) = 0 [pid 3989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3989] write(3, "1000", 4) = 4 [pid 3989] close(3) = 0 [pid 3989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3989] memfd_create("syzkaller", 0) = 3 [pid 3989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3989] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3989] close(3) = 0 [pid 3989] mkdir("./file0", 0777) = 0 [pid 3989] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3989] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3989] chdir("./file0") = 0 [pid 3989] ioctl(4, LOOP_CLR_FD) = 0 [pid 3989] close(4) = 0 [pid 3989] exit_group(0) = ? [pid 3989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3989, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3991 ./strace-static-x86_64: Process 3991 attached [pid 3991] chdir("./178") = 0 [pid 3991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3991] setpgid(0, 0) = 0 [pid 3991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3991] write(3, "1000", 4) = 4 [pid 3991] close(3) = 0 [pid 3991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3991] memfd_create("syzkaller", 0) = 3 [pid 3991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3991] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.552357][ T3989] loop0: detected capacity change from 0 to 512 [ 69.562353][ T3989] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.571552][ T3989] EXT4-fs (loop0): 1 truncate cleaned up [pid 3991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3991] close(3) = 0 [pid 3991] mkdir("./file0", 0777) = 0 [pid 3991] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3991] chdir("./file0") = 0 [pid 3991] ioctl(4, LOOP_CLR_FD) = 0 [pid 3991] close(4) = 0 [pid 3991] exit_group(0) = ? [pid 3991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3991, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 [ 69.605659][ T3991] loop0: detected capacity change from 0 to 512 [ 69.614881][ T3991] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.623242][ T3991] EXT4-fs (loop0): 1 truncate cleaned up mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3993 ./strace-static-x86_64: Process 3993 attached [pid 3993] chdir("./179") = 0 [pid 3993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3993] setpgid(0, 0) = 0 [pid 3993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3993] write(3, "1000", 4) = 4 [pid 3993] close(3) = 0 [pid 3993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3993] memfd_create("syzkaller", 0) = 3 [pid 3993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3993] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3993] close(3) = 0 [pid 3993] mkdir("./file0", 0777) = 0 [pid 3993] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3993] chdir("./file0") = 0 [pid 3993] ioctl(4, LOOP_CLR_FD) = 0 [pid 3993] close(4) = 0 [pid 3993] exit_group(0) = ? [pid 3993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3993, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3995 ./strace-static-x86_64: Process 3995 attached [pid 3995] chdir("./180") = 0 [pid 3995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3995] setpgid(0, 0) = 0 [pid 3995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3995] write(3, "1000", 4) = 4 [pid 3995] close(3) = 0 [pid 3995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3995] memfd_create("syzkaller", 0) = 3 [pid 3995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [pid 3995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 69.675883][ T3993] loop0: detected capacity change from 0 to 512 [ 69.685435][ T3993] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.694004][ T3993] EXT4-fs (loop0): 1 truncate cleaned up [pid 3995] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3995] close(3) = 0 [pid 3995] mkdir("./file0", 0777) = 0 [pid 3995] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3995] chdir("./file0") = 0 [pid 3995] ioctl(4, LOOP_CLR_FD) = 0 [pid 3995] close(4) = 0 [pid 3995] exit_group(0) = ? [pid 3995] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3995, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3997 ./strace-static-x86_64: Process 3997 attached [pid 3997] chdir("./181") = 0 [pid 3997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3997] setpgid(0, 0) = 0 [pid 3997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3997] write(3, "1000", 4) = 4 [pid 3997] close(3) = 0 [pid 3997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3997] memfd_create("syzkaller", 0) = 3 [pid 3997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 69.737221][ T3995] loop0: detected capacity change from 0 to 512 [ 69.746518][ T3995] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.755018][ T3995] EXT4-fs (loop0): 1 truncate cleaned up [pid 3997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3997] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3997] close(3) = 0 [pid 3997] mkdir("./file0", 0777) = 0 [pid 3997] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3997] chdir("./file0") = 0 [pid 3997] ioctl(4, LOOP_CLR_FD) = 0 [pid 3997] close(4) = 0 [pid 3997] exit_group(0) = ? [pid 3997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3997, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 3999 ./strace-static-x86_64: Process 3999 attached [pid 3999] chdir("./182") = 0 [pid 3999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3999] setpgid(0, 0) = 0 [pid 3999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3999] write(3, "1000", 4) = 4 [pid 3999] close(3) = 0 [pid 3999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3999] memfd_create("syzkaller", 0) = 3 [pid 3999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 69.800187][ T3997] loop0: detected capacity change from 0 to 512 [ 69.805596][ T3633] blk_print_req_error: 29 callbacks suppressed [ 69.805611][ T3633] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 69.824292][ T3997] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.833232][ T3997] EXT4-fs (loop0): 1 truncate cleaned up [pid 3999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3999] munmap(0x7fd1fcc00000, 262144) = 0 [pid 3999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3999] close(3) = 0 [pid 3999] mkdir("./file0", 0777) = 0 [pid 3999] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 3999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3999] chdir("./file0") = 0 [pid 3999] ioctl(4, LOOP_CLR_FD) = 0 [pid 3999] close(4) = 0 [pid 3999] exit_group(0) = ? [pid 3999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3999, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555e33620 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./182/binderfs") = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555e3b660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e3b660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x555555e33620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e325d0) = 4001 ./strace-static-x86_64: Process 4001 attached [pid 4001] chdir("./183") = 0 [pid 4001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4001] setpgid(0, 0) = 0 [pid 4001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4001] write(3, "1000", 4) = 4 [pid 4001] close(3) = 0 [pid 4001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4001] memfd_create("syzkaller", 0) = 3 [pid 4001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd1fcc00000 [ 69.886455][ T3999] loop0: detected capacity change from 0 to 512 [ 69.896351][ T3999] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.905183][ T3999] EXT4-fs (loop0): 1 truncate cleaned up [pid 4001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 4001] munmap(0x7fd1fcc00000, 262144) = 0 [pid 4001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4001] close(3) = 0 [pid 4001] mkdir("./file0", 0777) = 0 [pid 4001] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, ",errors=continue") = 0 [pid 4001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4001] chdir("./file0") = 0 [pid 4001] ioctl(4, LOOP_CLR_FD) = 0 [pid 4001] close(4) = 0 [pid 4001] exit_group(0) = ? [pid 4001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4001, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0